In a world that is rapidly becoming fully digital, holding electronic elections can seem like an easy task. However, for most of the world, the proven paper-based voting system is still the preferred choice.
One of the reasons for this is sheer inertia. It is not easy to simply change such a massive and entrenched system overnight. Another important factor is being careful about maintaining the integrity of the elections.
The nature of paper voting fraud is well known, but once you go digital there is a whole new set of variables in the game. Nevertheless, electronic voting is approaching, and the next time you approach the ballots, you will most likely press a button on the machine, rather than make a mark on a piece of paper or a punched card.
The big question, then, is whether it is safe to vote electronically and does the election get in the way of getting involved?
What does an “electronic” vote mean?
There are various forms of e-voting and the security measures are different for each. Electronic voting broadly means collecting votes using a computerized system. Voting machines that read punched cards are also, strictly speaking, a broad range of electronic voting. But these types of machines are usually not what they talk about when the term “electronic voting” is used.
Instead, they either involve the use of so-called “electronic direct recording systems” or online voting using devices such as a computer or smartphone.
What are the benefits of electronic voting?
Elections are expensive, labor intensive and can take a long period of time, which affects productivity at the state or country level. If everyone could vote electronically, this would mean very fast and accurate counting of votes. Fewer people will need to be hired to manage the elections. You also eliminate the transport of tons and tons of paper along with the security infrastructure to ensure that these votes make it safely to the counting point.
Autonomous voting machines also offer a lot of flexibility when it comes to user interaction. For example, voters with disabilities can choose from several accessibility options to help them vote independently and with dignity.
Electronic direct recording systems do not have paper versions of voices, and all voices are recorded on some kind of storage device. This data is added to the counter. Obviously, since everything is done electronically, there can be no errors in counting, and the results are available immediately. At least in an ideal world, this should work.
The main advantage of online voting is that voters can cast their vote from home, from another country, or anywhere else with an Internet connection. Which could theoretically increase voter turnout and allow the public to vote more often on more issues. Instead of costly referendums on only the biggest issues. In other words, it can be a tool for expressing democracy more clearly.
How does electronic voting work?
The short answer, from the voter’s point of view, is that it should work much like voting on paper. Assuming you’ve verified your voting rights, you walk up to your car, follow the instructions, and then vote for the candidates you want. Your vote must be securely stored and counted.
Online voting involves logging into a voting system, going through some identity verification process, and then voting. Online voting is not suitable for state elections and has too many problems affecting integrity, but it finds application in private business for things like shareholder voting.
With the advancement of various technologies, we may one day see online voting safe enough to be used in a general election.
What are the main security risks?
The security risks associated with electronic voting depend on the specific type of electronic voting being discussed.
The main risk associated with direct recording electronic voting machines is the absence of a paper trail. Electronic machines using punched cards make an electronic copy of the original paper record. This means that officials can go back to the punched cards to check the electronic invoice.
While it is relatively easy to see if a paper card has been tampered with or invalidated, it may not be possible to know if the digital data in the DRE machine has been tampered with. Thus, the security of a given DRE machine relies heavily on data redundancy and how the results can be independently validated, or how data tampering can be detected.
How can hackers tamper with electronic voting?
First of all, it should be said that there is no 100% tamper-proof system. In any voting system, there will always be some measure of fraud or vulnerability. So the real question is whether the overall level of risk posed by electronic voting is acceptable. Especially compared to the risks of adopted analog voting systems.
One of the biggest challenges to e-voting is that determining if digital data has been tampered with can be difficult. Depending on how this data is stored, encoded and transmitted. This is why there is a reluctance to accept machines for direct recording, because there is no secondary recording against which to check.
This means that if these machines have been compromised and a real scam has occurred, we may never know. What we do know is that vulnerabilities in some machines have been demonstrated in a lab environment.
There are also a number of confirmed forensic results of the voting data that were tampered with or that the machines themselves were tampered with. In 2019, TV host John Oliver posted an excellent overview of the security issues of electronic voting machines in the US, and we recommend it as a good starting point for understanding key issues.
However, here we can summarize some of the main attack vectors:
- Access to the people who program and control the DRE machines.
- Access to software loaded into the DRE
- Direct physical access to the DRE machine (eg USB malware attack).
- Network access to DRE machines that are not isolated.
As is usually the case with hacking, security weaknesses are often human rather than digital. Therefore, dedicated hackers can target every link in the chain leading to the final electronic counting of the voting machine data, with a particular focus on the people who are part of that chain.
Is voting online safe?
This is a difficult question, and it cannot be said that the answer will be unequivocal: yes or no. One problem is that two different voting machines can have very different vulnerabilities.
Therefore, the most important thing you can do is find out which model and make of voting machine you will be using at a polling station in your state or at your local polling station. Do a little research to see if this car has been inspected by independent security experts to decide if you feel comfortable voting with it.
Electronic voting should also not be viewed in isolation. There are worrying signs that voter behavior “hacking” may occur through platforms such as social media, using disinformation and consistent bot networks.
If you’re artificially manipulating voter sentiment, you don’t need to hack DRE machines at all! So consider the quality of the information you base your vote on, it might be you who were hacked, not the machine that receives your voice.