Your Thoughts: Digital Voting & CyberSecurity
Following news that the UK government wants to implement digital voting in coming years, at the turn of 2017, the former head of MI6, Sir John Sawers claimed balloting with pencil and paper was much more secure. With the way the internet of things is taking the world by storm, and the digital era is ushering in much more efficient ways of life, digital, or online voting, seems inevitable. However, international cyber warfare is also a major concern, and many also believe online voting could jeopardise the system.
This week Lawyer Monthly reached out to Stephen Wright, Region Manager of eGovernment and digital security experts, Gemalto, who gave his insight on the phasing of digital voting.
How can online voting be made safe?
Online voting can be safe as long as there are robust security mechanisms in place, as well as strong identification and authentication solutions.
A successful eVoting process will involve the voter using an ID card, the system authenticating the user, and the voter then confirming their choice with a digital signature. In Estonia, for example, the iVoting app based on secure authentication technologies from Gemalto has been critical to this process, establishing the country as a digital innovator; the country has had an eVoting system in place for more than 10 years Through iVote technology, an anonymous envelope encrypts an individual’s vote. When the voter signs into the system to cast their vote, their personal data (or outer envelope) is added to the initial encrypted vote. To ensure a voter’s true will is reflected in their vote, they can vote again electronically during advance polls (without duplicating a vote).
Crucially, the encrypted vote and digital signature (or anonymous and outer envelopes) are kept apart, meaning it would be difficult to identify a voter and link them with a particular choice, adding an extra layer of privacy. Moreover, the system can only open the votes for counting if they are not connected to personal data. In other words, eVoting can make election tampering extremely difficult.
It’s also important to note that the electoral register database itself must be kept safe and protected from unauthorised access, using appropriate tools like data encryption and strong authentication.
Finally, identity re-validation is crucial. Currently, criminals and fraudsters have numerous aliases and bogus identities accepted as valid by the authorities. These might not even be detected by federated identity models, such as the UK government’s “Verify”, as the same bogus identity data may be held by various parties in a scheme. These fraudulent credentials can be transferred to digital transforms, unless some form of re-validation is performed. Ideally, when granting access to any new service, like online voting, an individual should be issued with a new strong authentication digital credential, rather than just a username and password.
What is wrong with manual voting that necessitates a digital platform?
There are many benefits to a digital platform. In the mobile age, why should voting be linked to polling stations? Why should the elderly or disabled need to travel to cast a vote? In the 21st century, shouldn’t they be able to vote from the comfort of their own homes? Digital voting can reduce citizen’s constraints of both time and geography and the electoral process becomes more flexible and convenient. There’s evidence to suggest it increases voter participation, too. In the Estonian parliamentary elections of 2015, total participation increased to 64.2% from 61.9% in 2007. Plus, the percentage of iVoters increased from 5.5% in 2007 to 30.5% in 2015. Electronic voting can also reduce the administrative burden and costs involved in counting and collecting votes, while increasing confidence in the electoral system. Voter registration, identification and authentication can be rendered quick and simple with an electronic voting system.
What evidence exists to backup the claim that online voting would be more prone to fraud?
Fraud is a problem across the cyberworld, but it can be prevented through techniques like advanced encryption and strong authentication, deployed by Gemalto for the iVoting app. It’s important to note that traditional voting processes are not immune to fraud. Online systems, such as the Estonian version, rigorously anonymise the entire process and only allow votes to be counted once the personal data component has been removed. Consequently, voter intimidation and election tampering become far more difficult.
We would also love to hear Your Thoughts on this, so feel free to comment below and tell us what you think!
