UK Considers risky online voting…Safe enough for democracy?

Guardian article, apparently titled by an editor who trusts MPs opinions more than scientists and experience: Why electronic voting isn’t secure – but may be safe enough <read>

Safe enough, not for democracy. The link to the article says it better “Why Electronic Voting is NOT SECURE.

From the Article:

The UK has run trials for local elections before – in 2002, 2003 and 2007 – and Estonia famously became the first to offer online voting for its general election for parliament in 2007.

However, Meg Hillier, Labour MP and member of the digital commission that wrote the 2020 report, admitted that the team was “not set up to investigate in detail the issues of security and the mechanisms for delivering that,” hoping that the Electoral Commission “and others will take that on”…

The MPs debating that report all accepted that e-voting security was a concern, but believe the challenges are outweighed by the benefits.

Campaign group WebRoots Democracy laid out the argument for online votes in its own report, claiming two thirds of respondents to a survey would be more likely to vote if they could do so online, and that’s particularly true for younger voters.

Plus, the report claimed online voting would cut the cost per vote by a third to £2.59 and reduce the number of accidentally spoiled ballots.

Those same promises have been made before, each time the UK has previously trialled the idea. In 2002, five city councils let voters cast a ballot by home internet, text message and “kiosk”; in 2003, that was expanded to 14 councils.

Turnout increased by an average 4.9 points, but varied widely, with South Tyneside leaping by 20 percentage points and Vale Royal sliding by two points.

Following the 2003 elections, a report by the BBC showed e-voting “failed to make much of an impact”. Voters were given a ballot number and a PIN, but there were issues with technology – in St Albans, PCs in polling booths had connectivity issues and had to be abandoned for paper ballots…

All of the potential benefits are moot if we can’t trust the result, but so far there haven’t been any attacks against e-voting systems – or at least none we’re aware of.

As a report into e-voting in Switzerland from Harvard’s cyber law department pointed out, the digital option has remained poorly used by the electorate.

“It is reasonable to assume, however, that the systems will be exposed to higher numbers of attempted attacks and manipulation as the use of e-voting becomes more widespread,” the report noted.

If the government does press forward with e-voting trials, as it appears set to do, it needs to get some experts in, Anderson said – and there’s one Green politician who knows the issue inside and out.

UK should consider e-voting, elections watchdog urges

Despite spending years developing GNU.FREE, a free online voting system, Jason Kitcat – leader of Brighton and Hove City Council – isn’t a fan of e-voting (nor is his party).

“Through working on this I came to the conclusion, now shared by most computer scientists, that e-voting cannot be delivered securely and reliably with current technology. So I stopped developing the system but continued to campaign on and research the issues,” he said…

“When I and colleagues have monitored trials we have always observed serious flaws in the security and reliability of the systems used,” he said. “Yes, we have found problems every single time, and we have documented these at great length in peer-reviewed articles.”

Kitcat argued there are three requirements for robust political elections: security, anonymity and verifiability. “Meeting those three requirements is a very difficult problem quite unlike other transactions,” he said….

”Online banking suffers problems but refunds are possible after checking your bank statement. You can’t ‘refund’ a vote and ‘vote statements’ can’t be provided to check your vote was correctly recorded as that would enable vote selling and coercion.”
All that paper in standard ballots may seem old fashioned, but it leaves a trail that votes cast from PCs and phones don’t, agreed other experts. “There’s a fundamental conflict between verification and keeping votes anonymous,” Jim Killock, executive director of the Open Rights Group. “Paper ballots do this very neatly but computers find this hard because they leave audit trails.”

Voting away from polls raises the spectre of vote manipulation, explained Ross Anderson, a computer security professor at the University of Cambridge.

“When you move from voting in person to voting at home (whether by post, by phone or over the internet) it vastly expands the scope for vote buying and coercion, and we’ve seen this rising steadily in the UK since the 2001 election where postal votes first became a right,” he said. “All the parties have been caught hustling up the vote in various ways.”…

“Internet voting is frankly scary,” he said. “When security experts looked at the Estonia election, they were shocked at how easy it was to defraud the system and steal votes … We shouldn’t gamble with democracy.”

Lack of transparency is another major security issue – especially if the data collection, analysis and storage happens in IT systems that aren’t fully transparent or are difficult to understand.


Leave a Reply

You must be logged in to post a comment.