We bank online; we pay our taxes online; we pay bills online; we shop online; why can’t we vote online? As we get ready to head off to our designated polling stations throughout the country to post our vote for the General Election on 7th May, this perplexing question is still vexing many. Voting electronically would certainly be more convenient and could well significantly increase turnout, yet security specialists cast warnings across the bows and warn that voting online is not safe.
What you might not be aware of is the Electoral Commission’s attempt to take the prcoess further by launching an online registration scheme in April that allowed the public to register to vote, quickly and efficiently; according to the Commission’s statistics, more than a million applications to vote were made in just four weeks. But that’s just the first step; the next step – actually putting a cross next to the party of your choice online – is another matter entirely, and that’s the crux of the matter for security specialists.
That’s not to say that e-voting hasn’t been used in other countries, it has. There are two forms of e-voting: using a machine located at a polling station instead of pencil and ballot paper, or placing your vote via the Internet. At the Indian elections, officials were praised for using the machine at polling stations for speeding up the counting process and being easy to use; however, there was equal criticism due to it’s susceptibility to fraud. Estonia has used e-voting for a while in local, European and general elections and analysis of statistics has shown that voter turnout has increased due to the availability of e-voting; but that doesn’t mean the cloud of security hasn’t risen. The conclusion of independent analysis on security was: “The Estonian system uses a security architecture that may have been adequate when the system was introduced a decade ago, but it is now dangerously out of date.”
Estonia’s parliament retaliated in a statement last year: “In the past decade, our online balloting has stood up to numerous reviews and security tests. We believe that online balloting allows us to achieve a level of security greater than what is possible with paper ballots.”
Has the UK dabbled in e-voting?
Well, yes, we have dabbled. In 2003, seventeen councils attempted using electronic voting machines for their local elections and whilst turnout wasn’t significantly higher and some malfunctions with the machines meant that one council had to revert to pencil and paper, it wasn’t necessarily dismissed. But that was in the days before smartphones, social media and increased use of the Internet. As the younger hi-tech generation reach voting age, it’s becoming alien to them to not be able to vote online, which has brought the whole subject of e-voting into the limelight again.
David Emm, principle security researcher at Kaspersky Lab, commented: “If we want to have a sustainable democracy we’re going to need to embrace it. As people who are used to doing things online hit voting age, they’re going to expect to be able to do it.”
The positives and the negatives
The main benefits are that it is easier, quicker, more efficient and would potentially increase voter turnout on polling day. Then there’s the added benefit that it could well prove to be cheaper for councils and the government… “And reduce the number of accidentally spoiled ballots,” says Dr Kevin Curran, a computer science reader at the University of Ulster and a senior member of the IEEE (Institute of Electrical and Electroncis Engineers). He adds: “The ‘no brainer’ for electronic voting is reduced costs; online voting would cut the cost per vote by a third.”
So, what’s holding it back? Stopping the cybercriminals and hackers from gaining access to the system and wrecking the voting process, or interfering with the results. Now that’s a big question. By nature, voting has to be anonymous; so, how do you handle the automatic verification process to ensure that a vote is a true vote, and not one posted by a hacker of bot program. What if somebody’s credentials have been compromised? Who voted using that person’s name and verification?
Emm at Kaspersky said: “There’s the issue of somebody being tricked into a site that isn’t the legitimate online voting site – which is ‘phisihing’ pure and simple.” He added: “If you take a marginal seat and something like this happened it could potentially change the whole complexion of the government.”
Without doubt, online voting will happen at some point in the future. Indeed, the House of Commons speaker, John Bercow, has stated that he wants e-voting ready to go by the 2020 general election! In establishing the Digital Democracy Commission, he has called on the government to introduce a new strategy that will modernise the UK’s voting system.
The Commission said: “The concerns about security must be overcome. Once this is achieved, there will be an urgent need to provide citizens with access to online voting and the UK must be prepared for this.” It added: “The new online registration system could be a cornerstone of a future online voting system, although it would not solve the problem of verifying the identity of people when casting their vote online.”
As some security analysts take a deep breath believing this ambition being a step too far, others aren’t so hesitant to step forward and say, technologically speaking, who knows what can happen in five years’.