The use of internet – or electronic – voting in elections is growing. But there are still plenty of concerns about reliability, safety and privacy. Will electing your government via the tap of a smartphone ever catch on?
Next month people in the UK will vote in a general election, heading to polling stations at schools, libraries and other public buildings to put a cross on a piece of paper.
In the digital era, it all seems quaintly archaic.
Bad weather can put people off going to vote, while others forget to register or might be away on holiday and not have arranged a postal vote.
Couldn’t technology remove some of these barriers to democratic involvement?
Estonia certainly thinks so.
About 14 countries have used some form of online voting, but Estonia was the first to introduce permanent national internet voting.
The small Baltic state began using online voting in 2005, and i-voting has served in eight elections. In the 2005 local elections, only 1.9% of voters cast their ballot online, rising to more than 30% in the most recent parliamentary election.
“I-voting has become massive, and statistically there is no such thing as a typical i-voter,” says Arne Koitmae, deputy head of Estonia’s Electoral Office.
“All voters, irrespective of gender, income, education, nationality and even computer skills, have the likelihood of becoming an i-voter,” he says.
Online voting is a good way to engage with younger voters, busy workers, and even Estonians living abroad, Mr Koitmae says. “In 2015, Estonians living in 116 different countries participated in the elections using internet voting.”
However, it does not seem to have increased the total number of people voting, he says. Rather, people have changed their preferred method of voting.
Since Estonia’s i-voting began, there have been no serious security issues, Mr Koitmae says. The technology and processes used are updated regularly based on technical advances and experiences from each election.
A crucial part of Estonia’s system is that online voting is linked to the country’s state-of-the-art electronic identity cards – carried by every citizen and resident.
Digital ID cards allow for the secure authentication of the owner online, and enables a digital signature to be linked to the account. Newer cards include an electronic copy of the owner’s fingerprints.
Estonian voter Igor Hobotov says the ID-linked i-voting system makes him feel a lot more secure when voting than a paper-based method. In fact, he says he might not vote at all if the online option was not available to him.
“I have e-voted multiple times, in local elections and parliament elections. Mostly I’ve been at home, but once I even voted on holiday from Cape Town. I prefer to e-vote because it is more convenient and more secure – we have a digital ID card with [strong] encryption, which is really, really hard to hack,” Mr Hobotov says.
“I can vote without any hassle, just sat at the computer. I would probably never vote if I had to go somewhere to do it.”
More Technology of Business
Australia’s state of New South Wales allows voters with impaired vision, other disabilities, those in rural areas, and those not present in the state on election day to vote online or via telephone in state general elections.
A few municipalities in Canada allow for online voting in municipal elections, but the government has specifically decided against it for federal elections.
Norway tested i-voting in parliamentary elections in 2011 and 2013, but decided to discontinue online voting due to political disagreement and voters’ concerns.
And France previously allowed citizens living abroad to cast their vote online in legislative elections, but has disallowed this for the upcoming June legislative elections amid cyber-security concerns.
Would Estonia-style i-voting work in the UK?
Recently, a special report by the Digital Democracy Commission recommended that by 2020, secure online voting should be an option for all voters.
UK voter Matthew Burton says he definitely wouldn’t switch the paper and pen vote for an online system.
“Voting is an important activity, and something people have died for and continue to die for. It should be more important than pressing a button on a smartphone on your way to work or when you’re out with friends,” he says.
Not only could i-voting trivialise the process, he says, there may also be security concerns – not just over voter fraud, but also ballot secrecy. Would some people be scared to vote knowing it might not be 100% secret, he wonders.
Stephen Schneider, professor in security for the department of computer science at the University of Surrey, says the success of Estonia’s system lies in the fact it was built from the ground up, supported by a solid infrastructure including the digital identification system.
“Their digital ID cards underpin the whole thing,” Prof Schneider says. “Without it, it would be like building [a voting system] on sand.”
To make i-voting work in the UK, several changes would be needed, including introducing electronic ID cards.
The technical ability for digital identification is certainly already here. One company is even trialling smartphone-based selfies for voter authentication.
The real risk
However, Prof Schneider says the necessary changes pose more of a societal challenge, as many people are uncomfortable with registering personal data, such as with ID cards.
Prof Schneider says the main security threat to online voting would be from malware on personal computers, which could potentially change votes cast via the internet.
Similarly, the use of internet-enabled voting machines in polling stations is “not really very secure”, he says. Many older machines, some used in the US, are “more easy to subvert”.
However, security software company Symantec says individual voters are not at any real risk, and it has not seen a single incident of external attackers interfering with voters.
Symantec believes large-scale attackers – including state-sponsored hackers – prefer to target political systems more generally, for example, the cyber-attack on the US Democratic Party in 2016.
“State-sponsored attack groups are not interested in affecting individual voters. What they are interested in is affecting the outcome of these election events,” Dick O’Brien, threat researcher at Symantec says.
Politicians and political parties are the “low-hanging fruit” for attackers, he says, because of the often chaotic nature of communications within these organisations.
And with a number of elections coming up across Europe, he says, it is not the individual voter who must remain vigilant, but politicians and political parties.