Electronic Voting – Response to Scottish Government’s consultation on Electoral Reform

Open Rights Group’s submission to the Scottish Government’s consultation on Electoral Reform focusing on the calls to trial electronic voting.

Elections have to satisfy three conditions, they must be:

  • Secure – your vote has to be secure, steps must be taken to make sure that it can’t be tampered with; but also
  • Anonymous – Your vote can’t be traced back to you, protecting you against coercion; but also
  • Verifiable – It has to be shown that one person cast this one vote, and didn’t cast another to be counted, but also continue to be secure and anonymous.

This is an incredibly difficult task to balance these three conditions against one another without undermining one for the sake of the other.

All voting systems should be subjected to this test, whether it is pencil and paper, electronic kiosk or online voting. Electronic voting is unable to satisfy these criteria.

Open Rights Group supports efforts to increase democratic participation but does not consider electronic voting to be the right path to achieve this. We recommend the Scottish Government decides against holding electronic voting trials and focuses on other areas instead.

 DOES ELECTRONIC VOTING IMPROVE TURNOUT?

Case studies from around the world conclude that it does not.

Norway

  • Trials in 10 of Norway’s 429 municipalities in 2011: two research centres carrying out quantitative and qualitative methods to study, amongst other things, participation and turnout.
  • Results on turnout:
    • Internet voters are quite similar to paper-voters on most of the variables.
    • Those municipalities with an especially high turnout of internet votes do not have a higher turnout than the country as a whole.
  • Found no evidence of voters being mobilised to take part in the election as a result of internet voting.
  • 89% of internet voters respond that they woould have voted even in the absence of online voting option.
  • The analysis indicates that the trials did not have an effect on voter turnout.
  • The analysis indcates that younger voters (reducing the voting age was also trialed alongside internet voting in one municipality) preferred to walk to the polling station on Election Day, seeing it as symbolic and ceremonial that indicates maturity.
  • The trials were run again in 2013, the same outcomes were recorded and the Norwegian Government ceased its online voting trials.

Estonia

  • Consistently used internet voting for a number of years since 2007 so has provided a rich dataset for analysis.
  • 8 election cycles have included internet voting in some form including local, national, and parliamentary elections.
  • Research published Spring of last year found that there is no effect on internet voting on voter turnout, even if the use of internet voting increased during the time period.
  • Voters that already vote choose to use the new voting approach, but it fails to attract new voters.

The conclusions were that the option of electronic voting allowed individuals who were already going to vote to vote online. No significant increase in voter participation was recorded.

Elections on issues that truly matter to people increase participation, not changing voting methods – Scotland’s Independence referendum should be indicative of what increases democratic participation.

SUMMARY OF OPEN RIGHTS GROUP’S RESEARCH (UNITED KINGDOM AND ESTONIA) 

United Kingdom

  • Open Rights Group received technical observer status at 2007 pilots and visited 3 online voting sites – one for each provider of electronic voting systems (Tata, Election Systems & Software GmbH, and Opt2vote Ltd).
  • ORG was unable to examine or verify the servers or systems used in any meaningful sense.
  • No matter what access was provided, fundamentally the servers are opaque to the human eye – no observer would be able to examine what the server was doing, what data it was sending and receiving or whether problems were occurring, without detailed technical access to the software and its operating system, yet it would be inappropriate and is clearly against the guidelines for observers to handle anything to do with the running of the election.
  • Rushmoor and South Bucks constituency was shown to be running software which would be vulnerable to attacks; allowing an attacker to steal authentication details submitted, monitor how users had cast their votes or modify the ballot appearance to throw the election results.
  • E-voting turnout was 50.58% in South Bucks (16.3% of the votes cast were by phone or internet).
  • In South Bucks and Swindon votes were downloaded and counted on computers controlled by supplier’s staff without any candidate, agent or observer able to examine the process.
  • The amount of information provided to candidates and their agents was wholly insufficient to be able to verify in any meaningful sense that the results were accurate before accepting their declaration:
    • Nothing in the process of downloading and counting e-votes was open to observation and verification.
    • No methods or opportunities were provided for candidates, agents or observers to verify the security and accuracy of the software used nor the results the software produced
  • The Electoral Commission also released a report on these pilots, they saw similar outcomes in turnout and expressed concern about
    • The planning process;
    • The quality assurance process;
    • Time allocation for preparation.
  • The Commission concluded that without changes in these areas they could not support any further e-voting pilots.

Estonia

  • ORG participated in a peer-reviewed independent report on E-voting in Estonia with an independent group of international experts with experience of analysing e-voting systems around the world.
  • Estonia’s system places extreme trust in election servers and voters’ computers – both easy targets for a foreign power.
  • The authors reproduced the e-voting system in their laboratory using the published source code and client software, which they then attempted to attack.
  • Malware that rigs the vote count
    • The e-voting system places complete trust in the server that counts the votes at the end of the election process.
    • Votes are decrypted and counted entirely within the unobservable “black box” of the counting server, creating an opportunity for an attacker who compromises the server to modify the results of the vote counting.
    • Researchers demonstrated that they can infect the counting server with vote-stealing malware – the attack’s modifications would replace the results of the vote decryption process with the attackers preferred set of votes, thus silently changing the results of the election to their preferred outcome.
  • A bot that overwrites your vote:
    • Although Estonia uses many security safeguards – including encrypted websites, security chips in national ID cards, and smartphone-based vote confirmation – all of these checks can be bypassed by a realistic attacker.
    • A voter’s home or work computer is attacked by infecting it with malware, as millions of computers are every year.
    • Malicious software could be delivered onto an individual’s machine that would then observe a citizen voting then could silently steal the PIN codes required to use the voter’s ID card.
    • The next time the citizen inserts the ID card – say, to access their bank account – the malware can use the stole PINs to cast a replacement vote for the attacker’s preferred candidate.
  • The report recommended Estonia to discontinue the use of e-voting system to maintain the integrity of the Estonian electoral process.

DOES ELECTRONIC VOTING IMPROVE ACCESSIBILITY?

Not necessarily. The Electoral Commission runs working groups looking at the accessibility of voting with individuals living with disabilities. The feedback when discussing options are often that they would prefer methods that facilitate visits to the polling station, not replacing that trip by softly forcing them to vote online.

Supported methods to do this include:

  • Choosing which polling station to vote in.
  • Voting on days other than on a Thursday, for example the weekend.
  • Voting in mobile polling stations in hospitals, nursing homes or care homes and in remote areas.

E-VOTING’S INSOLUBLE PROBLEM

Much academic work has been done to improve the security of electronic voting, including advocates of block-chain technology to increase verifiability and the use of advanced cryptographic tools to secure the votes. These methods are admirable but these technical solutions risk compounding a political problem: the disgruntled loser.

The key to democracy is not the winning and taking power, it is the counting of votes, the losing, and the acceptance of that result. The disgruntled loser, and their supporters, need to be satisfied that despite all their best efforts they have lost and lost fairly. The level of scrutiny a paper ballot is subjected to confirms this.

These systems may provide proof and security, but they do it through advanced technological methods that can’t be easily audited by the human eye, certainly not as straightforwardly as pencil and paper. What this allows is for aspersions to be cast on the outcome of an election, something which can occur all too easily in these fractured political times with foreign actors interested in the outcome of many elections. Electronic voting provides enough opacity that we risk opening Scotland’s democracy up to that vulnerability.

Open Rights Group supports efforts to increase democratic participation but does not consider electronic voting to be the right path to achieve this. We recommend the Scottish Government decides against holding electronic voting trials and focuses on other areas instead.

Other options that may improve participation in democracy include improving accessibility by:

  • Improving accessibility by allowing voting on more than one day;
  • Allowing voting at any polling place in Scotland;
  • Using mobile polling places.