Locking down e-voting systems is not so easy


Stuart Corner
Contributor

Creating an impenetrable and robust e-voting system, according to two leading researchers in cryptography, is nowhere close to being created. A complicated problem, with global experts rushing to solve, is influenced by the power of information and who holds that power.

Despite all measures in place, systems are biased by their creators and have inherent flaws despite all efforts, says Dr Vanessa Teague, chief executive officer of Thinking Cybersecurity and an associate professor (adjunct) in the Research School of Computer Science at the Australian National University.

SWYCB: Dr Vanessa Teague, Corrie McLeod and Eleanor McMurtry

The problem of ensuring the integrity of electronic voting systems, Dr Teague says, is simple to state but very difficult to solve.

“The fundamental design problem of voting is getting a public evidence trail out of secret ballots. If you didn’t care about voter privacy or coercion, online voting would be really easy,” Dr Teague said.

“It’s verifying that the votes haven’t been fiddled, at the same time as protecting the privacy of individual voters.”

Estonia is reported to lead the world in making digital voting a reality. “Olivier Pereira recently published a note explaining that a malicious voting device could undetectably fiddle the vote in the Estonian electoral system and defeat the verification mechanisms they have in place.”

Eleanor McMurtry completed a master’s degree at the University of Melbourne where she studied applied cryptography for e-voting (and where she is currently a PhD candidate). What she has to say about e-voting would be music to Donald Trump’s ears.

“There are many ways that can go wrong – people can be misled, coerced or defrauded.”

Ms McMurtry’s master’s thesis introduced a new approach to secure and private remote voting by combining cryptographic tools with the existing postal voting system.

She points out that in traditional voting this problem is easily solved: each voter votes alone in the booth, then lodges their vote in public by dropping it into the voting paper box.

“Everybody votes in secret, but there’s public verifiability of the process showing us that nobody fiddled the results. We don’t know how to do that over the internet,” she said.

Ms McMurtry and Dr Teague spoke with InnovationAus.com publisher Corrie McLeod as part of See What You Can Be, a series of interactive video podcasts championing Australia’s extraordinary female changemakers who are blazing new pathways across the STEM sector.

This episode focused on the cryptographic protocols that support a free and democratic society – such as the limitations of electronic elections, privacy and big data.

Dr Teague has co-designed numerous protocols for improved election integrity in e-voting systems and has co-discovered serious weaknesses in the cryptography of deployed e-voting systems in New South Wales, Western Australia and Switzerland.

She was also responsible for demonstrating, with others in 2017, how easy it was to identify doctors and patients in the Medicare/PBS open dataset released by the Australian Department of Health.

She is still unhappy with the government’s lack or response: “It’s still not too late for them to tell the affected people that they published their identifiable medical records online.”

Dr Teague says it was possible to identify individuals from the dataset through searching for those with just a few specific attributes.

“There might be thousands of babies born on the same date, but if a mother already has two or three children, the likelihood that there’s another Australian mum out there who perfectly lines up with her lockstep for two or three childhoods is basically zero.”

Ms McMurtry is now studying for a PhD in theoretical cryptography at ETH Zürich, a discipline they say underpins the kind of research Dr Teague is doing but is not easy to explain.

“We have applied cryptographers like Vanessa, who take the building blocks we take for granted to encrypt a message or do a digital signature to verify who wrote a message. What I’m interested in is how these systems actually work,” Ms McMurtry said.

“How can we rephrase these ideas of security and privacy mathematically — nebulous ideas that are hard to pin down — so we can be absolutely sure that what we’re doing is correct?”

Cryptography is in a race to beat the development of quantum computing which, it is said, will be easily able to defeat current encryption algorithms. Ms McMurtry says there is no need to panic.

“We have backup plans – quantum computing doesn’t break everything instantly. And, there’s lots of interesting things you can do with a quantum computer that you cannot do without one, including cryptography.

“This is still a very hypothetical area. We have lots of things that we’re pretty sure are still secure, even if we build a quantum computer. And there’s way more things that we haven’t even begun to think of that may be possible.”

Find out more about See What You Can Be, where insightful women share what they have learned on their STEM journey – including success stories, opportunities and barriers to entry – while encouraging viewers to challenge outdated stereotypes.

Are you interested in supporting the See What You Can Be series? Find out how you can become a Sponsor.

InnovationAus.com has partnered with Cool Australia to make the video recordings and assets available to teachers all over Australia as resources, should they fit elements of their teaching focus.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories