Online voting: do it open source or not at all

Liam Tung

With the 2020 US presidential election over and the result all but declared – and with the COVID-19 pandemic raging on across the world – online voting seems like an obvious choice for democracy in the digital age. But is not as simple as it looks.

The pandemic reshaped the 2020 US presidential election, spurring higher postal votes and more interest in online voting.

In Europe and the US, where voters aren’t fined for not casting a ballot on election day, online voting could boost participation and deliver faster results than postal counts. In Australia, online voting could be more convenient for voters too, but there are serious hurdles to implementing it.

Identity visa processing
Online voting needs open and verifiable systems said Professor Vanessa Teague

“It’s very easy for Australians to feel a bit smug about election security. We look at America – it’s a debacle,” says Thinking Cybersecurity chief executive and ANU adjunct associate professor Vanessa Teague, a noted critic of online voting systems.

“We think election interference and insecure election systems is something that happens in other countries. People say, ‘Here in Australia, we don’t have that kind of stuff.’ But we do have these kinds of problems.

Professor Teague and several colleagues last year probed the shuffling and decryption components of Switzerland’s online voting system. It was relevant to New South Wales’ iVote online voting system because both were developed by Scytl, a company headquartered in Barcelona that specialises in secure electronic voting.

However, Swiss Post, Switzerland’s national postal service, published its shuffling and decryption code six months before it intended to use it for an election so that researchers like Professor Teague could vet the system for flaws.

The NSW government took a different tack. It rolled out iVote with Scytl code in 2015, after an initial trial in 2011. While it hired a major consultancy to audit its tech, Professor Teague notes that the NSW government did not release its source code for public review until four months after the 2019 state election.

The problems for NSW voters were legal and technical.

“The Swiss transparency law specified that if the system was to be used by up to 100 per cent of the voters it had to have a period of open and public review, well ahead of the election,” she said.

“We found two errors. One [was] in the proof that they were shuffling correctly without dropping or adding votes. The other was that they were decrypting correctly without telling lies.”

Online voting is not new. Estonia, wedged between Sweden and Russia, was the first country to enable online voting in 2005.

In 2017, after Russia’s alleged interference with the 2016 US presidential election, Estonia implemented anti-tampering features called “end-to-end verifiability”.

Rolling out a voting system like Estonia’s is not simple. Voters have a national ID card issued by banks. Voters also need a card reader that costs around $50.

There are education challenges too. A voter needs to place the national ID card into a card reader, open a web page for voting, and then verify their identity via a PIN code. On the server side, the election authority needs to confirm the person is who they say they are, confirm the person is eligible to vote, and then prove the vote was cast how the voter intended it.

What does end-to-end verifiability have to do with NSW iVote?

“Not much,” says Professor Teague.

“We want a way for the voters to verify that the vote they made was their true intention. iVote didn’t have that. It had a closed source verification app, designed and built by the same foreign software company that built the voting app in the first place.

“If you didn’t trust Scytl to encode your vote correctly, you could ask Scytl whether they’d done the right thing or lied when they encoded that vote,” she said.

iVote had a secret bulletin board that only allowed NSW government insiders to see what the encrypted votes were. It also relied on a single mix server – a piece of software that was meant to unlink identities from their votes – but the architecture meant that anyone with access to the server can link incoming ballots with ballots sent to the vote-capturing server.

“It kind of defeats the purpose because that server knows exactly the correspondence between incoming and outgoing votes. It doesn’t really do anything for privacy because whoever can read the data from that server knows how everybody voted.”

Professor Teague tells InnovationAus that there is a US-based system called risk-limiting audits that can help prove that online votes are counted accurately. The problem is that iVote can’t support this type of audit.

“You need an evidence trail to check, such as paper ballots verified by voters. IVote has nothing. In theory, one could imagine some other kind of immutable record but realistically that’s the only solution,” she said.

Do you know more? Contact James Riley via Email.

1 Comment
  1. Tim Herring 4 years ago

    The article left me wondering, which was perhaps the intention. The strength in the Australian federal system is the single standard nationwide and the control by a single, unaligned authority. Perhaps this should be extended to cover all state and local elections? But there comes the problem, it is notoriously difficult to get agreement among 3 levels of government..
    Multiply that by 50 states and thousands of counties and you have the American problem, plus add in no standards and political control of the voting laws in each jurisdiction (remember sheriffs and judges are elected)!
    I don’t see that online voting improves any of that unless you reform the entire system. The only thing it solves is the one of getting to the polls in a physical sense, oh and the one of getting the votes counted quickly.
    The article is good in that it highlights the work being done and the improvements being made. Maybe the key lies in the Swiss way of making everything transparent? Would that work in south Chicago? I doubt it.
    My experience of local elections in Victoria last month was seamless and easy (and probably very secure) using postal forms with signatures. Overall, I am glad we have the AEC and their influence on the system, plus compulsory voting.
    The only improvement I would suggest at this stage is a compulsory Australian identity card – oh wait!

Leave a Comment