Online voting is often considered a way to improve voter turnout and security. But according to Dr Steve Kremer of the French Institute for Research in Computer Science and Automation, computer scientists have got a long way to go before they make it a viable alternative to pencils and paper.
He is researching ways of making e-voting secure under a project called SPOOC.
Why would we want to vote online?
‘In many countries, participation in elections has gone down in recent years. There is a hope that online voting could revive this, because voters wouldn’t have to go to a polling station. Young people in particular do everything now via the internet. They could get an email, and vote immediately from home – it would be more convenient.
‘But online voting is not a simple replacement for traditional voting. There are various possibilities, advantages and shortcomings, and those are what I’m studying.’
Why isn’t it a simple replacement?
‘Traditional voting, unless it is by post, is usually in a controlled, private environment. Online voting is remote, and there is potentially no privacy. It’s like comparing apples and pears, and people need to be aware of this.’
But we buy things online, and bank online, and that’s safe enough.
‘So here there are several differences. One is that there is actually a lot of known fraud in e-commerce and online banking, and it is built into the economic model. If you have a credit card, for instance, you pay your bank for it one way or another. If someone then steals your card details and uses them online, you can be reimbursed by your bank’s insurance.
‘The second difference between online voting and online banking is that with online voting the risk is taken by everyone, whether they opt to use it or not. If you opt to use online banking and your details are hacked, you’re the only one who will be impacted.’
So hacking could have a bigger impact by swinging an election. But can’t we make sure everyone’s vote corresponds to what they intended?
‘Potentially, yes, but here we run into the final major problem. On the one hand you want to preserve voting integrity – that votes correspond to voter intentions – while on the other hand you want to preserve privacy. But these are actually opposite properties: the first suggests you need transparency to ensure that the vote is correct, while the second says you need to hide how everyone voted. Combining both properties is very complicated.’
How far along are we to solve these issues?
‘We know relatively well now how to verify elections conducted online, in the sense that a voter can check his or her vote has been correctly registered, and the system can provide proof that the votes have been correctly deciphered. We know how to enforce this through cryptography; the techniques are ready.
‘Where these techniques fall short is their reliance on people’s computers encrypting votes correctly. It has been demonstrated that if there is dedicated malware living on your computer, it can switch your vote, so that if you click on candidate A, the computer encrypts a vote for candidate B instead, without your knowledge. There are ways around this problem – for example, adding a second device such as a smartphone to double-check security – but these complicate the voting process, and potentially add other vulnerabilities.
‘The current techniques are also unable to protect against coercion – the possibility that voters are influenced to vote in a certain way. If an election needs to take place (somewhere) where vote buying is a real problem, I believe the problems are currently too difficult to bring online voting to market, and any potential solutions will be too complex to explain to people.’
‘It has been demonstrated that if there is dedicated malware living on your computer, it can switch your vote.’
Dr Steve Kremer, Inria, France
But hasn’t Estonia already implemented online voting for national elections?
‘Estonia has, and it is a very tech-oriented country – it’s often jokingly referred to as e-stonia for this reason. Its citizens have identity cards with electronic chips, which go some way to reducing the risk of voter coercion, as people are unlikely to hand over (something so personal) as their identify card. Of course, there’s nothing to stop someone coming round to your house and forcing you to vote a certain way, but that type of coercion is hard to scale up.’
Do you think it’s worth the risk at the moment?
‘Currently, I believe that online voting is not ready for any high-stakes elections (such as national elections). On the other hand, there are many elections that are not high stakes. Last December in France, for example, we had all our professional elections, where we voted for union representatives and so on. The stakes for that sort of election are not especially high, in the sense that there is not a high risk of coercion, so e-voting could be a viable alternative.’
This interview has been edited for length and clarity.
Originally published on Horizon