by the Innovation in Politics Institute
Close Menu
The online magazine for digital democracy

Is Internet Voting Safe?

10 Mins Read
By

In 2005, Estonia held its first general election over the internet, becoming the first country in Europe to fully introduce i-voting. Initially, less than 2 % of voters chose to cast their vote online, but over the years, that number grew to over 40 %. Internet voting has become routine practice, so much so that it is no longer predicted by age, education, gender, or income. But is internet voting safe? And will we all be voting online in the near future?

Asian businessman using the smart mobile phone to access on phone with laptop for validate password for biometric two steps authentication to unlock security, Business Technology security Concept
Security is of Key concern for everybody involved in i-voting

Why Vote Online?

Internet voting (i-voting) holds many promises. It can cut down on the costs of running an election, while delivering results both with higher speed and accuracy. Users seem to enjoy the comfort of voting remote, with people who used it once having a high likelihood of using it again. It can reduce hurdles for people with difficulties filling out their ballots, like language barriers or disabilities, as well as people staying abroad, for example military personnel. With more and more parts of our lives shifting online, the idea of going to a polling station can seem out of date. Meanwhile, during a pandemic, waiting in line in front of a crowded election booth is a health risk.

But while tech enthusiasts paint utopian futures with effortless elections and direct democracy at our fingertips, experts warn of the dangers. With online elections, a single vulnerability can lead to large-scale election fraud. What’s at stake is nothing less than democracy. With that in mind, we will look at modern technologies – the ones available today, as well as those coming in the near future – to answer the question: Is i-voting secure?

What is I-Voting?

Depending on the goal, different electronic tools can be utilized to facilitate the election process. These tools all fall under the heading e-voting and includes offline options, like Direct Recording Electronic computers, ballot scanners or combinations of recording and storing devices. All of these would be introduced at polling stations, and can help reduce the administrative burden of an election.

i-voting refers only to methods that transmit data over the internet (although e-voting is often also used in this context). Online devices can also be introduced into polling stations, but the more radical approach, and the focus of this article, is the option for voters to cast their ballot remotely, on a personal device, from the comfort of their home, a café, or wherever they like. That means election officials have no control over the device used or the environment.

Furthermore, i-voting is sometimes proposed as an additional channel to cast votes, similar to postal voting, instead of exclusively online elections. For the latter to be possible, every eligible person would have to have access to and be able to navigate the election technology, as well as trusting it. This is a long way off, if it is even attainable at all.

The Dangers of Online Elections

Internet communication is inherently insecure. The National Academies Press writes in their 2018 report on the American voting system: “[…] no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” Sending election data online opens the door for large scale fraud. But manipulation of votes is not the only way elections can be influenced. An attack that disrupts or delays the system can cause as much harm as election-tampering. And even if tampering is identified, it still demands revotes, which cost time and resources, and undermine trust.

How to Verify the Integrity of i-Voting

In the process of casting an online vote, there are multiple pieces of critical infrastructure. There is the server that receives and stores the votes, the device on which a vote is cast, and the connection between them. All of these can become the targets of an attack. Personal devices especially are prone to being infected with malware. This kind of distributed system calls for a method to check the integrity of not only every single part, but the entire transaction chain. To ensure that it holds from one end, all the way to the other, it needs end-to-end verification.

End-to-end verification is typically implemented by creating a receipt for the voter after their vote is completed. Imagine a 23-digit Number generated by an algorithm from the specific data of the vote. The algorithm can be public and still provide unique keys that prevent the voter’s information from being reverse-engineered. At the end of the transaction, another key is created from the transmitted data and made publicly available for everyone to check. If nothing has changed, these will be the same.

In an end-to-end verifiable system, votes can be neither lost nor modified without being detectable. Every voter can check if their vote was captured properly. Additionally, it can be verified, either by predefined agents or the entire public, that the whole of the votes was tallied up correctly. In this way, end-to-end verification protects an election from threats on the outside as well as the inside.

Of course, in the best case, the personal information of the voter would be separated from their vote immediately after passing the ballot to ensure secret suffrage. To allow verification, cryptographic technologies are used to keep the anonymity of the voter intact.

Another requirement of elections is that a voter should not be able to publicise how they voted, as this possibility could be used to coerce them into voting a specific way. At first, this seems to be a direct contradiction to verifiability, but achieving both at the same time is in fact possible and an active area of research.

In Estonia, a verification app shows the name of the voter and their vote – thus allowing voters to demonstrate how they voted. However, they allow verification only 30 minutes after casting the vote. This together with the option of revoting is supposed to prevent voter coercion.
On the other hand, this opens up the possibility for malware to secretly recast the vote after the verification time window has passed. While the security of the verification process in Estonia could be improved on the technical level to allow secure verification, the greatest challenge remains adoption, as in the most recent Estonian election, only 5.3 % of internet voters chose to verify their vote.

The great advantage of end-to-end verification is that each voter can make sure that their vote was processed correctly; while in the case of paper ballots, they can only be sure of the integrity of some steps. Paper ballots may be recounted, but they can, in principle, be removed, added, or changed. End-to-end verification, therefore, is also a useful consideration in traditional paper based voting systems. Indeed, implementing end-to-end verification in traditional elections would serve as a test and training ground for the technology, as well as for the people operating it.

The Blockchain’s Potential Role in i-Voting

Blockchain is a buzzword that attracts a lot of hype. It is an incredible solution that’s still looking for a problem to solve. Could it find its home in i-voting? There are prototypes of online voting systems making use of blockchain running today, like the Agora system. To understand their allure, we need to understand the technology behind the word blockchain.

In more technical terms, blockchain is a distributed, immutable ledger. Think of an Excel spreadsheet, where no cell can be changed, and where rows, called blocks, can only be added to the bottom. That is the immutable part. The data structure is implemented in such a way that each block references the last block, leading to the name blockchain.

Furthermore, this table is decentralized, meaning there are copies distributed across many locations. For each new block (i.e. vote transaction), all administrators have to agree that it should be added. If consensus is reached, it becomes a permanent part of the chain. This means that no single agent, neither a hacker nor someone from the authorities, can change votes. To do that, they would have to gain access to the majority of administrator machines. In this way, the trust is distributed across all administrators, potentially consisting of election officials, election observers and other trusted third-party actors. Blockchain can be combined with cryptographic technologies to ensure end-to-end-verification for every voter as well as verification of the whole of the votes.

Blockchain is a promising technology for the application of i-voting. There are, however, problems. Since it relies on communication between the whole network for every single vote, the process is energy-intensive and slow, in the range of hundreds of votes per second. For this reason, blockchain technology is difficult to scale to nationwide elections and especially vulnerable to denial-of-service attacks.

At this point, it is not clear that these drawbacks can be resolved. The blockchain is still in its infancy. No one can predict which solutions will arise in the future, alongside which new challenges. It has the potential to power a transparent, cost efficient and trusted voting system. Trusted, that is, if people understand the intricacies of this technology.

Transparency: Open Source vs. Proprietary

Democracies are built on trust. Even in the total absence of technological vulnerabilities, a system can be disrupted if the population distrusts it. For people to understand why i-voting is introduced and how it works, transparency is called for.

This transparency is achieved by having the election run on open-source software. In contrast to proprietary software, where the code is kept behind closed doors only for a select few to examine, open-source code is completely public and can be inspected and evaluated by anyone.

Estonia has made almost their entire code accessible to the public, the only exception being the app that runs on the voters PC. Keeping this code secret is a defence against the insecure environment of personal computers. Estonia does, however, provide an additional open-source app that verifies that the voting software is running correctly.

Despite criticism from tech experts, the Estonian population has faith in their online elections. Survey data collected after every election shows around 70% of the Estonian general population trust i-voting. Trust in a technology is a major prerequisite for its adoption. In Estonia, it was achieved through persistent efforts to explain and improve the system, a generally advanced digital infrastructure, and transparency.

More on the discussion about open source: 

Outlook: The Future of i-voting

Technological challenges for i-voting persist. While companies praise their solutions, experts warn of the risks. Online voting has been tested in pilot projects around the world, most of them discontinued. The reasons range from technological failure to expert warnings and declining political will. In that regard, at least for the time being, Estonia remains an outlier.

Yet there are some signs of change on the horizon. Last year, Switzerland decided to resume their experiments with i-voting, after an unsuccessful trial in 2019. New Zealand’s Jacinda Arden has also expressed an interest in switching from the country’s exclusive use of postal voting to an online system. Perhaps even more importantly, a range of political actors are using online voting systems in lower-stakes situations, including participatory budgets and party primaries in various countries throughout Europe. In this way, i-voting is already beginning to reshape our democracies.

It’s unlikely that many of us will be voting online in national elections in the immediate future. The stakes are simply too high, and the technical challenges too manifold. Yet it is through trials and lower-stakes experiments that new, secure solutions will emerge, and public confidence in online voting will grow. 

How useful was this post?

Click on a star to rate it!

Average rating 4.3 / 5. Vote count: 3

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Tim Haarseim is a freelance writer and student based in Berlin. Holding a bachelor's degree in Physics, he is currently pursuing a master's degree in Computational Sciences at Freie Universität Berlin. Tim's research focuses on climate change and its wider societal impact. He has written multiple articles about online voting, exploring both its security challenges and the advantages it offers.