In Estonia’s 2023 parliamentary elections, 51% of voters cast their ballot using the country’s online voting platform. It was the first time anywhere in the world that a majority of votes were cast online in a major election.
It was a major milestone for online voting – yet Estonia remains an exception to the global rule. In practice, very few countries are prepared to adopt online voting on a large scale. But that doesn’t mean that it isn’t increasingly playing an important role in a number of democracies.
France may not choose their President online – but they have made online voting available to overseas voters for legislative elections. The Australian state of New South Wales will soon allow residents with visual impairments to vote online in non-federal elections. And that’s to say nothing of the countless trials being conducted around the world, or of the party leadership contests, participatory projects, and other lower-stakes elections that use online voting.
In other words: online voting is already here, and it is likely to only grow bigger.
This article provides an overview of the key issues surrounding online voting. It considers the potential advantages it has to offer; the security issues it raises, and the key solutions proposed to address them; and the thorny issue of public trust and transparency.
If there is a specific online voting issue you would like to know more about, you can navigate directly to the relevant section using the table of contents below.
What is online voting?
Electronic voting (or e-voting) refers to a range of digital alternatives to traditional paper ballots completed by hand.
This article focuses on a subset of these technologies that enable remote online voting. This means voters cast their ballot via the internet using their own personal device, such as a laptop or a smartphone. This is also sometimes also referred to as internet voting, or i-voting.
Forms of e-voting not covered in this article include voting machines that either transmit ballots over the internet or store ballots electronically, for example using Direct Recording Electronic computers or ballot scanners.
Where is online voting already in use?
Elections
Trials of online voting in the political arena began in the early 2000s. Estonia became the first country to use i-voting in a general election in 2005. To this day, it remains the only country to give everyone the option of casting their ballots online.
Switzerland was another early adopter of i-voting. This is due in part by their regular referendums, as well as the large proportion of Swiss citizens living abroad. Although experiments began in 2003, the country has yet to progress beyond trials. In 2019, trials were abandoned altogether following the discovery of a major security flaw in the voting system. But in 2022, Swiss legislators gave the go-ahead for a fresh round of tests using a completely new system.
IDEA International’s ICTs in Election Database indicates that 10 countries (of the 174 covered by their study) allowed some form of online voting between 2019 to 2023. Most of these allow its use only in a limited number of elections (often local or municipal). Furthermore, some countries restrict the use of i-voting to citizens with disabilities, overseas citizens and/or military personnel. This number does not include countries running trial programmes.
Smaller scale uses
Most countries don’t use i-voting for official elections. Yet it is becoming an increasingly popular option for smaller scale elections, in the political sphere and beyond.
Online political primaries and party leadership contests are growing in popularity in Europe. In 2022, the British Conservative Party used a combination of paper ballots and online voting to select Liz Truss as the head of the party, and by extension the Prime Minister of the UK (if only for a very brief time). Parties in France, Italy and Hungary have also recently held digital primaries.
The last few decades has seen a big increase in new forms of participative democracy, including participatory budgeting. Several cities and countries use online voting to get citizens involved in decision-making processes like these from the comfort of their own home.
Finally, the market for i-voting in non-public elections has grown substantially in the last decade. Applications include democratic votes within companies, trade unions, student organisations, and sporting clubs. These smaller-scale uses could ultimately lead to higher levels of trust, as people become more comfortable using the technology.
Potential advantages of online voting
Accessibility
Online voting has the potential to make elections more accessible than ever. While mail-in ballots remove mobility barriers, a study commissioned by the U.S. Election Assistance Commission found that 6% of voters with disability reported difficulties with voting by mail in ballot, compared to 1% among voters without disability. This percentage rises to 38% among voters with visual impairments. As such, it is unsurprising that one of the loudest voices calling for permanent access to i-voting in Switzerland is the Swiss Association of the Blind and Visually Impaired (SBV / FSA).
The Australian state of New South Wales introduced i-voting in non-federal elections for the visually impaired in 2011. Over the decade that followed, the state gradually relaxed eligibility criteria to include other disabilities. At the height of the pandemic in December 2021, over 670,000 people used the system to vote in council elections. The high demand led to disruptions to the server, leading to a court ruling which blocked further use of the system. The state is currently preparing a new version with the aim of reintroducing the option exclusively for the state’s 4,000 blind or low-vision voters by 2027.
I-voting can furthermore address cognitive and language barriers. Accessible voting is especially relevant for people who currently rely on another person to cast their vote for them. However, the increased accessibility of i-voting does not remove the need to make traditional voting processes more accessible, as voters with visual impairments and other disabilities need to be given several options. In many cases, you can achieve a similar level of accessibility using traditional voting methods, probably more efficiently.
Convenience
Comfort is another key appeal of online voting. In Estonia, online voting has become routine. Statistics show that people who used it once have a high likelihood of using it again. People across the whole spectrum of age, education, gender, or income choose to use the technology. I-voting is especially appealing for overseas citizens, including military personnel.
Additionally, during the pandemic, there was an increased need for remote voting options, as visiting polling stations was potentially unsafe. In most cases, mail-in ballots were used. But online voting systems could provide an important backup in the event of future pandemics.
Flexibility
Experts agree that putting a cross in a box next to your favourite candidate isn’t a very effective way of making your preferences known. Who is your second-favourite candidate? Is there a candidate you want to avoid at all costs?
Questions like these often lead people to employ tactical voting, instead of choosing their actual preferred candidate. A whole host of alternative voting methods, such as ranked-choice voting, can be used to more accurately record voters’ preferences. Calculating the results by hand in these cases can be very time-intensive. Furthermore, voters are likely to make mistakes completing complicated ballot papers by hand. Online voting systems can easily tally the results of such alternative voting methods, and can prompt voters to correct any mistakes before submitting their ballot. This could ultimately contribute to making elections more democratic.
Cost and efficiency
One of the big promises made by i-voting technology providers is that it is very cost-effective. There’s no doubt that i-voting can reduce costs for smaller organisations when they stage low key votes. Yet when it comes to major elections, there is only limited data on the actual costs of i-voting.
Some websites and other sources cite very low costs per-ballot compared to other voting methods. Yet you should be cautious about taking these at face value. First of all, no country in the world uses online voting to entirely replace traditional methods. Even in Estonia, 49% chose not to vote online in 2023. This means they still have to maintain other channels of voting, making savings limited.
There is a whole host of additional factors you need to consider. First, development of i-voting platforms themselves is costly. You also need to factor in updates in response to changing standards and security demands, as well as the costs of educational campaigns, and of campaigns to establish trust among the electorate.
Finally, it is difficult to predict the potential costs of a technical failure or a security breach during an election. At worst, this could lead to an entire election having to be repeated. Not only would the financial cost be high – the damage to democracy would be difficult to put a price tag on.
Voter turnout
With participation in elections in decline in many countries around the world, it is tempting to see online voting as a way of reversing this trend. But there is actually very little evidence to suggest that this would work.
While the proportion of people voting online in Estonia has risen continually since 2005, the total turnout has only increased modestly. Meanwhile, a TAB study on the case of Switzerland’s i-voting system suggests that it only increased the rate of voting among citizens living abroad. Other voters who chose to vote online were largely people who would have voted anyway.
The effect might be greater for lower stakes elections, such as regional elections, party primaries and trade union votes. While people are accustomed to taking time out of their schedules to vote in major elections, encouraging them to get involved in internal party politics is far simpler if they can vote from home. It has been reported that participation in trade union votes in Denmark increased after online voting was introduced – and trade unions in the UK are pushing to overturn a law banning them from using i-voting in the hope of boosting participation.
Accuracy and transparency
Theoretically, i-voting systems have the potential to eliminate inaccurate counts, making recounts and disputed results a thing of the past. Furthermore, genuine end-to-end user verification would allow voters to track their ballot after casting it, ensuring that it is included in the final count. This is not possible using any other method.
In an equally important sense, however, online voting renders elections less transparent. Everybody can understand the process behind a hand-count. But i-voting always involves the use of software whose inner workings are only understandable to a small handful of people. As a German federal constitutional court ruling against i-voting proclaimed:
“In a republic, elections are a matter for the entire people and a joint concern of all citizens. Consequently, the monitoring of the election procedure must also be a matter for and a task of the citizen. Each citizen must be able to comprehend and verify the central steps in the elections reliably and without any special prior technical knowledge.”
Risks and vulnerabilities
Online communication is inherently insecure. As the researchers behind A Review of Cryptographic Electronic Voting put it: “The Internet is unsuitable for transmitting ballots, and currently, there is no realistic mechanism to fully secure the casting of votes and tabulation of election results from cyberattacks.”
Elections present a very particular set of security challenges. Voting online is not the same as, say, sending a text via a messenger app. It needs to be anonymous, yet also verified. To maintain the secrecy of the ballot, it is important that you cannot reveal how you voted to anyone else. Yet at the same time, you need to be able to verify that your vote was cast and counted correctly.
Election security is critical and moving election data online might enable large scale, undetectable fraud. But the manipulation of votes is not the only way elections can be influenced. An attack that disrupts or delays the system can cause as much harm as vote tampering.
There is no such thing as a system without vulnerability, and i-voting presents an attractive target for malicious actors. One group of researchers estimated the cost of finding and exploiting a software vulnerability at $ 6,000,000. That’s not such a large sum, especially when it comes to high stakes elections.
Integrity of the vote
Every ballot cast needs to be processed correctly as well as be included in the final tally. While the danger of manipulation cannot completely be prevented, it can be counteracted with systems that allow individuals to check that their vote was counted correctly, and with special techniques that confirm that all votes were included in the final tally. These systems mean that manipulation is likely to be detected. By this stage however, the damage is arguably already done, potentially undermining the validity of the election results.
Data breaches & disruption
The principle of secret suffrage dictates that votes are cast secretly and anonymously. A database connected to the internet is inherently vulnerable, especially compared to a securely stored box of paper ballots. Cryptographic techniques can be used to hide the link between the voter’s personal information from the information about their vote.
Accessing Denial-of-service attacks (DoS) aim at making a system unavailable, typically by flooding it with requests. Especially if these attacks are coordinated from different sources, they are hard to defend against. If attackers disrupt a system during the voting process, public confidence in the system suffers. In the worst case, a continuous disruption may lead to reruns of the entire election. Therefore, the infrastructure has to be reliable. Unfortunately, whenever new methods of defending against DoS attacks are devised, new methods of disruption spring up soon after.
Malware & the vulnerability of personal devices
Casting a vote over the internet requires multiple pieces of infrastructure. There is the server that receives and stores the votes; the device on which a vote is cast; and the connection between them. All of these can become the targets of an attack. Personal devices especially are prone to being infected with malware, a risk that can not be eliminated. This allows third parties to take control of a device, potentially giving them access to passwords and login details for voting apps.
Coercion & vote selling
In remote elections, a method of identification is needed to ensure that anyone who casts a vote is eligible to do so, and that people can only vote once. Authentication can be managed via passwords, but these tend to be either forgotten or insecure. Also, the combination of username and password is easily transferable and enables vote-selling. Estonia solved both problems with electronic ID cards. They are verified using card reading machines for online identification, issued to all eligible voters in the country.
When people vote from home, coercion and family voting are hard to prevent. That’s why it is essential to allow users to change a vote cast online at a later point in time. This way, anyone forced to vote a particular way can later revise their vote in private. But of course, there is no way of guaranteeing that they will actually do this.
Security measures
To combat these vulnerabilities, i-voting systems rely on a range of strong security features. Cryptographic technology can protect the voters’ privacy. At the same time, end-to-end verification gives reliable proof that the vote was recorded and processed correctly. Homomorphic encryption can be used to verify the integrity of the entire election, allowing a functionality similar to a recount.
It is important to remember that these security features vary in suitability according to context. Every piece of software needs to be assessed individually to determine whether they are effective or not.
Encryption
Encryption and subsequent decryption are the most common uses of cryptographic technology. A piece of information is made unreadable by obscuring its content, using a specific encryption key. After the transmission, the information is decrypted using the same key. As long as the key stays secret, the encrypted message cannot be accessed, satisfying the need for secrecy of the vote.
End-to-end (E2E) verification
End-to-end voter verification (E2E) is a system which allows individual voters to check that their votes were cast, recorded, and counted correctly. They typically work by issuing voters with a receipt after they cast their vote. The receipt contains their vote in an encrypted form – usually a string of numbers and letters. At the end of the election, a “notice board” containing all votes in encrypted form is published. Anyone who wishes to can check that their vote was included in the final tally. Some notice boards use blockchain technology to prevent tampering.
Note that voters cannot use their receipt to prove to other people how they voted, which would leave the system open to voter coercion. It simply allows voters to ensure that their vote was included in the final tally.
The great advantage of end-to-end verification is that each voter can check for themselves that their vote was correctly counted – something that is not possible with traditional paper ballots. The biggest challenge it faces is adoption. In the Estonian 2023 parliamentary election, only 5.5% of internet voters chose to verify their vote.
Tallying
In i-voting systems that do not use blockchain, a central authority has to tally up the election results. In paper based voting, the information about the identity of the voter is never connected to the information of their vote. The ballot is anonymous. In the case of online voting, to allow identification and verification, some information about the voter is needed. To ensure anonymity, the personal information of the voter has to be separated as soon as possible from their ballot. There are two common approaches: Mix-networks, which works by “shuffling” information, thereby making information harder to trace; and homomorphic encryption, which involves tallying the votes in their encrypted form.
Trust in online voting
Even in the total absence of technological vulnerabilities, no voting system can succeed if the population loses trust in it. The case of voting machines can be seen as a cautionary tale here. There have been various attempts by populist groups to undermine confidence in voting machines to cast doubt on the outcome of an election.
While i-voting offers technological guarantees, understanding them requires a high level of technological literacy. Therefore, due to their complex and abstract nature, online voting systems can be easy targets for misinformation. But there are ways to foster trust in these systems. In Estonia, the population has had continuously high trust in their i-voting system, between 50 and 80%. When Estonia introduced i-voting, there already existed a strong digital infrastructure, and Estonians were in favour of increased digitisation.
Open source/black box
An important step to foster trust in technological systems is to follow the open source standard. In contrast to proprietary software, where the code is kept behind closed doors, open-source code is completely public and can be inspected and evaluated by anyone. This allows security experts thorough testing and assessment of the system.
In the case of black box systems, where the code is kept private, researchers have to reverse engineer the code. This is a time-consuming process that tends to produce less comprehensive results.
In some cases, i-voting companies have partnered with security assessment firms, giving them access to their code base. These so-called white box tests are a valid way to assess the system. However, they put the burden of trust on a single assessment company, whereas open source allows everyone to test.
One might suspect that it would be easier to find vulnerabilities in an open source system, since the code is publicly accessible. But in practice, the lack of third party testing in black/white box systems poses a much greater risk.
Furthermore, it can be problematic for a private company to administer critical public infrastructure such as an election system. This limits the control election authorities have over the process, and makes them dependent on the technology provider. Such technology providers can in turn come under fire from those seeking to undermine confidence in the elections.
Auditing
Online voting provides strong methods of verification and therefore, in theory, a robust form of auditing. However, the complex technology involves means that most voters will never understand the process in its entirety. Most voters understand traditional and mail-in voting, the technological literacy required for i-voting systems is a big hurdle. This means that most people can only evaluate the process with the assistance of trusted third parties.
Detecting vulnerabilities
An i-voting system can also be tested by hiring a so-called “red team.” These are groups or organisations that attack the system in realistic scenarios to find weaknesses and vulnerabilities.
Another way is to arrange “bug hunts”. Used as part of Switzerland’s ongoing voting trials, these contests offer large rewards to anyone who finds a vulnerability in the system. While no guarantee for security, they are a good way of testing the system against a range of attacks. They can also be effective in generating positive media around the topic of online voting.
Predictors of trust / implementation / barriers and drivers
Technological improvements can help make online voting more secure. But for this to really have an impact of public trust, there is a need for a high level of general technological literacy, and for effective communications campaigns. Estonia has achieved high levels of trust by introducing its i-voting system as part of a wider digital ecosystem. Residents use their e-ID for a whole range of different functions, giving them chances to develop trust in the system. In Estonia, the biggest predictor of whether a person trusts i-voting is whether they have used it before. Other features like age, gender, and income are far less significant.
Conclusion
With the ongoing issues of security and trust, it’s unlikely that we will all be voting online in major elections anytime soon. But this definitely doesn’t mean that the topic will vanish altogether – far from it.
Estonia continues to develop and improve on its i-voting system. Other governments around the world, from Canada to Greenland or South Korea, are conducting trials. This is leading to the establishment of accepted standards, as well as technological advances that are difficult to anticipate. A big breakthrough could yet see more countries opting to use i-voting on a large scale.
In the meantime, we can expect to see it used more and more often in low-stakes elections, as well as to improve accessibility, and for small segments of the community such as overseas voters.