e-Voting: Taking out the trust

Person selecting 'yes' or 'no' buttons On one side voter disengagement on the other dodgy security and inaccurate results. Will e-voting gain the public's trust?

MPs are used to say how great technology is even if they are somewhat fearful of it. Nobody wants to be seen as a Luddite. Yet when it comes to new technology in their own turf, have they spotted that even the technophiles are edgy?

The Open Rights Group (ORG) has recently published a report on the e-voting trials in this May's local elections. Before attending the launch, I had an idea that it was going to be bad news, but I still managed to be shocked by the presentation.

Judging by the questions from the MPs present, I wasn't the only one. The Electoral Commission representatives who were present just smiled ruefully; thankfully this wasn't news to them. I can't imagine their official report, due in August, will be very positive.

While being terribly low tech, the current paper system is very resilient. Ballots get lost or spoiled, and may even go missing, but it's all within the tolerances of the system. If the losers in an election get a whiff of foul play, they won't keep quiet about it.

While not being theoretically impossible, it is actually quite difficult to interfere with an election result. That's not to say there aren't problems, particularly with the electoral register, but those are separate issues.

The e-voting systems in trial are of course a sign of 'progress', and an attempt to increase voter turnout. Voter disengagement is a major issue for all political parties, and the feeling is that if people have the choice to vote at home, they will do so more readily than slogging down to a polling station.

There are all sorts of complex issues with even postal voting, but voting over the internet is inherently insecure for the simple reason that people's home PCs are inherently insecure.

That I knew already, but what really alarmed me was the low level of security and oversight of the central systems that were (or should have been) under total control.

The PCs used in the polling and counting often lacked basic security measures, as evidenced by the photos and accounts from ORG's volunteer election observers. According to ORG, it would have been very easy to introduce programs onto the systems, and very easy for a program to alter the results without detection.

My favourite two incidents that were obviously mistakes show just how easy it would be to deliberately and covertly change results. The first was a Labour candidate voting over the internet who discovered the Labour logo next to both his and the Conservative candidates name. He was understandably upset.

The second was one of the regional parts of the Scottish elections in which there were quite a few parties; more parties than the excel spreadsheet used to calculate the result could display on screen at a time. This meant that the initial result showed no votes for the SNP; the electoral equivalent of 'Computer says no'.

An SNP candidate stopped the returning officer on the way to announce the result and managed to argue him into re-examining the data. He did, and the mistake was found. If this went unchallenged, it would have resulted in two less SNP MSPs, and a totally different balance of power in the Scottish Executive. Whoops.

To say that the ORG report raises questions about the trials would be rather an understatement. However, it is important to separate the two issues at hand. The first issue is whether the current trials were effective.

The second issue is whether an effective and trusted e-voting system can be designed using today's technology. It is perhaps useful to have an idea of the requirements. A quick stab at it provides:

  • Security to the level of national critical infrastructure; interference in an election by another state, for example, could create chaos.
  • Accuracy and integrity of the result to a very high level, particularly where there is proportional representation or low majorities.
  • Voter privacy must be securely maintained, along with the ability for a court order to tie up votes with voters (unusual for an electoral system, but true in the UK).
  • The system must be overseen, audited, run and used by untrustworthy parties without breaching the above. Everyone in the process is regarded as untrustworthy, in that no individual should have the ability to influence results without someone else noticing.
  • It must be transparent to a sufficient level that voters trust the process, and candidates/agents can see there was no funny business.
  • Staff can only need to have a small amount of training, and voters no training, in order to operate the system.
  • The system needs to be reliably deployed and used only once per year (maximum) in places with little infrastructure such as church halls and community centres.

Tough stuff, and that is without mentioning costs. In order for an electronic system to replace the paper one, other requirements are added.

It needs to either be faster and more efficient than existing systems, or increase voter turnout, or both. According to ORG, the trials were slower, dramatically more expensive, and didn't affect turnout in any significant way.

This comes back to the worry that parliament is not well-equipped to see the wood for the trees. The combination of these requirements and current technology represents a major problem.

The other issue of course is that technologists (like the rest of the population) don’t find electoral issues particularly exciting, so have failed to look and see just how far off the reservation e-voting could go.

Where next? The BCS needs to be providing good solid counsel to government on the issues around e-voting. So, over to you the membership to help provide that. This, and other issues, I will be discussing and looking for comments on in my new BCS Blog.

David Evans is the BCS public engagement manager.

July 2007