I was asked by a friend why is it that we can’t do voting over the Internet. With all of the digitisation being done globally, and the ongoing COVID-19 issue, shouldn’t Singapore – the Smart Nation – have the general elections (which is due no later than April 2021) be done over the Internet?
One word answer: No.
Yes, you have done plenty of Internet banking transactions. You’ve sent money to phone numbers, you’ve received monies etc. You’ve bought stuff using your credit card over the Internet and received the goods. And yes Amazon, Alibaba, Paypal, eBay etc are multi-billion businesses that accept payments over the Internet. It is safe and it works.
Why? Because of the simple transaction involved: you know what you paid – you can check the ledger and the recipient can check as well. E-commerce sites can see the transactions just as clearly as those involved in the transactions.
There is no secrecy within a transaction here. There is secrecy across all transactions, but each participant in a transaction knows all the details.
When you transfer $100 to a bank account over the Internet, you can check that it was delivered/received. You can check that your account was reduced by $100 and the recipient’s increased by $100.
But if you are NOT part of a transaction, you have no idea what happened. So, global secrecy is enforced and that’s all well (hence money laundering, bribery etc thrives).
The democratic process of voting has one critical thing that is different from the usual electronic transactions: the participants of the transaction DON’T KNOW WHAT TRANSPIRED because of vote secrecy.
I can tell the person who I voted for that I did vote for that person, but there is NO WAY for that person to check that A VOTE did indeed come from me. That person will only see a vote.
The only country to have gone down the path of Internet voting is Estonia. Even then, it is not 100% participation. You cannot do e-voting ON THE DAY OF THE VOTE. Here is a page that discusses the software one can use for e-voting. Note that the site says that votes from mobile phones are not possible.
Why is Internet or e-voting a hard problem to solve? It is the conflict of two fundamental requirements: Trust and Secrecy.
In order to vote, you need to TRUST. You need to trust that the system that you are using is indeed secure and safe from being manipulated. Open source software is a necessary but insufficient condition for the trust to be established. I could inspect the code, I could compile the code, I can install the code on the voting machine, but there could be something else running in the machine that I can’t check that could negate what I’ve done by way of software. I will need a fully trustable piece of hardware. Bunny spoke about building trustable hardware at 36C3 last December. Spoiler alert: No.
On the assumption that we have trust in the hardware, software the standards-based Internet connection that will carry my vote to the vote aggregator, can we trust that end device (hardware and software)? As the vote traverses the Internet, we have to guard against man-in-the-middle attacks, for example, among many other forms of attacks.
How would I keep my vote secret as that is a tenet of voting? Voting behaviour can be modified and affected by coercion, intimidation and threats (CIT) – real or perceived – hence the need for secrecy. The Estonian i-voting model mitigates the CIT to an extent because you can i-vote AS MANY TIMES before the polling day and have only the last i-Vote that will be counted and/or go to the polling station on the day of the vote and cast the vote. This will then override all the i-Votes.
The struggle of Trust and Secrecy is holding back Internet or e-voting. The Estonian i-Voting has been reviewed by many people and this report from 2014 recommends that it not continue.