Why is e-voting still not possible in many countries?
Long term impact of e-voting?
E-voting vs traditional voting
Is it easier to detect fraud in an e-voting?
How mitigate the risks of hacking
Methods to detech unusual activity
Jordi Piuggalí participated in the founding of Scytl and directs the Research and Security department since the company was founded. He has co-authored numerous academic publications, international patents, and has been a speaker at international conferences on cryptography and applied security in electoral processes.
Why is e-voting still not possible in many countries?
The main problem is not about the technology, the technology is there. It’s about regulation. The evolution of internet voting requires that the company complies with the regulation. To accept electronic voting you need political consensus to first accept changes in the law and therefore to allow people to vote electronically.
What impact do you see e-voting having in the long term?
The good thing about e-voting is that it is opening up new ways for democracy. Now that democracy is more representative we are choosing electoral representatives who are making legislation during their four years, but voters are not interacting they’re only watching the decisions being made. When you introduce electronic voting, one of the advantages is that you can make direct democratic processes, for example, consultations or referendums more often so voters can participate more in the decision making of the government.
People think that e-voting is increasing participation in general, but actually, it is increasing participation in the case of remote voting. One of the problems with remote voting is that some of the votes are lost or don’t arrive on time. And the result is that there are voters whose intention is not counted. This can be solved by electronic voting. People with disabilities sometimes have problems voting because the traditional systems are based on paper. Electronic voting allows these people to access the voting process more easily.
What is easier to manipulate, an electronic voting system or the traditional one?
Neither system is easier, you can make a very secure electronic voting system or a very insecure traditional system. What’s important is not the voting channel. It’s about which security measures you are implementing to prevent any attempt to manipulate votes. In the case of electronic voting, one of the advantages, especially when we are talking about remote voting is that it is providing better ways to audit the election. For instance in a traditional postal voting system, voters are casting their votes but they can’t audit the process of delivering the vote until they arrive at the electoral authorities, but when you introduce electronic voting you can provide means for the voter to audit that the votes are arriving on time and are properly stored in the ballot box. The result is that there is no lost intention to vote when they are counting the votes.
Is it easier to detect fraud in an electronic voting system?
E-voting technology provides different ways to audit an election. In the case of postal voting, it allows voters the means to track that their votes are arriving and are counted. When we’re talking about voting in polling stations, the main difference is that in a traditional election you have observers or independent auditors in each polling station because you need to observe everything that is happening, but when you introduce technology computers generate traces that you can store in a secure central place, for instance in a blockchain, so that the auditors don’t need to be present at the polling stations and therefore you don’t need to involve a lot of people in the auditing process. It’s much more efficient.
What efforts are being made to mitigate the risks of hacking?
In electronic voting, there are two different measures implemented from a security point of view. On the one side, we have the traditional security measures used by all systems connected by the internet, such as firewalls, antivirus software and so on. These security measures prevent the system from being manipulated by hackers. But there is an additional layer in electronic voting that is very important because it protects the privacy of the vote. This provides something special in the electoral process.
In banking, for example, the bank knows everything that you are doing. They have access to your accounts, so if there is any problem with the traditional auditing process they can detect any kind of fraud. In the case of electronic voting, the problem is that even the election managers that are auditing the election cannot break the privacy of the voters. So we have to introduce other advanced mechanisms based on cryptography, something we are working on at Scytl. This allows you to audit the vote and the process without breaking the privacy of the voters.
What methods are being explored to detect unusual activity, for example, coercion into making certain decisions?
People think e-voting makes coercion easier, but this is not true. One of the advantages of electronic voting is that you can use measures to prevent coercion. For instance, voters can vote multiple times and only the last vote is counted. This is a mechanism used in Estonia. In the case that the voter is coerced when they are casting their vote, they can wait and cast another vote that invalidates the previous one so a coercer can never be sure that the vote that is cast under coercion is the one that will be counted.
Using blockchain is one security measure, but it is not the only one. We started working with blockchain technology in 2004. The idea in the case of using blockchain in elections is to protect the traces that allow you to audit the process. Blockchain protects the integrity, but in order to protect privacy, which is essential in any election process, other layers, based on cryptography, for instance, are required on top of blockchain in order to preserve the privacy of the information that you are storing in the blockchain.