For some of us, rolling up to a polling booth to publicly exercise our democratic rights on election day is part of the joy of voting. But with more and more people now electing to cast postal votes — a growing trend that emerged before the pandemic — are we any closer to remote online voting at Federal elections?
It’s unlikely, according to Dr Thomas Haines, a lecturer in the School of Computing at ANU. “Most of the Australian electoral commissions have been very hesitant about moving to electronic vote casting,” says Haines. “Particularly remote electronic vote casting. I’m not sure if that’s ever really going to change. There’s very few examples of online voting at the national level anywhere in the world.”
Haines is an expert in applied cryptography and its use in electronic voting systems. He works to identify subtle flaws in how cryptography is implemented that threaten the privacy and integrity of elections. “Election management bodies and vendors want to remove vulnerabilities but doing so is a Herculean task,” says Haines. “Humans can check these systems, but doing so requires a colossal amount of highly skilled work which in practice, is often not feasible; to check a single system to a high level of assurance would take several years. By using machine aided analysis, you can check whether the security of the system is doing what you expect.”
Haines’ verification process has been used on the national elections systems deployed in Estonia and Norway, and is currently being used for the International Association for Cryptologic Research's board elections using the Helios system; a system that is used in elections to produce public evidence that the results were tallied correctly. Haines’ system takes that public evidence and checks it to guarantee that the tally was indeed correct.
The problem with online voting
While the use of online voting systems — where you cast your vote via a computer at a polling booth or via the internet using your own personal device — has been used in Australia, it’s been limited to a small number of jurisdictions at the local or state level. We’re yet to see online voting at national elections, and there’s very good reasons for the reluctance.
You only have to cast your mind back to December last year when the iVote online system used for the NSW local elections crashed, forcing voters from three council areas back to the polls and eroding public confidence in the system.
While the capacity of the system to be able to do what it needs to is obviously important, the bigger challenge with online voting is ensuring that the vote you cast is accurately recorded and counted. Unlike the current paper ballot system where you manually complete your vote, place it in a box, which is then counted by hand with scrutineers watching on, the same level of scrutiny is difficult to replicate online.
Haines has looked at a dozen or so electronic voting systems around the world and says that most of them have weaknesses. Take for example the Russian e-voting system that was trialled a few years ago in which the candidates were encoded incorrectly in the encryption system making it possible to see how people voted.
In a similar vein, the Norwegian voting system used a random number to encrypt the vote. However, the random number generator was implemented incorrectly, returning the same number each time for the candidates. “Because you knew that it always returned to the same number you could search through all the candidates and compare the cypher text to find the one that’s equal,” said Haines. “It was therefore possible for the vendor and the various governments running the system to look and see how people voted.”
Closer to home, Haines looked at the online voting system used at the last ACT local elections for overseas voters. He found that while votes were being encrypted on the server, they were not being encrypted on the device, allowing the potential for votes to be tampered with depending on what denial-of-service protections were in place.
Although he has found weaknesses in most of the systems he’s looked at, Haines says it’s difficult to be conclusive about the security posture of most systems. “There’s generally strict non-disclosure agreements so you can only see a small sub-part of the system which makes it difficult to assess. Also, in a lot of places there’s not an agreed standard for what the system should actually provide.”
While there is a risk that hackers could change your online vote, and therefore rig or flip an election result, Haines believes that the risk of large scale privacy breaches are more likely. “While state actors regularly interfere in elections, for example by using misinformation, they have been very hesitant to attack voting systems directly. This has been true even when the voting system would have been very easy to hack. The risk of large scale privacy breaches seems more likely than rigging an election”. Such a breach, would undoubtedly undermine public trust in the democratic process.
Getting the count right
While online vote casting at Federal elections is unlikely any time soon, the use of electronic voting systems to count votes will be in play at this year's election, at least in the Senate. We’ll still be numbering boxes on a paper ballot, but the ballots will be digitised. First preferences will be manually counted, but the rest of votes will be run through an algorithm to get the tally.
Following the passing of a new law in December 2021, the AEC will be required to demonstrate the security and accuracy of the systems used for scanning the ballots and counting the votes. They’ll also be required to publish the senate election data for each ballot cast, giving us a transparent audit trail of the process.
While the AEC have not yet publicly revealed their auditing system, the most common technique for auditing the scanning of ballots is to check a small number of the ballot papers to check that they match the digital records.
In terms of auditing the system used for the count, according to Haines there’s a couple of options. One would be to check that the algorithm is correct and that’s it’s implemented correctly. The other would be to use enough independent implementations of the algorithm to check that they all match.
Regardless of which system is used, there will undoubtedly be scrutiny. And while it’s difficult to avoid the electioneering, we can be secure in the knowledge that there are researchers applying their knowledge to secure our vote.