March 15, 2021
THE FUTURE OF ELECTIONS – DIGITAL IDENTITY AND DIRECT DEMOCRACY
by: Andrijana Kos Kavran

It’s time to vote! 

The moment when the President of the state dissolves the Parliament and sets the date of the parliamentary elections, is considered to be a part of the normal process in the election year. However, when one variable in the “model” of election cannot be kept under control (the so-called external variable or dummy variable), then this can affect the election results. In this case, the external variable is certainly the coronavirus pandemic, which will nail part of the electorate to their own homes. As the second pandemic wave is expected to arise, this inevitably means that the part of the citizens’ votes will be lost, ie that they will not be able to use their democratic right to vote. Democratic voting is an important event in every country, so what can a country can do to eliminate the “dummy variable”?

Give the voters the possibility to vote anywhere in the world – electronic voting

According to the Encyclopaedia Britannica electronic voting is a form of computer-mediated voting in which voters make their selections with the aid of a computer ie a system where the first step of the election process – ballot composition (or choosing) is done with the aid of a computer. There are two different types of electronic voting: i-Voting that uses the internet and e-Voting that does not. 

Few European countries like Switzerland, Estonia and France were the pioneer’s in using the i-Voting system. Switzerland claims to have had the most frequent i-Voting usage with more than 300 referendum votes or elections, from 2003 to 2018. On the other hand Estonia had a user rate of 46,7% in the latest elections in 2019 (http://agendapublica.elpais.com/).

The debate around their usage of i-Voting usually ends with the data security and potential hacking, which can devastate any democracy.

Let’s learn from the best – the case of Estonia

Estonia was the first country in the world to hold a nation-wide elections in 2005. They use i-Voting that simply and conveniently helps to engage people in the governance process by casting their ballots from any internet connected computer anywhere in the world. According to the E-Estonia 44% of Estonians use i-Voting which saved 11,000 working days in the last Estonian elections. (http://e-estonia.com/solutions/e-governance/i-voting/)

How?

Estonians have the pre-voting period, when they can log into the system using an ID-card or Mobile-ID, cast a ballot and vote as many times as they want during the period. Their identity is removed from the ballot before it reaches the National Electoral Commission for counting. That way they ensure anonymity and only the persons who have the right to vote, may vote.  

Another important requirement of i-Voting is the use of digital signature. The voter has to confirm his choice with a legally accepted digital signature. Compliance with the provisions of the Digital Signatures Act ensures the fulfilment of the main security requirement of i-Voting – secure personal identification of voters. The voter must have the possibility to verify whether their i-Vote has arrived safely. This can be done with the help of a separate smart device (like a mobile phone or a tablet). A device different from the computer used for i-Voting should be used for checking the arrival of i-Vote. In this way it is possible to increase the probability of detecting attacks directed against the i-Voting system (primarily against the voter’s computer). (General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia)

Challenges that are (im)possible to solve?

But the picture is not so purple. There are many highly debated issues with electronic voting systems, mostly revolving around security (http://www.csoonline.com/article/3269297/online-voting-is-impossible-to-secure-so-why-are-some-governments-using-it.html). Many might even say that it is impossible to make sure that we have credible and objective electronic elections because of these security issues.

These security issues mostly fit in the following 5 categories:

  1. Identity – is the person casting the vote truly the person that has the right to vote?
  2. Anonymity – how can a person be sure that no one can retroactively figure out how he/she voted? 
  3. Motivation – does the person really want to vote, or is he/she unaware of what he/she is doing?
  4. Vote authenticity – once votes are casted; how can we be sure that they are not later altered by hackers?
  5. Technical security – did we cover the technical security, or are there some flaws which hackers could use?

For a long time, it has been argued that some of these issues are impossible to solve within electronic voting systems. But the technology is changing and the time has come to re-assess the viability of i-voting.

Verifying identity can now be solved with high-confidence machine learning algorithms applied to ID document and person (biometric) verification – they can make a mistake once in every 13 million identity verifications and are getting even better at it. Remember the person checking your ID card when you go to vote? What do you think, when she looks at you to make sure you are the same person as on the ID card you gave her – will she make a mistake more or less often than once in 13 million tries?

Preserving anonymity, while at the same time disabling double-voting, is also a non-issue – it is solved by some clever cryptography/hashing applied at the right points of the identification system and the voting system. Essentially, once the system is sure that the identity of the voter is verified and legitimate – it does not need to know who the person is – instead, it just needs to know that the person has the right to vote (once). Selective disclosure at its finest.

Verifying motivation is something that is actually overlooked by most experts, and it is ironically probably the most important challenge we should focus on. When a person physically visits a voting place, gives her ID card, gets a ballot, chooses her option with a pen, closes the ballot and puts it in a ballot box, it is both physically and psychologically a process that discourages ill-motivated organizations to “trick” (i.e. elderly) people to vote while now knowing what they are doing (that being said, it is well known in our country that some political parties organize and pay for buses and food and “extra costs” which transport “their” voters to the voting places). So, how do we make sure that a nice old lady knows that she is actually voting through her smartphone – or in other words – how do we disable some ill-motivated individual to just stick a mobile camera in front of her face and trick her to “tap here”. However, there are credible solutions for this issue as well – the physical voter check-in can be replaced with a “virtual check-in”, where an agent (human, AI, or a combination) makes sure that the person is aware that this is a voting process, and that the person is in no way influenced by external ill-motivated factors.

Preserving authenticity of already casted votes (so that the hackers don’t change them) is also a non-issue – it is solved by blockchain technology. One of main features of blockchain is the immutability of the blockchain records.

Technical security is actually a matter of applying all the proper methods of IT security discipline. Most of security vulnerabilities found in existing voting systems were there because someone overlooked some security issue. In general, voting systems should be open-sourced, created under security-by-design principles and scrutinized by public, and by no means “black boxes” engineered under security-by-obscurity principles.

Voting has been known from around year 139 BC in Roman Republic, and it is a foundation of modern societies and democracy. So, it is understandable that there is a huge amount of scepticism around the idea of digitalizing it, both from the citizens and the governments point of view. However – once all the technical concerns are resolved – the only thing remaining is the fear of change. This should not come to the expense of new generations which are not afraid of change and are willing to accept i-Voting.