Digital rights activists have attacked the UK government over its plan to trial e-voting in the upcoming local elections.
According to the Open Rights Group (ORG), the technology "threatens the integrity of our elections". In a statement issued on Tuesday, the group claimed that e-voting "does not allow for meaningful vote audits and recounts", suggesting that it would make fraud easier to perpetrate.
The government announced on Monday that it would be trialling several forms of e-voting in May's local elections. Although no equivalent of the US' Diebold machines — which have been the subject of several security problems — will be used, methods to be tested include electronic scanning to count ballots and electronic voting using the internet and/or telephone.
"E-voting is a black box," ORG's Jason Kitcat told ZDNet UK on Tuesday, explaining that "you can't see what the software [behind it] is doing" and suggesting that this secrecy was deliberate on the part of the companies selling the software to the government.
The ORG has several concerns regarding e-voting. One is that an absence of paper ballots makes it difficult to track down any voting fraud. Another is that computers are open to "getting a virus or being hacked", Kitcat explained.
"If you want to have people having faith and trust in the results our electoral system creates, you need paper and a box," Kitcat said. "What we've seen in many countries around the world is that, once you have e-voting, people start having doubts about the results."
A key part of the rationale for e-voting is accessibility for those who cannot reach the voting station on polling day. However, Kitcat argued that this could be achieved through "a very careful and well-managed process of postal vote on application", reasoning that even e-voting required elaborate pre-registration, such as the issuing of a smartcard or a PIN-and-password combination.
A spokesperson for the Department of Constitutional Affairs — which is running the trials — told ZDNet UK on Tuesday that the advent of new technologies brought "issues" as well as benefits, but insisted that the system needed to "push on with the process of modernisation".
"We have accomplished a lot in improving the security of our elections and now need to look at ways of improving accessibility and efficiency," the spokesperson explained, while claiming that earlier e-voting trials in the 2003 elections "did not lead to any increase in fraud or undermine the secrecy and security of the poll".
Nonetheless, the government is "seeking to enhance the security for the pilots in May" and has asked authorities and suppliers to use processes based on a "more rigorous combination of passcodes that preclude anyone intercepting paper notifications to steal each other's votes," the spokesperson added.
The trials (and areas in which they will be carried out) include:
- Advance voting (Bedford, Broxbourne, Gateshead, Sunderland, Rushmoor, Shrewsbury, South Bucks, Sheffield and Swindon)
- Electronic scanning technology to count ballot papers (Bedford, Breckland, Dover, South Bucks, Stratford-on-Avon District Council and Warwick District Council)
- Electronic voting using the internet and/or telephone, alongside existing polling stations (Rushmoor, Sheffield, Shrewsbury and Atcham, South Bucks and Swindon)
- Additional central polling stations allowing people to cast their ballot at convenient locations that may be outside their ward (Sheffield, Shrewsbury and Atcham and Swindon)
Talkback
As an IT professional I would certainly never trust an electronic ballot. However, those who believe a paper ballot is secret (as in anonymous) are in fact mistaken. One of the reasons that a paper ballot is safe from fraud is that in the case of allegations of fraud it can be reverse-engineered.
When you go to the polling station, your ballot paper is torn out of a book like a cheque book. The serial number is printed on the ballot paper and on the counterfoil. The official will check your name off the voting list (so that you don't vote twice) and then he will write your voter number on the counterfoil.
After the count, the ballot papers and the counterfoil books are securely and separately stored for a period before being destroyed. During the storage period, if there are any concerns about fraud, then the whole lot could be inspected (it would take a mountain of work) to find out who voted for whom.
If you feel inclined not to believe this, just try writing a terrorist threat on the back of your paper next time you vote; I guarantee the police will be on your doorstep before the count is over. (Caveat: I don't really recommend this - it would be highly irresponsible).
I am also an IT pro, and I quite agree with the above comment.
How about a system where you vote on a screen on a booth and it chucks out a pre-printed voting slip with your vote and your voter number (possibly obscured via another sealed lookup table). You then post it in the ballot box.
In the event of a query, the papers in the box can be counted.
You get the simplicity of the e-voting system, but you still have the ability to do a manual recount.
I've heard of similar systems.
Advantages:
1. You have a real paper trail.
2. The ballots are counted electronically, and the papers only need to be stored for the statutory time - not counted unless there's a dispute.
Disadvantages:
1. The electronic system is still a black box, and it will keep records of the votes that could be reverse-engineered in a matter of moments instead of the work that it takes to "audit" a paper-only ballot. Thus the "secrecy", such as it is, of the vote is more vulnerable to being undone.
2. There's no way of knowing that the votes have been destroyed after a period of time - with the paper ballots you only have one, physical, copy and you can see when it is burned. With an electronic record any number of copies, official or unofficial, could exist. It's Pandora's Box.
3. Setting up (and supporting) all that electronics each time there's a vote. The way we do it now just requires the plywood screens and a few school desks.
> 1. The electronic system is still a black box, and it will
> keep records of the votes that could be reverse-engineered
> in a matter of moments instead of the work that it takes to
> "audit" a paper-only ballot. Thus the "secrecy", such as it is,
> of the vote is more vulnerable to being undone.
I would propose that the machines are little more than dumb terminals with built in printers and simply keep the tally, not the actual votes. That is what the paper is for.
> 2. There's no way of knowing that the votes have been
> destroyed after a period of time - with the paper ballots
> you only have one, physical, copy and you can see when
> it is burned. With an electronic record any number of
> copies, official or unofficial, could exist. It's Pandora's Box.
Not in this case .. see 1) :)
> 3. Setting up (and supporting) all that electronics each
> time there's a vote. The way we do it now just requires
> the plywood screens and a few school desks.
I'll give you that one in spades :)
One of the arguments oft used against remote e-voting is that it opens up vote selling and coercion (taken from the ORG briefing pack : "Elections held using remote voting can be contentious because it is difficult to verify that the voter is who they claim to be. Both anonymity and privacy are compromised because others can watch the elector vote. This opens the door to voter coercion and vote buying.", available from http://www.openrightsgroup.org/wp-content/uploads/org-evoting-briefing-pack-final.pdf)
Yet in this article we see postal voting being advocated by one of the contributors to this document! Can someone please explain to me how postal votes are free from these problems?
All true - but I think Jason was essentially calling postal voting the lesser of two evils. There has to be some way to vote for those who cannot make it to the polling station, for time-related or other reasons, but - if that's the case - there should also be an auditable trail for votes cast, and paper wins out there.
It's a tough one, for sure.
Hi David,
You're correct in that it provides a paper trail, but surely doesn't prevent coercion or vote buying. Any method of voting that isn't conducted within a polling booth is open to these things. Having the paper ballot provides no guarantees about the actual intent of the voter.
... What about people who can't get to the voting booth due to disability, or being out of the country that week, or any other number of good reasons? Is there any way to make voting more inclusive without some risk of manipulation?
Hi again David,
We've got our wires crossed... I'm an advocate of remote e-voting. My angle was that it's not entirely fair to attack remote e-voting on the grounds of vote selling / coercion whilst advocating postal votes. I'd meant to point out that both are equally vulnerable.
Apologies for the confusion.
This exchange has certainly demonstrated the conundrum facing the DCA though, hasn't it?
As we know from a recent election postal votes are far from secure.
It's a matter of scale. The best possible way of voting is in a booth with a piece of paper. Fairness dictates though that there has to be a way that housebound people or those who must be out of the country can vote, and the postal vote is the next best fix. Sadly there is the risk of fraud, but at worst it will be at a low level.
The postal vote shouldn't just be a free-for-all though, and I think that's where it went wrong. Able-bodied people who are in the country should not be allowed a postal vote. The fraud in the recent election involved large numbers of postal votes being collected en-masse from people who could perfectly well have gone out and voted properly.
If e-voting were to be made available to the housebound then I can't see that it would be a problem. The trouble is that instead of this it would be promoted as the new bright hope, and everybody would be encouraged to use it. The scale of coercion would be massive.
I have a postal vote set up permanently now, as I am never sure when I am going to be out of the county for a few days. I did this after missing a couple of ballots in a row at the last minute.
I think we need to finger print and iris scan every man woman and child in the country and come ballot day, line them all up on pain of 5 years in clink, take their scans, make them vote and then lock them up for the rest of the day just to make sure !!
Sorry, lowest form of wit and all that, but really just illustrating the point that it is very difficult to get things 100% secure.
I am of the opinion that it is far more important to make it as easy as is practical and secure for everyone to vote. However, I also think it is far more important to make voting relevant to public again. As it is, they believe that it really doesn't matter if they vote or not as they all just a bunch of lying so-and-sos who are most likely going to do the exact opposite of what they said .. but can't even be relied on to do that. When you have so many votes laying idle, you have far more of a chance of getting away un-noticed, you need to do much less rigging to make it count and you have far more slack to work in.
I believe appathy and corruption are far more of a threat than coersion.
Hi there,
Totally agree with the tracability of ballots, but any eVoting system implemented for wide scale use in the UK would have to meet this requirement as well. Practically it's a moderately difficult problem to solve, but can be done AND be much more secure than the current paper ballots are (where the only limitation to being able to find out how someone voted is having the ballots, the list and eyes!). You might be interested in knowing that ORG would like to remove this requirement to have ballots traced back, even in a paper ballot.
Personally I consider this a step backwards in electoral security and accountability, whilst gaining us very little in terms of privacy.