Is Aotearoa ready for online voting?
Would more people take part in the democratic process if voting went online? The University of Auckland's Rizwan Asghar discusses whether it's time NZ embraced online voting.
A fair election is the cornerstone of democracy, that formal decision-making process by which citizens choose a representative to hold public office.
But the numbers of people choosing to take part in that process and use their vote is dropping significantly, and low voter turnout has become a regular feature of many elections - national and local.
It is suggested one of the reasons behind this decrease is reliance on the traditional method of using the post for casting votes. The question then arises - would more people take part in the democratic process if voting went online?
Voting via the internet would certainly be simple and convenient. You could open a browser or a smartphone app and cast your vote with a few clicks. It could increase turnout because a vote could be cast easily, at any time, from anywhere. It would be faster, more accessible, accurate and election results would be instant. Moreover, there would be no ballot errors or spoiled ballots, which would make elections less expensive in the long run.
Estonia is one country which is already using online voting, including for parliamentary elections since 2005. Several countries have used online voting systems for regional elections, for example, the US, Canada, Switzerland, and Australia. Other countries, including the Netherlands, UK, France, Spain, and Norway, have piloted online voting but it has been discontinued or never used.
Of course, the system has complications. As with all election processes, online voting requires complete integrity to protect against election fraud and that poses a particular challenge: On the one hand, votes must be ‘seen’ online so they can be verified and tallied by a voting server. But on the other hand, the system must ensure user privacy.
To achieve these two contradicting goals, there are cryptographic schemes that enable vote tallying and also preserve user privacy. Basically, each voter encrypts their own vote and uses a public but anonymous bulletin board to see their vote being cast. Once voting is complete, homomorphic encryption (a particular type of encryption used to protect privacy) is used to add up all the votes and the final total decrypted to release the final result.
There are mathematical proofs that these online cryptographic schemes are secure, but a voter’s device might not be, in particular when there is dedicated malware that can change the vote without the voter’s knowledge. There is an issue to blindly trusting voters’ devices because they could be vulnerable. An attacker could use phishing or other social engineering attacks to inject malware and change the vote. Even worse, instead of targeting individual voters, state-sponsored attackers could attack voting servers. Recent attack reports demonstrate that these voting servers are an attractive target for state-sponsored attackers. One possibility is attackers can launch Denial of Service (DoS) or Distributed DoS (DDoS) attacks to make the voting server unavailable for voters.
Despite these concerns and vulnerabilities, it might be argued that online shopping and online banking are considered to be safe, so why can’t online voting be made safe too. Essentially, even though there may seem to be similarities between the systems required for these applications, there are important differences too.
For instance, online banking is built into the economic model, where victims of credit card frauds can be reimbursed by bank insurance – but there is no way to ‘reimburse’ someone cheated of their vote. Second, it would be relatively easier to ‘sell’ online votes, say by sharing login details, but it is unlikely anyone would sell their banking details. Third, banking systems can maintain detailed history logs to identify possible intrusions based on past user interactions; such logs would be missing altogether in online voting systems. Last but not least, online banking is not the only choice for citizens, but online voting might be if governments choose to no longer use polling booths.
One argument in favour of introducing online voting that could arise is around the attitude that if Estonia has rolled out online voting, any country can implement it. Actually, this might not be completely true. Estonia is a more tech-oriented country than New Zealand and has a very small population, just slightly over one-third of New Zealand, so scalability might be an issue for other larger countries.
There have been reports on vulnerabilities around voter devices and voting servers, but we have to assume there are likely to be unique challenges for any country new to online voting. Estonia has made the source code public so trust in its online voting system can be fostered and potential vulnerabilities can be minimised. It has mitigated the issue of digital divide by launching an internet and computer training programme for voters. And to combat situations where a voter may have been coerced to vote, the individual can go back and change their vote and even vote in person on election day.
Clearly, there are numerous challenges that must be overcome before online voting can be considered a genuine option in New Zealand - and we can learn a lot from Estonia. But it is an option that we should be giving serious consideration especially if it helps get people involved and eases voter apathy. Interdisciplinary research should be supported to investigate all the various aspects of online voting, including computer security and privacy, psychology and social elements, law and economics. Only then can we make an informed decision about online voting and if it would work for New Zealand, appeal to more voters and therefore strength our democratic system.