What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.
What are the issues? Well only people that are entitled to vote should be able to vote. The voter needs to be sure that their vote is cast and counted correctly. Votes need to be anonymous but verifiable. And the individual voter should not be able to verify their specific vote, otherwise that would allow people to sell their votes or be otherwise coerced. One of the reason you go into a booth at the polling station is that it ensures that you acting independently and are able to vote without a gun to your head.
Voting systems need to provide both integrity and secrecy, and do so in a manner that is resistant to the resource of state level actors. It’s a tall order.
The challenge of building such a system reminds me of this well-known diagram:
It says that when building a system you cannot have security, privacy and convenience. Somewhere there has to be a trade-off. An equivalent triangle for internet voting would be something like this:
We know how to build systems that have strong integrity and good usability. Look at the payment systems we use every day. Banks however, as the IET paper points out, have very low secrecy requirements. Sure transactions are kept confidential but they are not secret – authorised bank employees for example may be allowed to see transactions in order to assist customers.
We also know how to build systems that have strong integrity and secrecy. Some of the identity systems we have been involved in employ cryptographic blinding so that only the customer can see the data. In these systems, the service provider has no access to the customer data, so in that sense you can consider them to be providing secrecy. Making such a system usable, especially when you need to provide customer service, is challenging.
So an internet voting system needs to deliver all three. Is this possible? Well certainly the IET seems to think so but recognises that more work is needed, which is why it was good to see two solutions being trialled as part of the US elections. And this is not just about internet voting for the sake of it. Personally, I want to go to a polling station to place my vote. It reinforces my sense of responsibility and community. But there are people who cannot vote this way – people who cannot get to a polling station, do not have a fixed address, or need to rely on others to assist them in voting – and it is for them, that we need to keep working on this problem.