By Clara H. Suong
With the onset of the pandemic, several countries and local governments, including state governments in the U.S., are considering or have adopted online voting, also known as remote voting or Internet-voting. Some countries, such as Estonia, have fully embraced I-voting as a regular mode of voting. Moreover, many governments have already adopted tools of electronic voting, such as electronic---usually paperless---voting machines, in their process of election administration. Experts estimate that up to 12 percent of voters will vote on paperless equipment in the 2020 U.S. elections.
This post will discuss what electronic voting is as well as the benefits, vulnerabilities, and viability of electronic voting.
1) What is electronic voting?
Electronic voting (e-voting) can refer to either: remote electronic voting---or internet voting (i-voting)---that can be defined as “a voting method that allows voters to cast their vote remotely over the Internet” (Germann and Serdült 2017, 1); or ``[e]-voting that is physically supervised by some authority— such as the use of direct recording electronic (DRE) machines at polling stations” (Gibson et al. 2016, 280). The latter also includes e-tabulation, which “indicates whether or not official election results were processed by an electronic tabulation system (Haque and Carroll 2020, 133).
In other words, electronic voting can range from limited to full adoption of ICT (information and communication technology) in the election administration process; it can be simply using computers to tally the votes, using electronic voting machines on which voters cast their votes via their touch screens, or establishing technology-enabled systems to remotely identify voters, allow them to vote over the internet---with blockchain technology for example (Hjálmarsson et al. 2018), and record and tally the votes online.
Some scholars have also noted the importance of ICT prior to voter registration and voting, noting its crucial role in e-government initiatives in election administration, such as “Internet-based platforms for electoral information dissemination and communication with voters” (Garnett 2020, 402).
In “traditional” e-voting with DREs (“the ATM version of the ballot box” according to Moynihan 2004), ICT is mainly utilized in three stages of election administration---pre-election preparation, voting, and election result processing.
For example, a poll worker loads on a DRE a “ballot definition file” which defines the list of candidates and the setting of the DRE via a USB drive. When voters arrive at the polling station, they are given a single-use token on a smartcard from the poll workers. The voter then inserts the card into the DRE and case their vote for the candidate of their choice using a touch-sensitive screen or parallel button. The vote is stored on the disk of the DRE and the voter token is canceled. The stored votes are then tabulated by the DRE and reported to a central counting station (Moynihan 2004, 516-7).
2) Pros of E-Voting
Ideally, a secure e-voting system would ensure each vote’s confidentiality, integrity, availability, and usability. It would protect ballot secrecy. It would ensure that every voter’s choice is counted once and no voter’s choice is changed. It would render all those with voting rights the ability to cast a vote. It would be easy for the voter to vote and easy for election management bodies to count the votes cast.
In the U.S., DREs were widely adopted as an alternative to punch-card paper ballots after the so-called butterfly ballot fiasco in Florida during the 2000 presidential election.
The Help America Vote Act, passed in 2002, provided federal funding to replace punch-card technology. DREs were adopted widely by state election authorities as the DREs “promised to record each vote perfectly and instantly, doing away with the slow and potentially subjective recounts featuring pregnant, dimpled, or hanging chads.” (Moynihan 2004, 517).
3) E-Voting’s Vulnerabilities and Viability
Vulnerabilities in e-voting, even when implemented on traditional DREs, abound. In principle, a poll worker may pose a threat. An attacker posing as a poll worker may be able to load an intentionally inaccurate ballot definition file. Alternatively, he can install a malware on the electronic voting machines, for example, viruses that can redefine “Candidate A” as “Candidate B.” These attacks are possible unless the ballot definition files are authenticated.
Hypothetically, a voter can also be a threat to the security of electronic voting systems. For example, voters could attempt to generate their own tokens or (multiple) smartcards, and vote more than once. This would be feasible if the smartcards are not authenticated.
Additionally, there could be vulnerabilities in the software used on DREs. It can be problematic if the tabulated votes are sent to the central counting station unencrypted. Unencrypted data could reveal who voted for whom and can provide an opportunity to re-write it, which could potentially change the election outcome. Even if the data is encrypted, it can be problematic if all the machines share the same encryption key; this would expose all the machines if one is infiltrated. Unless there is a perfect mechanism for end-to-end verification that a vote was counted, software on the electronic voting machines is potentially vulnerable to attacks.
In general, experts have different views about the viability of non-remote e-voting and remote e-voting. They agree that non-remote e-voting, such as the DREs, is viable, provided that the electronic voting machines “support some form of voter verified printed audit trail (VVPAT), with a risk-limiting audit or manual recount” (Gibson et al. 2016, 280). For example, a DRE that also prints out paper ballots will provide a means for recovering lost ballots and recounting the votes. They also help voters vote accurately by providing them an opportunity to check the paper ballots and verify that their intent is correctly reflected. However, VVPAT is only a partial solution; it does not address voter privacy concerns or prevent attacks such as ballot stuffing (Kohno et al. 2004).
However, they tend to remain skeptical about the viability of remote e-voting. Scholars have noted that in remote e-voting “it is not yet clear whether a universally acceptable solution exists” (Gibson et al. 2016, 281). The Cybersecurity and Infrastructure Security Agency (CISA), the Election Assistance Commission (EAC), the Federal Bureau of Investigation (FBI), and the National Institute of Standards and Technology (NIST) have also noted electronic transmission of the voted ballot as “high risk”, quoted the statement by the National Academies of Science, Engineering, and Medicine that “[w]e do not, at present, have the technology to offer a secure method to support internet voting.”