As technology advances, previously analogue processes become increasingly digitized – in some countries, this even extends to the democratic foundation of voting. Estonia is the clear leader in digitizing democracy, though many other nations are wary of the risks. Without getting too bogged down in whether or not electronic voting is a smart decision, it is safe to say that any electronic system transmitting information over the internet has inherent security risks.
In the case of voting, it is paramount the process be secure lest the final result be called in to question, potentially destabilizing an entire nation.
Chaos Computer Club’s (CCC) recent analysis of Germany’s PC-Wahl 10 voting software underscores this concern. PC-Wahl is used to collect and tally parliamentary votes from polling stations throughout the country. The system is supposed to work like this: a voter walks into a polling booth and submits their vote into a machine running PC-Wahl 10, which then transfers the data to a server for analysis. While this seems simple enough, because the machines require an internet connection to operate, there is room for remote interference. According to CCC, they were able to breach PC-Wahl software in not just one, but three different ways, using attacks they described as “trivial.”
“Elementary principles of IT-security were not heeded to. The amount of vulnerabilities and their severity exceeded our worst expectations,” said Linus Neumann, a member CCC.
According to CCC, the package had “a whole chain of serious flaws.” Their three attacks targeted an update server, the software, and the election results themselves. This means an attacker could edit the tallied data, and submit essentially anything to the server for tallying – all without physical access. CCC also found a complete takeover of the software was “quite feasible,” and due to the simplicity of the security vulnerabilities, almost anyone could conduct these attacks.
Many governments have resisted calls to digitize voting, and based upon CCC’s analysis, the hesitation seems prudent. On the other side of the fence, Estonia has successfully held electronic elections since 2005 and is the clear trailblazer in such technology.
Whereas Germany’s system still requires voters attend a polling booth, Estonians can vote from home. Estonia’s system is secured by establishing a robust digital identity for every citizen – not just for voting, but for identification, banking and tax purposes. This is buttressed by a two-factor system where one device is required to cast a vote, and a second device must be used to check the vote has been received.
Perhaps counterintuitively, more than 40 per cent of e-votes in Estonia’s recent elections have been cast by those over 45, suggesting the digital form enjoys broad support beyond just millennials. The idea behind Estonia’s embrace of e-voting is simple – make voting easier, and more people will vote.
While the concept still makes many government nervous, new technologies such as blockchain could pave the way for the next evolution in e-voting. Blockchain technology aims to remove the largest security risk in e-voting – the centralized repository of votes. If someone were to gain access to this centralized server, the risks are enormous. Nullifying this single point of failure makes the whole process infinitely more secure.
Given the relatively early stage of the technology, it will be some time before voting systems built on blockchain gain widespread adoption. In the meantime, the National Institute of Standards and Technology (NIST) recently released a draft Voluntary Voting Systems Guideline 2.0 to help states develop robust e-voting practices. While it was written with the US in mind, in light of nation state targeting of electoral systems, the draft guideline includes globally applicable concepts to mitigate against stolen credentials and more direct network-based attacks. The guidelines also outline various measures to ensure equal, transparent and auditable access for eligible voters.
As the PC-Wahl 10 analysis shows there are still real, valid concerns surrounding e-voting. Estonia’s example displays a clear way forward for the future of voting, as does the potential to incorporate blockchain technology to further increase security.
Ultimately, voters need confidence in the elections in which they participate, and their participation is the key to a functional, healthy democracy. While security risks can undermine democracy, the resulting voter disenchantment from an insecure system is perhaps the greatest risk of all.