Category: Internet voting

Internet voting doesn’t increase turnout in Estonian elections

Estonia offers Internet voting for advance voting only.  The majority of Estonians vote in person, on paper, on election day.

One of the persistent myths about Internet voting is that it must increase turnout.  It doesn’t.

Estonia has been offering Internet voting since its 2005 Local elections.

Turnout has declined in the last two local elections:

2009: 60.6%
2013: 58.0%
2017: 53.3%

Turnout declined in the last Parliamentary election:

2015: 64.2%
2019: 63.7%

Also note that less than 30% of ELIGIBLE voters chose to use Internet voting for the Parliamentary election.  The exact numbers are 28.1% of ELIGIBLE voters using Internet voting.  That is an absolute number of 247,232 Internet voters.  The total number of votes cast in Estonia using Internet and paper was 565,037.

Canada has higher turnout than Estonia

For comparison purposes, in Canada’s all-paper, hand-counted Parliamentary election in 2015, the turnout was higher than in Estonia in 2015.  Canada’s turnout was 68.3%.  The total number of votes cast in Canada was 17,711,983.

Data from:

Previously:
October 15, 2017  Estonian municipal council elections 2017 – Kohalikud valimised 2017
September 5, 2017  Estonian ID card vulnerability and [2017] election
December 12, 2016  Online voting doesn’t increase turnout
July 8, 2016  Estonian Internet voting and turnout myths
March 8, 2011 Estonian vote-counting system fails

Internet voting doesn’t increase turnout and isn’t reliable

The claims made for Internet voting include:

  • it will increase overall turnout
  • it will increase youth turnout
  • it will be more efficient and reliable than paper-based, human-counted elections

And here is the reality:

  • it doesn’t increase overall turnout
  • it doesn’t increase youth turnout, and in fact young people cast the fewest votes using Internet voting
  • it crashes

That is to say, Internet voting doesn’t even have the benefits claimed for it, setting aside the fact that even if it did, it would be a terrible idea from a security and election transparency perspective.

I don’t have the ability to go through every single one of the hundreds of 2018 Municipal Election reports from the hundreds of (mostly tiny) municipalities in Ontario that used Internet voting, many of them offering only Internet voting (no paper option at all).  But I can give as an example Hanover, Ontario, with 5,411 eligible voters.

Report CAO-05-19 – 2018 Post Election & Accessibility Report, pp. 113-125 of February 4, 2019 Committee of the Whole.pdf

Key sections:

Turnout

The final voters’ list was comprised of 5,411 eligible electors with 2,632 or 48.64% voting. This represented a decline from 56.39% in 2014

Voter turnout was markedly lower among those aged 35 or younger than with those aged 55 or older. Turnout was highest among those aged 60 and over, consistently bettering 60% for both men and women. However, turnout was lowest among those under the age of 35.

Voting Outage and State of Emergency

Due to technical issues in the closing hours of the election, the clerk declared an emergency under section 53 of the Act. Under the circumstances, the decision was made to extend the voting period by 24 hours with the polls officially closing at 8:00 pm on October 23, 2018. 49 municipalities, all clients of Dominion Voting Systems (DVS), were affected by the same technical problem and extended their voting period.

I find it remarkable that given that Internet voting delivers on none of its supposed turnout benefits, and fails in ways that paper elections can’t, Ontario municipalities still plan to use it for the next election.

These results about turnout aren’t new – you can see many other examples in my blog post Online voting doesn’t increase turnout.

I have also extracted Grey County 2018 Municipal Election Turnout, which gives a sense not only of the size of the municipalities involved, but also shows that none of them exceeded 50% turnout.

Grey County 2018 Municipal Election Turnout

In order to give an overall sense of the election, I include 2018 Municipal Elections Post-Election Summary by Municipal Service Office (MSO) – there are five regional MSOs.  It shows a more complicated turnout picture, but basically the conclusion is that Internet voting doesn’t bring dramatic turnout improvements.

2018 Municipal Elections Post-Election Summary by MSO JPEG 300

New South Wales Australia invites Internet voting source code review under restrictive conditions

Here’s the good news:

The NSW Electoral Commissioner is inviting requests from individuals who have a private or academic interest and expertise in electronic voting, or a related field, to review aspects of the iVote system source code prior to the NSW State election in March 2019.

and here’s the fine print which turns this into an extremely restricted, private review of secret code:

The following conditions will also apply to any application made, or access granted, to review the iVote voting system source code:

  • The iVote Voting System source code supplied to the NSW Electoral Commissioner by [for-profit Internet voting company] will only be available for review by an individual on the NSW Electoral Roll or the Australian Electoral Roll.

  • The details of each review application received by the Commissioner will be shared with [for-profit Internet voting company], and may also be shared with third parties to enable the Commissioner to establish the identity and expertise of an applicant.

  • The Commissioner may request the applicant to provide additional material in support of their application.

  • Any successful applicant will be required to sign a Deed of Confidentiality and Privacy with both the NSW Electoral Commission and with [for-profit Internet voting company] before accessing any components of the source code for review.

  • The Commissioner and [for-profit Internet voting company] reserve the right to refuse any application, including (without limitation) where an applicant works for a competitor of [for-profit Internet voting company], where an applicant is unable to demonstrate to the satisfaction of the Commissioner sufficient expertise in electronic voting or a related field, or where the Commissioner considers it is not in the public interest to grant access in a particular case or in general.

So just to summarize what this is not:

  • This is not open source or public source code.
  • This is not an independent review.  The reviewers must be known to [for-profit Internet voting company] and must be approved by them.
  • This is not a global review – you must be from Australia.
  • There will be no independent reporting on the results of the review.  The Deed of Confidentiality and Privacy will almost certainly ensure that any and all results are held in secret by the NSW Electoral Commission and [for-profit Internet voting company] and that any reporting will be through their approved and almost certainly anodyne press releases.

Basically they’re asking you to do a code review (probably for free) out of some sense of public duty.  And you only get to do the review if they decide you’re “worthy”, under criteria that they control.  And the results of your review will be secret.  While this is a good PR exercise for them, and certainly more-secure code is better than less-secure code, almost all the benefits accrue to [for-profit Internet voting company].

Securing the Vote – US National Academies 2018 consensus report

The US National Academies of Sciences, Engineering and Medicine (NASEM) uses a comprehensive study process http://www.nationalacademies.org/studyprocess/ to ensure high standards of scientific and technical quality.

On September 6, 2018 they released their 2018 consensus report

Securing the Vote: Protecting American Democracy

The report is available to download as a PDF (login isn’t required, you can download as a guest) and is also posted to read online.  (See blog note 1 for the definition of a consensus report.)

The key conclusions highlighted in the introduction to the release are:

All U.S. Elections Should Use Paper Ballots by 2020 …; Internet Voting Should Not Be Used at This Time

Emphasis (bolding) above mine.

Ensuring the Integrity of Elections

Chapter 5: Ensuring the Integrity of Elections contains many sections relevant to voting technology.  Below are selected extracts only; please read the entire chapter for the full details.

Malware (pp. 86-87)

Malware can be introduced at any point in the electronic path of a vote—from the software behind the vote-casting interface to the software tabulating votes—to prevent a voter’s vote from being recorded as intended.

Maintaining Voter Anonymity (pp. 87-88)

With remote voting—voting outside of publicly monitored poll sites—it may not be difficult to compromise voter privacy. When voting, for example, by mail, fax, or via the Internet, individuals can be coerced or paid to vote for particular candidates outside the oversight of election administrators.

Election Cybersecurity

Election Cybersecurity (pp. 88-93)

Vulnerabilities arise because of the complexity of modern information technology (IT) systems and human fallibility in making judgments about what actions are safe or unsafe from a cybersecurity perspective. Moreover, cybersecurity is a never-ending challenge. It is unlikely that permanent protections against cyber threats will be developed in the near future given that cybersecurity threats evolve and that adversaries continually adopt new techniques to compromise systems or overcome defenses.

Election Cybersecurity: Cybersecurity and Vote Tabulation (p. 91)

Because there is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats, one must adopt methods that can assure the accuracy of the election outcome without relying on the hardware and software used to conduct the election. Uniform adoption of auditing best practices does not prevent tampering with the results collected and tabulated by computers. It can allow such tampering to be detected and often corrected.

I would clarify that it can only allow such tampering to be detected if there are paper ballots to audit.

Election Cybersecurity: Factors that Exacerbate Cybersecurity Concerns (p. 92)

Changing threat. Traditionally, the goal has been to secure against election fraud by corrupt candidates or their supporters who may attempt to favor a particular candidate by altering or destroying votes or tampering with the vote tally. The 2016 election vividly illustrated that hostile state actors can also pose a threat. These actors often possess more sophisticated capabilities and can apply greater resources to the conduct of such operations. Moreover, they may have other goals than shifting the outcome for a particular candidate.

Specifically they may be seeking to undermine confidence in the election process and systems, which is a different kind of attack than changing an outcome.  Any kind of visible or detectable interference such as defacing websites, Distributed Denial of Service (DDoS), or disclosure of information from within voting systems may achieve the goal of undermining confidence.

Election Cybersecurity: [Consensus] Findings (p. 92-93)

There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.

In comparison with other sectors (e.g., banking), the election sector is not following best security practices with regard to cybersecurity.

Even if best practices are applied, systems will not be completely secure.

Foreign state–sponsored attacks present a challenge for even the most responsible and well-resourced jurisdictions. Small, under-resourced jurisdictions are at serious risk.

Better cybersecurity is not a substitute for effective auditing.

I will highlight just one item from the review of End-to-end-verifiability, and I want to make it clear it is a conclusion about voting technology, not about end-to-end verifiability

Complicated and technology-dependent voting systems increase the risk of (and opportunity for) malicious manipulation.

Internet Voting

Internet Voting is covered on pages 101 to 106, including specific examination of Blockchains from pages 103 to 105.  Below are selected extracts only; please read the entire section in the document for the full details.

Internet Voting (pp. 101-106)

Insecure Internet voting is possible now, but the risks currently associated with Internet voting are more significant than the benefits. Secure Internet voting will likely not be feasible in the near future.

Emphasis (bolding) above mine.

Internet Voting: Blockchains (pp. 103-105)

blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities. In particular, if malware on a voter’s device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration.

Internet Voting: [Consensus] Findings (p. 106)

The Internet is not currently a suitable medium for the transmission of marked ballots, as Internet-based voting systems in which votes are cast on remote computers or other electronic devices and submitted electronically cannot be made adequately secure today.

The use of blockchains in an election scenario would do little to address the major security requirements of voting, such as voter verifiability. … In the particular case of Internet voting, blockchain methods do not redress the security issues associated with Internet voting.

Internet Voting: Recommendations (p. 106)

5.11 At the present time, the Internet (or any network connected to the Internet) should not be used for the return of marked ballots.35,36 Further, Internet voting should not be used in the future until and unless very robust guarantees of security and verifiability are developed and in place…

35 Inclusive of transmission via email or fax or via phone lines.

36 The Internet is an acceptable medium for the transmission of unmarked ballots to voters so long as voter privacy is maintained and the integrity of the received ballot is protected.

[1] Note: The NASEM defines a consensus report as follows

Consensus Study Report: Consensus Study Reports published by the National Academies of Sciences, Engineering, and Medicine document the evidence-based consensus on the study’s statement of task by an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and the committee’s deliberations. Each report has been subjected to a rigorous and independent peer-review process and it represents the position of the National Academies on the statement of task.

[2] The report may be cited as e.g.

National Academies of Sciences, Engineering, and Medicine. 2018. Securing the Vote: Protecting American Democracy. Washington, DC: The National Academies Press. doi:10.17226/25120

UK 2005 Securing the Vote report and 2007 e-voting trials

Nothing remains of the May 2005 Securing the Vote report on the UK Electoral Commission site.  There used to be a page Securing the vote – detailed proposals for electoral change announced but it is now gone.

The only location where a copy could be found was in a document repository from The Guardian newspaper: http://image.guardian.co.uk/sys-files/Politics/documents/2005/05/20/eleccommission.pdf

The UK did extensive reporting on the 2007 pilots, the website was http://www.electoralcommission.org.uk/elections/pilots/May2007 but it is no longer online. There is a copy in the Internet Archive.

Although there is no longer an organising page on the Electoral Commission page, some of the reports from 2007 are still available from them, as well as being copied in the Internet Archive.

There are two considerations to highlight from the UK Electronic Voting Summary:

  • New voting methods should be rolled out only once their security and reliability have been fully tested and proven and they can command wide public confidence.
  • The necessary costs for secure and reliable systems must be able to be reasonably met by the public purse.

I will highlight only one item from the Technical Assessments of the e-voting Pilots, item 3.4.4 from Assessment of the pilot process – Quality management:

While there were variations between the different pilots, in all cases the quality and testing arrangements appeared to be inadequate. It is difficult to tell whether this was purely because of lack of time, or whether some of the suppliers were not used to implementing effective quality processes. Significant quality management failings include:
a. Lack of detailed design documentation;
b. Lack of evidence of design or code reviews or other mechanisms for ensuring that the solutions operate correctly and do not include deliberate or accidental security flaws;
c. Lack of evidence of effective configuration management.

This kind of haphazard voting software development has been shockingly common, e.g. for US voting machines as well.

Note: The preceding is extracted from previous blog post Province of Ontario Internet voting.

2018 Ontario Provincial Election will not use Internet Voting

Following is verbatim from Elections Ontario Proposal for a technology-enabled staffing model for Ontario Provincial Elections (PDF), page 10 “Why are we not proposing internet voting?”, published sometime in 2016 or 2017.  (Also available from the Legislative Assembly of Ontario Library.)

Recognizing that many of the societal changes we have discussed have been possible because of the evolution of the internet, the questions often posed is: why, when other jurisdictions (such as Ontario municipalities) are moving toward internet voting, is Elections Ontario not exploring or proposing an internet voting solution?

Elections Ontario explored the possibility of internet voting in a comprehensive research study conducted between 2010 and 2012. Recommendations and the full analysis of the study can be found in the Alternative Voting Technologies Report available on our website. In the report Elections Ontario provides implementation criteria for networked voting, and outlines the current barriers to those criteria being met. To date, Elections Ontario has not found a networked voting solution that would protect the integrity of the electoral process.

Because of the requirement for a paper ballot, for the purposes of this pilot project the introduction of internet voting does not address our primary concern: reducing staffing requirements for a General Election. To reduce the staffing requirements for a General Election a solution that maintained a paper ballot while automating processes at the voting location was required. Internet voting may provide another channel for electors to use in the future; however, it would not itself reduce the required staff at voting locations.

Internet voting is often considered in the context of increasing voter turnout. As mentioned in the Alternative Voting Technologies Report there is no conclusive evidence that internet voting will have a positive impact on turnout. More recently, the Internet Voting Project published a report[1] on the 2014 Ontario Municipal Elections that supports this assessment that there is not a correlation between internet voting and increased turnout.

[1] Internet voting project report: results from the 2014 Ontario Municipal Elections.  [Editor’s note: It’s not completely clear which report they are referring to, but probably Internet Voting Project Report August 2016 which states on page 65 “despite comments about observed improvements in turnout, this study, and other research, clearly indicates that Internet voting is not the magic bullet solution to improve voter participation or to engage young people”.]

The Alternative Voting Technologies Report mentioned is available in two parts:

I have also written extensively about the Elections Ontario Alternative Voting Technologies Report in blog post Province of Ontario Internet voting.