Tag: Estonia

Estonian Parliamentary Elections 2019 – ODIHR Election Expert Team Final Report – Internet Voting

The Office for Democratic Institutions and Human Rights (ODIHR) is a division of the Organization for Security and Co-operation in Europe.  The ODIHR has produced a report on the 3 March 2019 Estonian Parliamentary Elections.

ODIHR Election Expert Team Final Report – Estonia – Parliamentary Elections 3 March 2019 (PDF)

The ODIHR reviews a wide range of election conduct against international standards.  I will only extract selected parts of their report from section VII. Internet voting.  Numerous issues were identified.

In extracts below, EET = Election Expert Team and SEO = Estonian State Electoral Office.

Internal Attacks

the detection and prevention of internal attacks has been largely omitted. A review of operational and technical frameworks by the ODIHR EET indicates that an internal attacker with privileged access to digital ballots could break the vote secrecy of any voter who published an image of the QR code online, even after the expiry of the code’s validity. This contradicts national legislation and international standards pertaining to vote secrecy.21

RECOMMENDATION: The SEO could develop strategies to mitigate the risk of internal attacks, conduct third-party risk assessments, and publish any findings and audit reports well ahead of the next elections.

21 See Article 1(2) of the Election Act. Paragraph 7.4 of the OSCE Copenhagen Document requires that votes are cast by secret ballot or by equivalent free voting procedure. Paragraph 19 of the Council of Europe Committee of Ministers Recommendation CM/Rec(2017)5 on standards for e-voting requires that “E-voting shall be organized in such a way as to ensure that the secrecy of the vote is respected at all stages of the voting procedure”.

above from page 8 of the report

Software Errors May Cause Election Errors

The Internet voting system is not software independent, meaning that software errors in its components, such as the key generation system or the processor, may cause undetected errors in the election results. Considering publicly available records the system has undergone quality control activities but, contrary to international good practice, no reports were published on the SEO’s website, while updates to the source code were made as recently as three days before election day and well after Internet voting commenced.22

In addition, a limited source code review of the system by the ODIHR EET indicated issues regarding the treatment of concurrency, error handling, and error reporting.

RECOMMENDATION: The SEO could integrate quality assurance activities into the maintenance schedule of the voting solution and publish the security rationale and all quality assurance results, including design review, security analysis, and penetration testing results.

22 Paragraph 42 of the Recommendation CM/Rec(2017)5 on standards for e-voting states that “Before any e-election takes place, the electoral management body shall satisfy itself that the e-voting system is genuine and operates correctly.”

above from page 8 of report

External Auditors Did Not Audit All Operations

A team of external auditors was dispatched to assist the SEO with establishing vote secrecy during the computation of preliminary Internet voting results and the integrity of final Internet voting results by verifying the correctness of the cryptographic shuffle and decryption proofs. The team did not audit other critical operations, most notably the correct transmission of the final aggregation of the decrypted Internet votes.23

RECOMMENDATION: The SEO could strengthen its auditing process by developing a complete strategy and requiring auditors to implement critical auditing tools independently and from scratch.

23 Software independence requires that other operations are also independently audited, such as digital signature checking of all e-votes, removal of all duplicate and other ineligible votes from the digital ballot box, revocation, and anonymization. Paragraph 39 of the Recommendation CM/Rec(2017)5 on standards for e-voting states that “the audit system shall be open and comprehensive, and actively report on potential issues and threats.”

above from page 9

Technical Specifications Need Improvement

some key properties are not precisely formulated and left open to interpretation by the SEO and the vendor tasked to implement the Internet voting system, including minimal acceptable levels of cryptographic strength, and accountability and verifiability requirements. This may negatively impact the system’s overall performance and future innovation. The specifications also lack information about timelines and milestones for software development and deployment, and quality assurance.25

RECOMMENDATION: The technological specifications accompanying the legal framework could define acceptable voting systems in more general terms, but include additional requirements related to cryptographic strength, quality assurance, software development and deployment, as well as accountability and verifiability.

25 The Supreme Court considered two post-election appeals against NEC decisions related to Internet voting. While appeals were rejected, the Court recognized the need for more clear procedures and called for a legal clarification of rules on the implementation of Internet voting, in particular regarding counting and mixing of electronic ballots.

above from page 9

Online voting and turnout in the 2019 European Parliamentary elections

I am grateful to Estonia for publishing detailed turnout statistics online on its official government elections website, in Estonian and English.

The 2019 European Parliament elections have completed.  Estonia was the only country to offer online voting.  There were seven days of online voting available during the advance voting period in Estonia, from May 16 to May 22 inclusive.

The turnout (percentage of eligible voters) for online voting was 17.6%.

Over 80% of eligible Estonian voters chose not to vote online.

The total turnout was 37.6%.

The majority of Estonian voters chose to vote on paper.

Estonian turnout increased 1.1%.  But provisional overall European turnout increased over 8%.

Estonian turnout was 37.6%.  But provisional overall European turnout was 50.97%.

Estonia’s neighbour Finland doesn’t vote online.  Provisional turnout in Finland was 40.7%.

Estonia’s neighbour Lithuania doesn’t vote online.  Provisional turnout in Lithuania was 53.08%.

In fact, with no other country in this election permitting online voting, turnout was higher in 19 of the 27 other countries that voted.

European Parliament 2019 provisional turnout
Estonia had lower turnout than 19 of the 27 other countries, lower turnout than overall in Europe, and a lower increase in turnout than overall in Europe.

Online voting doesn’t put Estonia at the top of the pack for turnout.  In fact Estonia was in the bottom third of nations for turnout in the 2019 European Parliamentary elections.

So I don’t know how one could continue to assert that online voting is any kind of solution to increasing turnout.

UPDATE 2019-06-01: I have made a Google Docs spreadsheet of the European Parliamentary elections turnout data, if you want to look at the numbers yourself.  Note that this shows total turnout; as indicated above Estonia votes online and on paper, with the majority voting on paper.  END UPDATE

Data sources:

Previously:
March 5, 2019  Internet voting doesn’t increase turnout in Estonian elections

Considering online voting including Estonia

There are three fundamental challenges with public discussions about online voting:

  • The majority of computer scientists, particularly computer scientists with expertise in voting systems, recommend again online voting, but journalistic false balance often presents this as one computer scientist vs. one online voting advocate.
  • The dedicated resources available from nations and vendors to promote online voting vastly outweigh the nondedicated volunteer resources available from computer security experts to explain the issues with online voting.
  • Voting appears simple but is actually complex, with many essential requirements that are hard to capture in a soundbite.  This makes it easier to make a convincing-sounding but incorrect “common sense” convenience argument for online voting than to make the correct technical requirements counter-argument.

Consensus Opinion

Basically if the press were actually representative about this “debate”, it would be like John Oliver’s classic expert-weighted debate, with 97 experts on one side and 3 sceptics on the other.  So any time you see an online voting “debate” on TV or in print, I want you to imagine 97 expert computer scientists recommending against online voting, and 3 promoters with various agendas advocating for it.

I don’t have the ability to construct that kind of visual, but just to make it clear, what I am writing recommending against online voting is not just one voice, and it’s not just 16 leading computer security experts, it’s the overwhelming consensus view. It’s the view in the computer scientist community.  In 2004 the Association for Computing Machinery, the world’s largest scientific and educational  computing society (with a membership now of approximately 100,000) issued a Statement on Voting Systems, which includes the following text

voting systems should enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system.

It’s this consensus view that is summarized by the City of Toronto

The overwhelming consensus among computer security experts is that Internet voting is fundamentally insecure and cannot be safely implemented because of security vulnerabilities inherent in the architecture and organization of both the Internet and commonly used software/hardware

And if you wish there were some process to assemble a scientifically representative consensus into a document, well, I have good news.  The US National Academies of Sciences, Engineering and Medicine (NASEM) knows exactly how to run a process to report on expert consensus, and they did.  Their report recommends against Internet voting.

Secure Internet voting will likely not be feasible in the near future.

So to be blunt, if you’re in favour of online voting, you’re against the scientific consensus.  You’re also against the conclusion of 99.5% of the countries in the world.

National Online Voting Only In One Country

There are approximately 200 countries in the world.  Of those, the number of countries that offer online voting for all citizens in all elections is one.  One country of approximately 1.3 million citizens, where the total number of votes cast in each election is roughly 600,000.  Where the majority of voters still cast their votes on paper, on election day.

One country where offering online voting is part of branding the nation as e-Estonia, including consistent promotion.  Does your country invest in promoting its election system internationally?  Maybe that’s why there aren’t many international news stories about your country’s voting system, but there are lots about Estonia’s.

Computer security experts simply don’t have the scale and reach that a national public relations initiative has.

It takes months of dedicated journalism to do a comprehensive story about the issues with online voting.  Which, fortunately Eric Geller did: Online voting is a cybersecurity nightmare.

Unfortunately, the reality of deadlines, lack of expertise in computer security and lack of expertise in the actual requirements for voting systems means that most articles don’t go into the same depth.

As a result, reporting on Estonia’s online voting tends to be relentlessly positive.

But in article after article there are also a number of things that don’t get said about Estonian elections, including:

  • turnout declined in the last national election, in the last two local elections, and in the 2014 European Parliamentary election
  • turnout in the 2015 Estonian national election was lower than turnout in Canada and the UK

Estonia national turnout 2015

  • the smallest number of votes cast is by the 18-24 year old age group
  • online voting is offered for advance voting only, and requires a national digital identification infrastructure
  • Although Estonia has observing, auditing and testing procedures, the only time international computer security experts were invited to observe the process was in 2014.  Those outside observers found “There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers”. Since that report, international computer security experts have not been invited back.

You can read about the 2014 study in Practical Attacks on Real-world E-voting, 7.3.2 Estonia’s Internet Voting System. Or you can watch J. Alex Halderman explain it

SIDEBAR: The 2016 study by the Cyber Studies Programme at the Department of Politics and International Relations, University of Oxford.

The University of Oxford conducted a study of Estonia’s Internet voting in 2016, entitled The Estonian Internet Voting System – An Independent Assessment of the Procedural Components.

It’s important to note the “procedural components” part of the description.  The study (PDF) states specifically:

We review the general procedural security components of the system, particularly procedural security controls, …. We therefore do not focus on software engineering or encryption related issues in the computer systems.

Additionally, this study was based on reported procedures, not direct observation.

Finally, we must state that there is one main limitation to our work. This relates to the fact that our research relies on interview reports on voting processes and systems from individuals in Estonia, as opposed to direct observation of the I-Voting system in process.

The 2016 Oxford study is therefore not comparable in either scope or methods to the direct observations of the international experts in the 2014 Independent Report on E-voting in Estonia.

END SIDEBAR

All Countries That Study Online Voting Reject It

At a national level, Internet voting has been studied by the Parliament of Australia, by a Canadian Parliamentary Committee, and by Finland.  Each study recommended against online voting.

Lithuania was considering online voting, but as best I can conclude through a layer of Google translation, has rejected it on national security grounds.

“Interior Minister Eimutis Misiūnas is still skeptical about online voting, according to him, until there is an absolute guarantee of security, elections must take place in a traditional way.”

LRT.lt – E. Misiūnas dėl balsavimo internetu – kol kas skeptiškas (March 1, 2018)

Rytis Rainys, Director of the National Cyber ​​Security Center, is not sure about the security of online voting.
“Fears about cyber security are one of the main reasons why this process stops,” he said. – These fears are not only justified but also based on facts, mass incidents that we have in Lithuania.”

LRT.lt – Internetu balsuojanti estė: tai nepalanku kai kurioms partijoms (February 28, 2019)

Online Voting And National Security

When Deloitte studied cybersecurity as it relates to elections for Australia, they found

The main concern is not the actual damage that cyber attacks can cause to individual electoral system components, although it exposes the individual jurisdiction to significant reputational damage. The bigger concern is that any reports of attempted or successful breaches gives adversaries the ability to sow doubt in the security and integrity of electoral processes.

Australia – Electoral Cyber Security Maturity Review: Whole of Nation Report (Deloitte Touche Tohmatsu report CN3550609 for the Department of Home Affairs – October 2018 – redacted)

So it’s not just that an online election can and will be attacked, it’s that the obscurity and lack of transparency of an online election opens it up to the opportunity of undermining trust in elections as a whole.

These are real threats.  Canada’s Centre for Cyber Security says

In 2018, half of all advanced democracies holding national elections had their democratic process targeted by cyber threat activity. This represents about a three-fold increase since 2015 and we expect the upward trend to continue in 2019.

2019 Update: Cyber Threats to Canada’s Democratic Process – Executive Summary

Online Voting Fails In Independent Testing

But even if you’re not convinced by the fact that the majority of computer scientists, and the majority of nations, and national security advisors are all against online voting, what about a real-world independent test?

Well, Switzerland fortunately has a legal framework in place that requires independent testing of proposed online voting solutions.

And when their online voting was independently examined (outside of the restrictions they had placed on the testing), it was found to be insecure. So they have withdrawn it.

Online Voting Fails When Deployed

Online municipal voting in Ontario failed in 2010 and again in 2018.

Home Computers Are Insecure

And remember you don’t just have to be concerned that the online voting code itself is insecure, people vote from their home computers, over the Internet to centralised servers.  Elections agencies have no control over the security of home computers and the Internet, and they have no control over when major security flaws will be discovered and patches will be released.  Such as for example the week of May 13th, 2019, when there was:

In fact, the US Computer Emergency Readiness Team (US-CERT) listed 99 (yes, ninety-nine) high-severity computer security vulnerabilities just for the week of May 13, 2019 alone.  And all of those computer security vulnerabilities, some of which will take weeks or months for consumers and organisations to patch (if ever), they all took place in the same week that Estonia opened its online voting on May 16th.  So you can be guaranteed that people were voting from insecure computers.

Vendors Control Most Internet Voting

And in addition to all of those factors, the reality in Canada and most other countries is that elections technology is created by third-party, for-profit vendors who shield their code and processes from inspection using intellectual property law.  This means elections are effectively outsourced to opaque third-party organisations.  I’ve written about this in the context of Ontario’s computer vote counting, and I would add that Ontario specifically stated their need to work closely with vendors

Throughout the planning phase, we worked closely with our vendors to establish accurate requirements, conduct necessary testing, determine support, and ensure the integrity of the election was never compromised. We were able to integrate vendors into the design and administration of the election, and we look forward to a strong working relationship with our vendors into the future.

Elections Ontario – Modernizing Ontario’s Electoral Process: Report on Ontario’s 42nd General Election June 7, 2018 – Section 2: Planning a Transformative Election, B. Building the Team, Vendors

Tell me, if you wanted to increase the connection that the public feels with its election system, if you wanted to bridge the gap between the public and its democratic system, would your first choice be less involvement of the public?  Because “integrating vendors” means removing the public from the inner workings of the election system itself.

And if you think at least the vendors must be experts in computer security, their record is abysmal.  In the 2007 Ohio EVEREST study, independent researchers found

“exploitable security weaknesses in all three vendors’ systems”

Ohio EVEREST Voting StudyStatement

Conclusion

With all that to consider, if you only have one takeaway from this entire blog post it is this:

you must demand public, independent, expert testing without restrictions before you place your confidence in online voting

Such testing has not taken place for the online voting in Ontario and Nova Scotia municipal elections.

There are too many other problems with online voting for me to summarize in what is already a long blog post, so I will conclude with two previous summaries I have done:

Internet voting doesn’t increase turnout in Estonian elections

Estonia offers Internet voting for advance voting only.  The majority of Estonians vote in person, on paper, on election day.

One of the persistent myths about Internet voting is that it must increase turnout.  It doesn’t.

Estonia has been offering Internet voting since its 2005 Local elections.

Turnout has declined in the last two local elections:

2009: 60.6%
2013: 58.0%
2017: 53.3%

Turnout declined in the last Parliamentary election:

2015: 64.2%
2019: 63.7%

Also note that less than 30% of ELIGIBLE voters chose to use Internet voting for the Parliamentary election.  The exact numbers are 28.1% of ELIGIBLE voters using Internet voting.  That is an absolute number of 247,232 Internet voters.  The total number of votes cast in Estonia using Internet and paper was 565,037.

Canada has higher turnout than Estonia

For comparison purposes, in Canada’s all-paper, hand-counted Parliamentary election in 2015, the turnout was higher than in Estonia in 2015.  Canada’s turnout was 68.3%.  The total number of votes cast in Canada was 17,711,983.

Data from:

Previously:
October 15, 2017  Estonian municipal council elections 2017 – Kohalikud valimised 2017
September 5, 2017  Estonian ID card vulnerability and [2017] election
December 12, 2016  Online voting doesn’t increase turnout
July 8, 2016  Estonian Internet voting and turnout myths
March 8, 2011 Estonian vote-counting system fails

Estonian municipal council elections 2017 – Kohalikud valimised 2017

Estonian municipal council elections finished at 8pm on October 15, 2017.

I’m writing now at 10:37pm Estonian time, as the results have been posted online.  I will update this post if there are changes.

UPDATE 2017-10-17:  Some information for context

  • Eligible voters for Parliamentary elections and eligible voters for Local elections are not the same, so the two types of elections are difficult to compare.  Local elections draw from a larger electorate.
    • 2013 Local elections – Eligible voters – 1,086,935
    • 2015 Parliamentary elections – Eligible – 899,793
    • 2017 Local elections – Eligible voters – 1,100,648
      Also I believe the 2017 local election is the first one in which 16 and 17 year olds could vote.
  • It’s important to be careful whether one is talking about voting as a percentage of total eligible voters, or voting as a percentage of actual voters.

END UPDATE

Summary: ONLINE VOTING IS NOT A SOLUTION FOR INCREASING TURNOUT.

There is no Internet voting on election day in Estonia, the online voting system is only available for advance voting.

The total number of Internet votes cast was 186,034 (one hundred eighty-six thousand thirty-four).  I don’t like comparing different types of elections as they have different characteristics, but just for the sake of a complete picture, the total number of Internet votes cast in the Parliamentary elections in 2015 was 176,329.  So the total increase is 9,705 (nine thousand seven hundred and five).  UPDATE 2017-10-17: However note that the local elections draw from a much larger pool of eligible voters.  END UPDATE

So while 186k online votes is indeed a record for Estonia, it is a relatively small absolute increase.  And I would caution strongly against projecting this result of under 200k online votes to jurisdictions with tens or hundreds of millions of voters.

The total number of votes cast was 367,199 (three hundred sixty-seven thousand, one hundred and ninety-nine), for a total turnout of 53.2%.

UPDATE 2017-10-17: The total number of votes cast was 586,523 (five hundred eight-six thousands five hundreds and twenty-three), for a total turnout of 53.3%.

Turnout DROPPED from the 2013 local elections, which had a turnout of 58%, for a turnout DROP of 4.7%.

So just to make my point super clear: Estonia has had online voting since 2005. After 12 years of offering online voting, they have managed a turnout of just over 50%, and that turnout dropped from the previous local election.
ONLINE VOTING IS NOT A SOLUTION FOR INCREASING TURNOUT.

You can see turnout percentages for this election at https://kov2017.valimised.ee/osavotu-statistika.html and details for past elections at http://vvk.ee/voting-methods-in-estonia/engindex/statistics/

UPDATE 2017-10-17: You can see the total number of eligible voters, the total number of votes cast, and the total number of Internet votes at https://kov2017.valimised.ee/valimistulemus-vald.html  END UPDATE

On https://kov2017.valimised.ee/osavotu-statistika.html the turnout for online voting seems to be is a separate item called E-HÄÄLI but I have to say I don’t really understand the numbers other than total turnout shown in the bottom right and the Internet voting turnout (as a percentage of TOTAL eligible voters) is 16.9%.  That is to say, only 16.9% of eligible Estonian voters chose to cast their ballot online.

There were seven days of advance voting (including Internet voting) in total, from October 5 to October 11.  You can see an overview of the voting schedule at https://www.valimised.ee/et/kohaliku-omavalitsuse-volikogu-valimised-2017 or in English at https://www.valimised.ee/en/municipal-council-election-2017

Previously:
July 8, 2016 Estonian Internet voting and turnout myths

Estonian ID card vulnerability and upcoming election

On September 5, 2017 the Estonian Information Systems Authority – Riigi Infosüsteemi Ametit (RIA) reported that researchers have found a vulnerability in the Estonian digital ID card:

Possible Security Vulnerability Detected in the Estonian ID-card Chip

This is a serious issue in general, as the card is at the heart of citizen digital interactions with the government, but has particular implications for Internet voting, as the ID card is key to the functioning of the voting system, enabling amongst other features the unique Estonian ability to vote multiple times with only the last vote counting (including choosing to vote in person on election day, cancelling all previous Internet votes).

There are local government council elections coming up soon, with online voting starting in a month, running from 5 October 2017 to 11 October 2017 (online voting is only available for advance polls, not on election day).

Estonia Local Gov Council Elections 2017

above from Municipal council election 2017

According to the Is the ID-card safe? FAQ, the National Electoral Committee (Vabariigi Valimiskomisjon) will decide whether to proceed with online voting.

UPDATE 2017-09-06: In its September 6, 2017 meeting, the National Electoral Committee decided to proceed with online voting in the October elections.  Reported by err.ee – Electoral committee: Online voting in October elections still on / Valimiskomisjon: e-hääletamine toimub.  ENDUPDATE

The analysis of the ID-card vulnerability, by “[a]n international group of cryptography scientists from recognized universities” will be “published in the coming autumn at an international scientific conference” according to the ID-card safety FAQ.

UPDATE 2017-09-06: There’s more detail about the specific vulnerability, which is appears to be a computationally-intensive, technically-challenging way to determine the private key from the security chip, in Postimees article Hackers could have made digital clones / Häkkerid võinuks luua eestlastest digikloonid.  ENDUPDATE

Links in English

Links in Estonian

Additional Context

Original story via Bruce Schneier – Security Flaw in Estonian National ID Card

As Estonia is the only country in the world with national Internet voting, I have written about it many times:

June 16, 2017  evaluation of Predicting the Future – online voting – Estonia
July 8, 2016 Estonian Internet voting and turnout myths
March 8, 2011 Estonian vote-counting system fails
November 11, 2004 e-voting in Estonia

For a perspective on security concerns with the Estonian system that predate the ID card issue, it is also important to read the materials on the website Independent Report on E-voting in Estonia as well as

evaluation of Predicting the Future – online voting

I want to give credit to Andrew Weinreich for the first two of his three Predicting the Future online voting podcasts.

Episode 7 (Online Voting episode 1): Can online voting defeat the broken Electoral College?

Episode 8 (Online Voting episode 2): Hacking elections, DDoS attacks, and online voting around the world

What I liked is that he gives people time and space to talk, in particular in episode 8 there is lots of time given to Dan Wallach, enabling Dr. Wallach to clearly articulate his positions around online voting.  As well, David Dill has an opportunity to provide his position.

(Both Dr. Wallach and Dr. Dill are on my list of Internet voting computer security experts.)

You can listen to this podcast and learn a lot about the computer science perspective, which isn’t often the case.  (In a similar vein of presenting computer science expertise well, consider Reveal’s podcast Internet voting is a bad idea.)

You know there’s a “but” coming, right…

Expert Assessment of Risk

Where things run into problems in the Predicting the Future podcast, particularly in episode 8 about hacking elections, are in the weighing of risk and in the summation of the computer science expertise.

I have seen similar disconnects in discussions about municipal online voting.  Basically what happens is the computer scientist says there are risks, and the counter-argument that is presented is that there are also benefits, but this misunderstands scientific communication.

What the computer scientists are saying is not that there are risks (everything has risks) but that it is not possible with current technology to adequately mitigate those risks.   Basically this is a problem of estimative language, and it’s why national security agencies have entire systems to describe what they mean when they say something.

Here’s an an example of estimative language from the Canadian Communications Security Establishment (Annex A of Cyber Threats to Canada’s Democratic Process).

CSE Annex A Estimative Language

You can see similar language in Annex B of US Intelligence report ICA 2017-01D.

What computer scientists are saying is that compromise of online voting is Very Likely, and that there is no way to mitigate the risk below Very Likely.

There is simply no benefit that outweighs an 80% or more possibility that your election results can be hacked.  And that would be even if Internet voting were implemented with all possible best practices, but the evidence is it almost certainly wouldn’t be.  There have been examples time and again of election technology security falling somewhere between lax and incompetent.

Sometimes I cite this language from the Utah iVote Advisory Committee Final Report (April 2015):

Given that sufficiently secure Internet voting systems do not yet exist, they would need to be built.
Of course, some systems, like a stone bridge to the moon, are impossible to build. Others, like a stone bridge to Hawaii, are so exorbitantly expensive as to remain a fool’s errand.

which is to say, there are some things that are either currently not possible or beyond the realm of affordability.  This is based on expert assessments.  You may not want to believe the assessments, but that doesn’t make them untrue.  Sometimes truth is inconvenient.

We are talking about adding a lot of additional security risks, unnecessarily

Security threats not found in current Canadian federal paper election system
(above from Table 1: Security threats to elections not found with in-person, hand-counted paper voting in Canadian online voting report, citing Dr. Essex)

Political System Issues and Turnout

Fundamentally, the goal of the podcast is to explore turnout.  But only from a technology lens.  Which is, basically, solutionism.  Technology is not always a solution, and it’s definitely not always the best solution.

I am ill-placed to comment on turnout in the United States, but there are two lenses one could apply.  One is process design.  For this I look to The epic journey of American voters.

Fix the process burdens described in the Center for Civic Design’s report, and a big part of voting will have improved.

Just as one example, in many countries, the state actively tries to ensure that voters are registered.  For Canadian federal elections, they used to literally go door to door to ensure people were registered, in a process called enumeration.  Now, checking a single box on your Canadian federal tax return ensures you’re registered to vote.

The second lens is what I would call voting constraints.  The US elections are not an unconstrained system in which the only thing preventing voting is convenience.  There are two significant constraints imposed that could be addressed through a combination of technological and political measures: one is the (to non-Americans) absurd level of gerrymandering of districts (enabled to a large part by what one could consider misuse of technology in order to microtarget the district designs) and the other is the deliberate attempts to suppress turnout through various measures (an evolution of the Jim Crow era, in which there were constraints like voting literacy tests).

If you want to talk cost/benefit, then fixing the process, removing gerrymandering and eliminating voter suppression would be (in my non-American opinion) far more impactful than online voting.  Make sure you’re solving the important problems, not just the technologically interesting ones.

So there are real problems, and real solutions.

Now let’s come to turnout.  Turnout is very complex.  It depends on lots of factors including the issues, the candidates, and the political culture.  It can vary from election to election in the same location.  Trying to compare across countries that have very different cultures and issues is a bit of a mess.  And trying to compare across vastly different sizes of elections is also a mess.  The evidence is that offering online voting just causes people to shift voting channels, it doesn’t bring in new voters.  I have blogged about this many times before, e.g. online voting doesn’t increase turnout.

I do want to mention three countries specifically however:

  1. Canada
  2. Estonia
  3. Switzerland

Canada

There is only online voting in municipal elections in Ontario and Nova Scotia.  Voting in Ontario was extensively studied and the result is a maximum effect of 3% increase in voter turnout.

Goodman, Nicole and Stokes, Leah C, Reducing the Cost of Voting: An Empirical Evaluation of Internet Voting’s Effect on Turnout (October 6, 2016). Available at SSRN: https://ssrn.com/abstract=2849167

As you will recall, I earlier assessed risks to online voting as “Very Likely” (80% or greater potential for compromise).

So if you want to do an apples to oranges comparison, you’re basically looking at 3% turnout increase in exchange for adding massive risks to the integrity of your voting system (in the shift from paper ballots to online voting).

Estonia

Let’s be blunt: Estonia is a small country.  The total population is about 1.3 million.

The idea that we can trivially generalise from Estonia to Canada (30 times the population) or the US (300 times the population) is at best dubious.

In any case, Estonia provides all of its turnout numbers.  This gets presented in different ways according to the biases of the presenter.  I can, for example, use the numbers to say that after 8 years, less than a third of Estonians use online voting.  I can also say that Estonia’s turnout, with the magical boost of online voting was… only up 2.3% over 8 years and was lower than Canada’s completely paper-based turnout in 2015.

Statistics about Internet Voting in Estonia

Plus which, let’s be concrete about what less than a third means in real numbers of voters in Estonia.  It means approximately 176,000 votes cast online.

Do we seriously think countries are so interchangeable and voting cultures so universal that we can generalise from about 176,000 online votes in Estonia to about 128,000,000 votes in the last US Presidential election?  This is not about scaling up, this is a mouse and an elephant.  They’re not comparable.

And that’s setting aside the fact that the Estonian e-voting is not secure and that it relies on a every citizen having a national digital ID, which is spectacularly unlikely to ever be the case in the US.

As the only country with national online voting, I understand why Estonia comes up again and again, but let’s be realistic about the fact we’re talking about a system that 70% of the country’s voters don’t use, and that only represents 176,000 votes cast anyway.

Switzerland

Switzerland has voting in some municipalities in some cantons (not national or even state-level voting by any stretch).  Switzerland also has no culture of voting privacy (traditionally voting was done by show of hands, and in fact in many municipalities this is still the norm) and it has much more frequent votes on more things.  We are again talking about a small number of votes cast online (less than 300,000).  And we’re talking again about less than 25% of voters choosing to vote online.  And, as always, it doesn’t increase turnout anyway.  And in Switzerland one of the systems had to be removed because it was determined to be insecure.

How many ivoters in Switzerland

For more on Switzerland:

Country Examples Summary

Mostly we have small examples.  Without exception, the increases in turnout are between miniscule and nonexistent.  These are based on long-term, serious, analytical academic studies.  The evidence is in.  Online voting does not increase turnout.

Conclusion

I give lots of credit to Andrew Weinreich for doing really diligent and comprehensive research and for letting his guests clearly express their opinions.

Where I disagree is in the reframing following the computer science speakers, where Weinreich says (starting at 23:29 into the Hacking elections episode)

“Leading computer science academics are deeply sceptical of Internet voting and are actively campaigning against its utilisation, not because theoretically they don’t think it’s a solvable problem, but because they don’t think it’s worth solving.”

This misrepresents the computer science position (which is incidentally a consensus position of the 96,000+ member Association of Computing Machinery).  The computer science position is that based on known risks and known results (including the cases I have presented above), the risk is too high and the benefits are minimal at this time.  And that the properties of paper ballots cannot be replicated online.  This is an expertise and evidence-based conclusion.

The computer science position is that this is an interesting problem, and one worth continuing to research.  And indeed there is active research on online voting in many different computer science departments and organisations around the world, in part because it is such an interesting and difficult problem.  But we are nowhere near having a solution, so in the same way we aren’t trying to solve electricity problems by promising a Mr. Fusion in every house tomorrow, we shouldn’t creating the expectation that online voting will be workable any time soon.

And keep in mind the computer science conclusions about security were drawn long before the recent incidents of nation-state cyberattacks, which take the risk to an entirely new level.  You can mitigate against an amateur attack, and even against a moderately professional attack.  You cannot mitigate against a nation-state funded expert attack.  If the NSA wants to get into your system, they will.  That’s the level of threat we now know we face.

And that’s just the risks on the technical side, that doesn’t even touch on the possibility of coercion or online guided voting.  Vote online says Mark Zuckerberg.  How far from that to “Facebook has voted for you based on your preferences”?  (And to Weinreich’s credit again he explores some of the possible disruptions that online voting would cause for campaigns and advertising.)

Online voting doesn’t solve any of the very real problems of voter turnout.  In fact it’s so low down the list of potential solutions that when the City of Calgary wrote a 2017 report on increasing turnout (PFC2017-0259 Election Outreach) online voting was rejected deep down in an Appendix (Section 2.1 Internet voting in Attachment 3, to be precise).

I admire when people want to improve their democracy, want to increase turnout, want to improve the experience of voting.  But online voting is not the solution.  Solve the real problems instead.  They are big, and they are hard, and they are mostly political.