Alert Sign Dear reader, online ads enable us to deliver the journalism you value. Please support us by taking a moment to turn off Adblock on Dawn.com.

Alert Sign Dear reader, please upgrade to the latest version of IE to have a better reading experience

.

Insecure voting

February 13, 2018

Email


FROM a recent Supreme Court proceeding came the news that an internet voting software, at a cost of Rs150 million, will be ready for expatriates in the coming weeks. An argument is being made that internet voting will increase voter turnout and convenience for voters.

If we think we’re prepared to use the internet in a general election, then why not extend its use to locals so they can vote from anywhere using their favourite device? Many renowned software and system security researchers advise against internet voting for reasons including the insecure nature of the internet and systems, security threats, vote buying and stealing, privacy, and usability and monitoring challenges. Also, if the internet were suitable for voting, it would be widely in use by technologically advanced countries.

Internet, machines and systems used in an internet voting scheme are all inherently insecure. Frequent bugs pop up, causing irreparable financial and productivity losses. They are all also susceptible to well-known attacks. For one, malicious code can reside in voter machines. It can change the vote without anyone noticing, and even erase itself without leaving evidence of the fraud. Moreover, there is software available that can be used to remote-control a machine with the potential to alter votes, again without the users noticing its existence.

Attackers can also dupe the voting website in many ways. For example, a voter can be asked to click on a link that brings up a website similar to the real website, allowing the attackers to steal the vote. No matter how secure the voting software in itself is, insecure and vulnerable voter machines can jeopardise the integrity of the election process.

Casting one’s vote via the internet has many drawbacks.

Vote buying and selling is another area of concern. Will the website give voters a receipt? If so, then this can be shown as proof to a political party that one has voted for its candidate, in return for a monetary reward. And if voters don’t get receipts, how are they guaranteed that their votes were registered as cast and tabulated as recorded? Will they get a chance to re-vote in case of an error? How does this software protect against all this?

Furthermore, the issue of auditing the election results is important, particularly if the results are contested. I’m not sure how this will be addressed by this software. Auditing may become complex when results are encrypted, although it’s unclear what mechanisms will be applied to encrypt data, if any.

Similarly, to gain voters’ trust, it’s important for us to know what programming languages, operating systems, and other tools and processes were used to develop the software. Was the software code reviewed? Who reviewed it? A major bug can jeopardise the whole system. It also remains to be seen how (and where) the voting software is deployed and protected.

The privacy of user data too is critically important. Leakage of personal data is all too common. It’s uncertain what storage systems and techniques will be used to store and protect the voter’s data in this new software.

Usability and accessibility of the software is also very important. It should be usable for new computer users. Further, one wonders whether the voting software supports voters with disabilities. Will the software work flawlessly for the colourblind, or people with vision problems who use screen readers? Some people with disabilities use enlarged text; does the software behave correctly when its content is enlarged?

Monitoring and trust are big issues as well when it comes to internet voting. In the existing paper ballot system, when I cast a vote, I then sign the paper myself and hand it over to a trusted chain of custody (which records and tabulates results), which is monitored and evaluated by major political parties, media and foreign institutions.

The idea of a trusted chain of custody becomes a concern when things are digital. How is this chain trusted? Who is monitoring it? Some vendors will inevitably be used to facilitate the process; are they audited or certified? It’s hard to trust vendors in an era when some big ones have been known to compromise trust and give away important data.

The Supreme Court has assigned a third-party individual to review the system, although one wonders if the individual has the relevant background in computer and systems security. This feedback should have been solicited prior to starting the implementation. It’s probably already too late.

Leading researchers think that our current infrastructure is inadequate to holding elections on the internet. Mr. Rubin also notes that any omissions and discrepancies in the election process, due to internet voting, may threaten public confidence in the integrity of the voting system itself. I believe we should pay heed to these experts.

The writer works in the technology sector.

Twitter: @wyounas

Published in Dawn, February 13th, 2018