In any democratic election, trust is shared between different groups to ensure that no one may single-handedly make decisions which may compromise the election’s integrity. Elections held through the internet should be no exception, but moving into the digital realm may raise questions about, one, how systems prevent stakeholders from altering results, and two, how trustworthy individual online voting system providers are.
Busting this myth comes down to two words: distributed trust. In a secure online voting system, votes must be decrypted before they can be counted. In systems which use distributed trust, no single election administrator has the full cryptographic “key” needed to decrypt the election and see results prior to mixing. Thus, the election results can only be revealed after voting ends and more than one administrator agrees to end the election and see results. While distributed trust is a critical feature in ensuring that all trust is not placed in one party, not all online voting systems employ this as a feature. Having this in mind, it is critical to check with providers to make sure distributing trust is an option.
Online voting isn’t a new technology: it has been pursued since the early days of the internet and is now used in settings ranging from companies to national parliaments and even churches. Despite its widespread usage today, online voting is often viewed as something new which can present a threat to both voters and organizations which use it. This may be due to the lack of standards for online voting systems or the spread of non-auditable voting systems which may leave doubts about the results of elections.
With that in mind, we would like to bring up several misconceptions (or “myths”) about online voting we have found from around the web. We seek to not only “bust” them, but also clarify from where they came and why they are important.
Myth: There is no way to verify voters online.
This statement stems from the issue of how one can confirm that voters are in fact who they say they are through the internet. As put by the American National Academy of Sciences, in order for online voting to work, voters need “suitable digital credentials that allow them to prove their identity.” This involves not only setting up a system which uses robust credentials to stop fraudulent logins, but also taking steps to limit the risks of voting from private devices.
To counter this myth, we would like to cover some highlights from our blog post about authenticating voters online. In particular, online voting systems can use several tools to aid in verification, including multi-factor-authentication (MFA) and integrated digital IDs. With MFA, users are required to input their login credentials as well as confirm their login via another device, a method which is highly effective at stopping unauthorized login attempts. Government-issued digital IDs, such as the MitID in Denmark, often use MFA and are also an excellent way to authenticate voters in an online voting system.
Myth: Online voting systems cannot be checked or audited.
We do consider this to be a “myth,” but it is important to acknowledge that it is based on some truth. There are a number of online voting systems out there today whose inner workings are not open to scrutiny, which we term “black box” systems. These systems cannot in fact be checked by either voters or independent observers, thus raising concerns about the integrity of elections held using such systems, and should be avoided.
In spite of the attention paid to “black box” systems, the principle of end-to-end verifiability is now recognized as a solution to ensure that online votes are secure and auditable. According to the US Vote Foundation, end-to-end verifiable systems allow voters to “check that the system recorded their votes correctly, check that the system included their votes in the final tally, and count the recorded votes & double-check the announced outcome of the election.” Put shortly, end-to-end verifiability, recognized by academics at the University of California, Berkeley as something which governments should “take additional steps towards standardizing,” opens up online voting systems to outside observation. It is a must-have for any reputable online voting system.
Myth: Voters can’t remain anonymous when voting online.
We consider this myth to be two-sided since anonymity issues could come from either the system or voters. On the system side, there must be a way to separate the online voter from his/her vote so that a vote cannot be traced back to an individual. On the voter side, voters might be “coerced or paid to vote for particular candidates” or have malware on their personal devices, neither of which can be directly addressed by election coordinators but which threaten the security and anonymity of online votes.
The key to busting the system side of this myth comes down to the design of the system itself. In particular, while E2E-V is a must, online voting systems must also use robust encryption and mixing protocols. In layman’s terms, this means that only voters possess the credentials to check (or decrypt) their votes and that votes are properly “mixed” before the end of the election. In this way, administrators are able to see that votes have entered the ballot box unaltered, but cannot link a vote to a voter since mixing them up has ensured anonymity. On the voter side, guidance is key, as voters must be properly informed of how to secure their devices and use features which enable them to recast ballots if need be.
Myth: Online voting involves placing all trust in one person or organization.
In any democratic election, trust is shared between different groups to ensure that no one may single-handedly make decisions which may compromise the election’s integrity. Elections held through the internet should be no exception, but moving into the digital realm may raise questions about, one, how systems prevent stakeholders from altering results, and two, how trustworthy individual online voting system providers are.
Busting this myth comes down to two words: distributed trust. In a secure online voting system, votes must be decrypted before they can be counted. In systems which use distributed trust, no single election administrator has the full cryptographic “key” needed to decrypt the election and see results prior to mixing. Thus, the election results can only be revealed after voting ends and more than one administrator agrees to end the election and see results. While distributed trust is a critical feature in ensuring that all trust is not placed in one party, not all online voting systems employ this as a feature. Having this in mind, it is critical to check with providers to make sure distributing trust is an option.
Myth: Online voting is only for the tech-savvy.
One argument made against online voting is that only those who are more familiar with technology are willing to vote online. This is because, in the words of the US Vote Foundation, even “verifiable systems add steps and complexity to the voting process.” Online voting systems can often be explained in an understandable way, but it is necessary for developers and organizations to properly explain them to voters prior to adoption, while also confirming that voters with disabilities are able to use them.
In response to this myth, we first address the idea that online voting is only for those who are “tech-savvy.” According to a long-term study from Estonia, as citizens became used to voting online over several years, there were no significant differences (age, education, gender, etc.) between online voters and in-person voters. This means that time is often key for getting more than just “tech-savvy” voters to use online voting. Second, in terms of accessibility, properly prepared online voting systems can provide an invaluable means of participation for voters whose disabilities or circumstances may make going to a polling station difficult.
Myth: Online voting aims to replace other methods of voting.
This myth is partly inspired by the ease of online voting, as some fear that it could lead to a “push-button democracy” where citizens no longer engage deeply with democratic institutions outside of the internet. As covered in the previous myth, there are concerns that not only will some voters be left in the “digital dust” (not exactly true), but also that online voting may alter traditional democratic processes or get rid of paper balloting altogether.
First, as we cover in our blog post, online voting is just one example of a number of “digital tools” used in service to democracy today throughout the world. Many of these tools, including websites for citizens to suggest and vote on potential laws or discuss proposals with like minded-citizens, have connected citizens with their governments in ways not previously possible and strengthened existing democratic institutions with consistent feedback. Second, it is in fact possible to use online voting together with paper or in-person voting as part of “hybrid voting.” With hybrid elections, voters are able to choose which voting method suits them best and no one is left behind simply due to their voting preferences or needs. In this way, online voting can be a key supplement to existing voting procedures, helping all eligible voters cast ballots in their preferred manner.
Naturally, this list of myths is not exhaustive; we have selected ones we have encountered in our research and experience which we felt we are best able to address. Nonetheless, we do hope that providing both context and our input on each of these myths has been helpful. Of course, as with many things in life, it is important to do one’s homework when encountering unfamiliar subjects. We at Assembly Voting have certainly done ours with online voting and we hope that we can continue to satisfactorily address any issues related to the work we do.