Media

Deconstructing the democracy sausage: The risks of e-voting

By | | comments
Electronic voting could let hackers access private voting information (Image via Staticflickr)

Electronic voting might be convenient, but in this age of personal data leaks it's not a safe or secure option, writes Rosie Williams.

CRYPTOGRAPHY IS a bit like sausage — everyone likes the result but no one really wants to know how it's made. It takes some pretty special skills to deconstruct the mysteries of computer security and Canberra-based independent security researcher Tim Wilson-Brown has one of those minds. When voting in the 2016 A.C.T. election, Tim was left with a bone to pick.

In an email interview, Tim shared his feelings on the subject:

When my name was marked off the electronic roll, I wondered, "How secure is this? What information are they collecting about me?”

If it's all done on paper, it's obvious — they put a line through your name and then you put some numbers next to some candidates. But when we vote electronically, it's so easy to collect an excessive amount of data. And the things people can do with detailed data... they're really creepy.

Wilson-Brown began researching the system used in the A.C.T., sharing findings with Elections A.C.T. and making them public after months of waiting for a satisfactory response.

Votes are timestamped and the order in which each vote is placed is published by Elections A.C.T. This provides just enough information to create the potential for motivated individuals to figure out how the people before or after them voted.

Elections A.C.T. has responded publicly via the ABC, claiming the vulnerabilities are more theoretical than realistic. Disagreeing, Wilson-Brown explains that not only does Elections A.C.T. timestamp vote data, they also record timestamps for when each voter is marked off on the electoral roll.

Wilson-Brown believes this practice creates an opportunity for matching voters to their vote without serving a justifiably useful purpose:

‘These timestamps aren't used to create an election outcome. And we're quite capable of investigating multiple-vote fraud without them. The risk of identifying voters is just too high. If Elections A.C.T. stopped collecting vote timestamps, this risk would be minimised.’

While Australia led the world in instituting the secret ballot, the fact that so much of our lives and opinions are now freely available across social media presents new challenges to privacy.

Technology has facilitated political engagement and grassroots campaigning, but the “wild west” character of much internet speech and the availability of data on individuals re-introduces old challenges. An electoral system that requires such low numbers of votes to parachute certain voices to the political stage, when combined with the power of social media, triggers the potential for coercion through doxing and social media abuse.

The A.C.T. was the first jurisdiction in Australia to use electronic voting, which has been in place since 2001. The NSW Electoral Commission used the iVote system, which was the subject of vulnerability reports in the lead-up to the 2015 election. A report on the system was due in May this year but is yet to be released.

Electronic voting has been used or trialled in various jurisdictions around the world since the early 1990s with mixed results. A cursory search turns up a large number of recent news stories bringing into question the reliability and validity of electronic voting across the world.

The U.S. is currently undergoing a return to providing paper-based options out of concern over the security of e-voting, but it isn't just technical hacks that election officials need to head off.

So questionable is the security of America's e-voting operations that California's annual hacker event, Def Con, simulated existing systems and provided them to children to hack, claiming that if they gave these tasks to their adult attendees they would be “laughed off the stage”.

According to Suelette Dreyfus, a University of Melbourne lecturer and researcher in cyber security and hacking:

You only need to look at the long list of high profile data breaches over the past decade — it’s pretty hard to say any online system is guaranteed to be 100 per cent safe. If the CIA can lose secret information about its hacking capabilities, and 1.5 million people in Singapore can have their profiles stolen from SingHealth, things may not be looking so flash for internet voting… Hackers have also targeted elections in France and Kenya, the media has reported.

The break in the social fabric we’re seeing in the U.S. right now is partly because there is a question about whether government is governing without a mandate. Rightly or wrongly, people have questions around the integrity of the vote that occurred and thats a contributing factor to the question of “is this government legitimate?”

According to Chris Culnane, also a University of Melbourne cryptographer and part of the team that developed the Electronically Assisted Voting system that was used in the 2014 Victorian election:

'Such systems are possible, but they are at the pinnacle of security and cryptography, they are trying to achieve the holy trinity of data security (confidentiality, integrity, and availability) in a system that is deployed for a short time with very high load and must be accessible and easy to use by both the public and the electoral commission…They are [not] going to be able to buy something off the shelf and it is just going to work.'

Despite these cautions, election guru Antony Green and Roland Wen, Visiting Fellow at UNSW, believe the switch to electronic or internet voting is inevitable. Green points out that postal voting is facilitated by a dying industry, requiring replacement with solutions befitting current and future needs.

Dreyfus disagrees:

‘I don’t agree that “it’s inevitable”, when it comes to electronic or internet voting being rolled out everywhere. We have a choice. We can choose to wait until its proven to be safe, then plunge in. We can be evidenced-based, not ideological, in our decision-making.’

Rosie Williams is a citizen journalist who runs privacy workshops at rosiewilliams.com.au. You can follow Rosie on Twitter @Info_Aus.

Support independent journalism Subscribe to IA.

 
Recent articles by Rosie Williams
Liberal Party harnesses i360 big data in time for 2019 Federal Election

Do we really want to follow the U.S. down the big data path of privacy-breaching ...  
Australia's student housing crisis

Rosie Williams discusses the difficulties involved with trying to find suitable ...  
Privacy, media and politics: What are our rights?

Privacy is being eroded by media and government, writes citizen journalist Rosie ...  
Join the conversation
comments powered by Disqus