Tuesday, December 16, 2014

Scytl’s 2014: Annus horribilis, or may be not

2014 was a peculiar year for the noisiest, albeit not the only Spanish company specialized in voting technology and solutions. Despite some major setbacks resulting from ill-developed voting solutions, it managed to close a $104 million financing round this year.

Image: Pixabay
The year had a bumpy start for Scytl. For Ecuador’s 2014 Sectional elections in February, Scytl was to deliver a solution that would help the Ecuadorian Election Commission to process the tallying of the votes with the goal that results could be announced within 72 hours after closing the polls. Yet, one whole month after the election was over, Scytl was still counting votes and was still unable to provide final results. In the mean time, Ecuadorian authorities were confronting the herculean task of convincing public opinion that the results would “soon be announced”- were legit. As a result of the scandal and ensuing public unrest, Domingo Paredes, head of the electoral management body, declared that the Election Commission had unilaterally terminated the contract, demanded payment of guarantees, and began taking legal actions against the company. Oddly enough, after the fanfare published in Scytl's website news in February and March about projects "in the works" as if the February election had been "a successful implementation", there has been a complete silence on Ecuador the following months.

A few months later (June) Norway —one of the countries leading the crusade to make internet voting a reality, and a client of the Barcelona-based company—, halted i-voting experiments amid security fears. As evidenced in the video posted by the Norway electoral authorities (2:31:13), the secrecy of 54% of the vote was in fact compromised during the September 2013 pilot due to a bug in the encryption key. These cryptography issues were also reported in the Expert Study Mission Report from the Carter Center.

Even though bad news are the ones usually travelling faster, neighboring Peru seems not to have found out about Ecuador’s ordeal with Scytl. And only five months after the infamous incident aforementioned, the National Office for Electoral Processes (ONPE) of Peru experienced first-hand the mishaps of a poorly designed in-site Internet voting solution. In August, while conducting an Internet voting pilot using Scytl technology, voters ran into all sorts of trouble to cast a ballot. In spite of the simplicity of the contest –only 186 polling centers serving 34,672 voters– the company was once more unable to deliver up to the expectations.  

To cap off the year, on October 27, Scytl ran into trouble once again— this time staged by its branch in Canada, while providing its internet voting platform for elections in 20 Ontario municipalities.

According to the company, five election files had been mislabeled due to human error, creating tabulations problems that delayed results. On November 6, the 20 municipalities got together to discuss the issues and demand explanations. Scytl apologised and offered a discount of 25% from the charges for their services, plus a 10% discount on a future project, as if Ontario's woes were of financial nature. Read more here.

In spite of all these incidents, Scytl managed to raise over 100 million dollars from capital investors. Among them: Vy Capital, Vulcan Capitan and Sapphire Ventures, formerly SAP Ventures – the independent venture capital firm associated to Europe’s largest software company.

Scytl’s PR department deserves a standing ovation for not allowing such a poor track of performances ruin a financing round; especially in the age of global communications and instant scandals when such blunders happen.

Tuesday, December 9, 2014

The problems with e-mail voting

Most discussions surrounding how elections can and should be run generally focus on the core group of people who will make the trip to a polling place in order to cast their ballot. This makes a lot of sense, since the vast majority of voters in elections all around the world will place their vote in this manner, whether it is through a manual system or with electronic voting.

A smaller demographic would be made up of absentee ballots. These may be people who live in remote or rural areas and they cannot or wish not to make the journey to the closest polling station, which could be a considerable distance away. And then there is the other cohort of voters who are not physically present in the region or country itself, but these expatriates and citizens working abroad have just as much of a right to have their voice heard (though an official vote) as those who are physically present.

To address this growing demographic, the Election Commission in India has submitted its recommendations to the country's Supreme Court to facilitate remote voting by Non-Resident Indians (NRIs). While there are considerations for casting a ballot through proxies or through electronic voting machines, another proposal calls for email-based ballots that the NRIs can send directly to the Election Commission. 

From a convenience standpoint, this may appear to be a sound proposal. Under an existing ordinance, non-residents could vote, but they would still need to register and come back to a local polling station. However, many NRIs “cannot afford to travel, or they only come once in many years,” according to petitioner Dr. Shamsheer Vayalil. Email can provide near instant communication and it is already a technology familiar with the grand majority of users globally. 

However, email-based voting presents multiple problems that may be difficult to overcome. First, emails inherently carry a significant security risk, as the messages can be intercepted and mailboxes can be hacked. Second, the identity of the voter cannot be suitably verified as there are no existing measures to guarantee the correct person is casting the vote. The email account can be compromised and even if it isn't, the email address can be easily spoofed by those wishing to commit election fraud. Third, it can be difficult to maintain the level of privacy and confidentiality required of an official ballot. Fourth, as the ballot is sent directly by the voter himself or herself, the sanctity of the secret ballot is compromised without further measures being taken to protect it.

Voting by email has its merits, but these challenges are too overwhelming to make the system viable for most intents and purposes. There are suitable alternatives that present their own set of challenges. The 2014 Brazilian general election saw the ambitious deployment of over 900 voting machines to nearly 100 countries around the world. The electoral court oversaw the process of preparing, sealing, shipping and deploying these electronic voting machines. A similar strategy was utilized by the Philippines with precinct count optical scan machines in major international locations. 

The cost and logistics involved with deploying electronic voting machines globally can be significant and this is another reason why turning to an existing infrastructure, like the Internet, must be explored. To this end, while email-based voting might not be the best idea, it may be possible to use far more secure protocols that are specifically designed for the purpose of casting, recording, and securely transmitting a ballot over the web to the appropriate officials. A vote through a secure website or with a secure application may work far better, so long as the protocols are in place to verify the identity of the voter, maintain the secrecy of the ballot, and securely transmit that information.

Monday, December 1, 2014

Are biometrics the future of e-voting security?

Combating electoral fraud will always be a major priority for any given election, as the electorate must have confidence in the integrity of the election and respect the election results. Each voter needs to be properly and suitably identified, just as each ballot should be adequately and reliably verified. 

The traditional method of voter registration and voter identification typically came in the form of government-issued picture ID, as would be the case with a driver's license, but these cards can be forged and the electoral roll (sometimes called the electoral register or voter registry) can also be manipulated. Technology can play a critical role in improving both the convenience and the security of running and election, but as Joseph Hall from the Center for Democracy and Technology points out, an “uncontrolled platform” for online voting represents too much of a vulnerability. To mitigate and to overcome these problems, biometrics can be a very viable solution.

The implementation of a strong biometric-based voter identification system can address many of the common concerns and issues raised with electronic voting and with fighting electoral fraud now and into the future. The so-called “zombie vote,” where someone attempts to cast a ballot in the name of a deceased person who is mistakenly still included in the electoral register, can be eliminated, because biometric identification would be required. This is most commonly your fingerprints, but additional technologies like an iris scanner, or finger geometry recognition could also be considered.

The use of biometric technology in the context of a major election is not new, but it is still in its developing stages. It has already been used successfully to identify and authenticate every voter in the 2012 presidential elections in Venezuela and there are plans in place to adopt a biometric voter identification system in the 2015 Tanzanian national elections. This adds a much needed layer of security and accountability, as every voter is stringently identified. 

Experts have also recommended the adoption of two-factor authentication to further bolster the verification process. Voters would be identified by fingerprint or other biometric-based methods, in addition to a government-issued smart ID card or something similar. The concept of two-factor authentication is also not completely novel, as it is already available on a variety of online services like Google and Dropbox. The new Apple Pay system also uses the Touch ID fingerprint reader on newer iPhone devices to authenticate the user and to authorize the transaction. 

Indeed, looking ahead to the future, many of the technologies already in use with consumer and business space can be adapted for major elections. In the times to come, voters may identify themselves with a fingerprint scanner, a smart ID card, and by tapping their NFC-enabled smartphones on a reader at the official polling station before being granted access to a direct-recording electronic (DRE) voting machine.

Technology is very much at the core of our modern existence and it infiltrates every aspect of daily life, from online socialization to online banking, secure mobile payments to the submission and processing of confidential government forms. There are technological hurdles to overcome with biometrics in the context of elections, but these are the hurdles that need to be suitably addressed in order for elections to move forward into the future.

Thursday, November 27, 2014

Lessons from the EVOTE 2014 International Conference

Issues related to the administration of a local, regional or national election may sound like they would only be the concern of the locality, region or country where the election is being held, but this is never quite the case. No part of the world exists in true isolation and great lessons can be learned through the collaboration of great minds around the globe.

And it is with this kind of philosophy and mission that EVOTE2014 was hosted at Castle Hofen in Lochau / Bregenz, Austria. The sixth international conference was held from October 28 to October 31, 2014 and it was attended by some 100 representatives from 33 countries from five different continents. Several topics related to electronic voting technology were discussed and presented at the conference.

It was noted, for instance, that many of the major advances and expansions in e-voting technology have come from developing countries, particularly in Latin America, rather than from more established democracies where more “traditional” manual elections have a stronger foothold. Estonia is widely viewed as a leader in pushing i-voting technology forward, along with developments in countries like Brazil, Venezuela, Argentina and Ecuador. 

Of particular interest at the EVOTE2014 conference was the submission by Julia Pomares, Director of Political Institutions at the Center for the Implementation of Public Policies Promoting Equity and Growth (CIPPEC), in collaboration with Guillermo Lopez Mirau, Teresa Shepherd and California Institute of Technology's R. Michael Alvarez. Winner of the Best Paper Award at the EVOTE 2014 conference, the paper focuses on the experience of Salta district in Argentina where e-voting was rolled out to the entire electorate in 2013.

A big lesson from that election is that it is of critical importance that the electorate has confidence in integrity of the election process and supports e-voting technology. If the public does not support the implementation of e-voting technology or it does not trust how such technology is being used, then further strides in advancing and improving electronic voting technology will stall or be hindered. 

Positive perception of the voting process and the belief that the voting system is easy to use are of great importance. Furthermore, people who have more positive views of technology in daily life are generally more positive about how e-voting is changing how elections are run around the world. 

The final programme for EVOTE2014 followed the overall conference theme of verifying the vote. While electronic voting technology can be used very successfully in quickly and efficiently counting the votes, in addition to voting machines being used for auditable ballot submissions, these votes must also be suitably verified in order to maintain the privacy, confidentiality and integrity of the final tallied results. 

At EVOTE2014, a workshop was held covering 10 pillars of end-to-end online voting verifiability, for example, while another session discussed how verifiable Internet voting works in Estonia. Other sessions included a talk by Vanessa Teague from the University of Melbourne on Trust and Verifiability in Australian E-voting, a session hosted by Rajeev Gore and Thomas Meumann on verified vote-counting, and a panel discussion on public attitudes toward Internet voting in Greece, particularly on the issue of verifiable e-voting. 

While each region, each nation and each service provider will continue to make their own decisions in regards to how e-voting and i-voting are best administered, international conferences like EVOTE2014 provide the perfect platform for these industry leaders to meet, collaborate and discuss the pertinent issues.