Proponents of Internet-based voting systems for official government elections continue to gain support in countries all around the world. Considering that so much of our daily lives is conducted online, including online banking and secure business transactions, it only makes sense that many voters would want to have the same level of convenience and security when exercising their democratic right to vote.
When voting in person at an official polling station, voters are typically asked to authenticate their identity in some form. They are also checked against the official electoral roll of registered voters. Since this involves some necessary interaction with an election official, the public perception is that this kind of voter identification is more safe and secure. By contrast, a person who uses Internet voting can cast his or her ballot from the privacy and convenience of the home, workplace, or even from a mobile device. Who is there to verify the identity of the voter?
While the I-voting
system of Estonia continues to lead the way with its infrastructure of
validated citizen identification cards, a different system is being developed
by researchers from
the University of Birmingham in the United Kingdom. This system, dubbed
Du-Vote, borrows much of its inspiration from the secure infrastructure and
controls used by online banking.
One of the major concerns cited by critics
and detractors of Internet voting is that election officials have no real way
of validating the hardware on which the voter casts his or her ballot. This is
stark contrast to the level of control an electoral commission would have over
the development, deployment and use of electronic voting machines at
traditional polling places. The machines belong to (or are being rented by) the
electoral officials. With Internet voting, the citizen casts his or her ballot
from a personal device, like a computer, tablet or possibly even a smartphone.
The Du-Vote system overcomes this concern
by using independent hardware devices that are then connected to the end user's
computer. Lead researcher Professor Mark Ryan explains
that the system uses a “credit card-sized device similar to those used in
online banking... you receive a code on the device and type it back into the
computer.”
How is this advantageous? The credit
card-sized device is fully controlled and vetted by election officials. It is
made to be as secure, private and confidential as possible, just like with
online banking. The security device is independent, so even if the home or work
computer of the voter has been compromised with viruses and other security
threats, the legitimacy and integrity of the security device is maintained. And
because the security device is so much more specific in its purpose, it is far
less susceptible to being compromised.
Many people may be concerned about the
security of Internet-based voting and these issues are clearly worthy of
debate. Even so, online voting could have the somewhat paradoxical effect of better
securing elections than their more traditional paradigms and, at the same
time, it could help to encourage greater voter turnout too.
The Du-Vote system has only been under
development for two-and-a-half years and the researchers say they need
further testing before the system can be suitably deployed. Current
estimates are that it may be ready in time for the 2025 general election in the
United Kingdom. That's in line with the more optimistic view of SRI
International senior computer scientist Jeremy Epstein. He states that secure
e-voting is at
least 10 years away, but his more conservative estimate is more like 20 to
30 years. He calls for two-factor authentication, for instance, among other
concerns.
More on the Du-Vote system will be
presented next month at the 28th IEEE Computer Security Foundations Symposium
in Verona, Italy.
