As Israel Votes, One Question Remains: How Come We Still Cast Paper Ballots?
CTech – With the Israeli general elections here, the use of archaic paper ballots in our electoral process seems, on its face, to be anathema to the ethos of the Startup Nation. Their continued use requires that we trust election officials to be honest and procedurally accurate and secure. And, it remains very difficult to determine ballot tampering and other security breaches. So why not use digital technology?
There are a number of different technologies that could be employed in the voting process. In the United States, for example, as a result of the Help America Vote Act (2002), most mechanical systems were banned in federal elections in favor of digital ones that were seen as being more reliable. As a result, mechanical levers and hanging chads have given way to a host of new technologies. In the western US, the preferred method is to digitally scan paper ballots, while in the east they use Direct Recording Electronic machines (DREs) with Voter Verified Audit Trails (VVPATs) — a physical paper trail, albeit not receipts that you can take with you, to prevent voter intimidation.
Both technologies, however, are not optimal as they still require voters to come down to their polling station to deposit their ballots. In an age when we no longer have to leave the couch to do our shopping, banking, or even our work, it seems strange that more votes aren’t cast by phones or tablets, although some jurisdictions are beginning to do so. At the very minimum, voting from home would likely do wonders for voter participation as well as prevent voter disenfranchisement and intimidation at minority polling stations.
The benefits notwithstanding, a recent report commissioned by the US National Academies of Science found that internet-based voting should not be used now or in the near future “until and unless very robust guarantees of security and verifiability are developed and in place, as no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” In fact, one cybersecurity expert compared the development of best practices for internet voting to be akin to best practices for drunk driving: there really is no safe way to do either, at least not yet.
Others are not as concerned. Following the US 2016 elections there were a number of efforts to employ internet and blockchain-based voting solutions. These include a biometric/blockchain system from Voatz, as well as Followmyvote and Votem, which allow users to check to see if their votes were actually counted.
At first glance, blockchain seems like an optimal system for voting, as it allows parties who mutually don’t trust each other (voters and their governments) to trust the blockchain which has thus far shown its robustness is several areas, particularly in finance. But unlike cryptocurrencies, blockchain voting inherently cannot be fully decentralized as voting infrastructure relies on centralized lists of voter registration and identification which remain vulnerable to tampering and interference.
Moreover, many in the computer science community remain concerned that any internet-based voting will allow for hacking, denial of service attacks, and the interception of votes. They argue that even the proposed blockchain systems, which would record each vote in an ostensibly immutable ledger that is verified by a decentralized group, nevertheless remain effectively an overly complicated database for the task at hand, and are not necessarily more secure than other systems, adding only needless complexity.
Others note that the use of blockchain will not solve many of the issues associated with voting integrity. Even an immutable and transparent blockchain ledger can’t prevent vote tampering upstream or downstream of the blockchain itself. Phone-based malware could interfere with the voting submission to the blockchain, switching your vote from candidate X to candidate Y before it is uploaded onto the blockchain; and unlike digitally scanned paper ballots, voting on the blockchain leaves no verifiable paper trail that could prove whether corrupted software reading the blockchain ledgers read the votes incorrectly, maliciously or otherwise.
Moreover, while all internet-based voting lends itself to the possibility of vote buying, the transparency of the blockchain, even when encrypted, could allow vote buyers to confirm that the bought vote was actually placed, an integral part of the illicit transaction.
There are also concerns that as people are already constantly losing their cryptographic keys, many voters will be disenfranchised in the likely event of their key being lost. Additionally, internet outages could cripple the voting process both blockchain based and otherwise. And finally, the companies that are developing the infrastructure for blockchain systems may be loathe to share their proprietary software and information for any researcher to assess the reliability of the system.
Those in favor of blockchain, particularly when the system is augmented with two-factor and biometric identification, point to the value of even a partially decentralized system where the verifiers of the blocks would be limited to a handful of typically trusted academic institutions and non-governmental organizations rather than the entirety of the blockchain community, which could potentially open up the system to malicious and foreign actors. But even these trusted institutions are run by humans who could collude to change the results of the elections.
There are other internet-based alternatives to blockchain based systems. The end-to-end verifiable voting (E2E-V) systems might be more capable of providing anonymity as well as vote validation, verification, and secrecy. These systems are supposed to be capable of verifying that your vote was counted without disclosing the content of that vote. But these systems also still need to be hardened against cybersecurity attacks, particularly denial of service (DoS) attacks.
Given all the added uncertainty, the use of any digital technology still makes little sense in the relatively simple, single vote Israel system, as compared to the complicated, multi-tiered ballots of America’s elections.
In a cost-benefit analysis, the repercussions to Israeli democracy, if there were to be widespread mistrust in the Israeli voting system due to cybersecurity concerns, is not yet worth the switch, even given the potential benefits to the homebound and elderly, or the obvious cost savings.
Keep in mind also that there are other, perhaps more potent problems in the voting process that will not be fixed by digitizing the vote. Digitizing the system won’t fix the scourge of fake news or the continued voter intimidation or the unsubstantiated claims on social media that serve to undermine election legitimacy, no matter what technology is employed.
So go out and vote on paper. At least the system isn’t too complicated to understand.
Dov Greenbaum, JD PhD, is the director of the Zvi Meitar Institute for Legal Implications of Emerging Technologies and Professor at the Harry Radzyner Law School, both at the Interdisciplinary Center (IDC) Herzliya.