Home > Democracy > Some Thoughts on Online Voting

Some Thoughts on Online Voting

October 11, 2014
Computer says no. Or yes. It might say the same thing you say, if you're lucky.

Computer says no. Or yes. It might say what you want it to say, if you’re lucky.

Since Scotland narrowly voted to remain part of the UK, people are thinking about constitutional reform. Who should have powers over what, what democratic accountability there should be, and how we should confer a mandate on our politicians. One thing that’s been mentioned repeatedly is online voting. It’s an immediately appealing idea, but I believe a little thought reveals many problems. There are three main considerations:

Verifiable, Anonymous, Online – Pick Two

The system we have where a ballot paper is issued to a voter who fills it in in secret is pretty good at being secure and anonymous. Yes, there are index numbers on the ballot papers which allow them to be linked back to the individual voter, but this is handled by a different set of people to the people who handle the ballot papers, and so it’s a lot of effort to do it, particularly in secret – it’s only really used in cases of suspected voter fraud, under police supervision.

The obvious problem with any system where the ballot paper is filled in where somebody can see it, such as on your home computer or mobile phone, is it means the ballot is not anonymous to any onlooker. This creates the opportunity for people to be coerced into voting a particular way.

However, this pales into significance compared to verifiability; the average home PC is a mess of viruses and other malware. Most of the time you don’t notice it, because it’s designed not to be noticed, but your computer might be taking part in an attack without your knowledge, using its Internet connection along with thousands of others to flood websites or its CPU to crack passwords. Computers are, to non-experts, mystical black boxes. The user has no real way of knowing whether voting software is doing what they ask, or that their computer is allowing them to interact with it sensibly. They don’t know if the vote record they see on their screen is the same one that’s been communicated to the vote-counting system.

Only computer experts can audit all the software being used, including everything that runs on a typical PC (like malware) which could interfere with the process or appearance of voting. Even then, it is impossible even for experts to be sure that software being run at the time of the vote is identical to the software they’ve audited. Even if it were possible, it means that then the average voter has to trust third party experts who may have their own agenda in important elections, to assert the security and verifiability of their vote.

The polling station system we have is flawed; for example, personation is fairly simple and hard to detect while turnout is low. There are possible solutions to that but they all require further bureaucracy and different opportunities for things to go wrong or be manipulated. But there are a lot of safeguards and double-checks in the system, even if they’re not always used. A candidate can place observers at polling stations, and seal ballot boxes between the polling station and count room to ensure they’re not tampered with. And in extremis, it is possible to correlate ballot papers back to individual voters, by using two different sets of data held by two different groups of people; this is near-impossible to do in secret, even if you’re electoral staff, and when it does occur in the event of fraud, it’s done under police supervision. The entire system can be explained to a lay person and doesn’t require any secret “black boxes” whose function isn’t easily observed. No online system can say the same.

Of course, we are prepared to make trade-offs between convenience and security – postal votes are a good example of this. Postal votes are not anonymous, because somebody can watch you fill in your vote; they’re not particularly reliable because there’s even fewer checks on whether the person submitting the vote is the person to whom it was issued. From the legitimate voter’s perspective the postal system is a black box of sorts – I know voters who swear blind they’ve returned a ballot by post but haven’t shown  up on the “marked register” of people who voted. The introduction of widely-available postal voting increased turnout, but also became the biggest source of fraud allegations. However, the potential for fraud with postal votes is limited by physical access – to the address to which the ballot papers are delivered if you’ve registered nonexistent people, or to the individual voters you wish to intimidate. For online voting, elections can be swung by a single person on a different continent with a well-crafted computer virus; the risk is far greater in scope.

Why Use Online Voting At All?

There is no doubt that online voting is convenient. With Internet access almost ubiquitous, it can cut costs and time and hassle. So when would we want to use it? Firstly, when the electorate is engaged. As mentioned above, fraud is easier to detect when turnout is higher (including several attempts in the unusually busy Scottish Independence Referendum). Secondly, when the risk of being caught is worth more to the people providing your black box, than the opportunity to influence your election.

The obvious answer then is for internal elections. Sorry to burst peoples’ bubbles, but the chance of influencing who gets to be comms officer for an AO isn’t worth the risk for a reputable vote-managing organisation to take. Turnout is likely to be a higher percentage of a much smaller number, with a more committed electorate, which will make that fraud harder to hide. For the Lib Dems, it would make sense for OMOV in Federal elections, particularly if there’s an offline top-up for the people who don’t / can’t use the Internet.


Online voting is an interesting technology, and you have to understand the risks and advantages. Having laid them out, I’m clear that online voting for national elections and referendums is a bad idea; they tried it in Estonia and the system has been found insecure (unlike that article, I do not believe that online voting can be made secure). Even electronic ballot counting can be fraught with errors; it might be impossible to say who actually won the London Mayoral Election in 2008.

The main advantage, other than cost, is that of increased voter turnout. However, this is not necessarily a good end in itself; that’s a separate blog post which would either be very long, or just instruct you to read Gordon Lishmann and Bernard Greaves’ “Theory and Practice of Community Politics” (available in an updated edition from ALDC). Using online technology to help people be more aware of politics and what their politicians can do is worthy; devolving power and improving the voting system so voting is meaningful will also increase turnout. But we should not see increased turnout as an end in itself; that way lies the foolish thoughts of mandatory voting, or the risks of insecure online voting.

Categories: Democracy Tags: ,
Comments are closed.
%d bloggers like this: