E-voting won’t ever be failsafe, say technologists
Experts say New Zealand is already vulnerable to election interference. So why are we turning to online voting? Katie Kenny reports.
The heads of intelligence agencies and technologists across the country have warned, for security reasons, against online voting. Last year, Statistics NZ’s ‘‘digital first’’ census had the lowest participation rate in more than 50 years. Nine councils working on a joint plan to trial online voting in this year’s elections abandoned the idea, owing to rising potential costs.
But as the polls close on another round of local body elections plagued by low voter turnout, officials are looking for a panacea.
Prime Minister Jacinda Ardern said on Tuesday that she wanted some voting to be online for the 2022 elections. ‘‘We need to see at least the beginning of online voting, in my view, and I have held that view for some time,’’ she told
Many technologists, particularly those who have witnessed fruitless cycles of interest in online voting over the decades, are confused. Others are simply frustrated.
‘‘I think if you asked anyone in IT and security, they’d be against online voting,’’ says Auckland University of Technology’s head of computer science, Associate Professor Dave Parry.
The list of obstacles is lengthy. It’s difficult to design a system that can be used from people’s home computers; doesn’t allow multiple votes per person; can accurately record and count votes; and is confidential. Any such system would also be an extremely attractive target for hackers, Parry says.
Not to mention, the stakes are high. Unlike other online systems such as banking, where mistakes can be rolled back, the voting process has to be spot on the first time and every time.
‘‘It’s like trying to land a rocket on Mars,’’ he says. ‘‘You can’t really test it before you do it.’’
While it’s unfair to expect politicians to have in-depth knowledge of technical subjects, the sector is increasingly frustrated by its lack of access to decision-makers.
‘‘There’s a fair amount of frustration among the technology community, there doesn’t seem to be a cultivation of close linkage between government. And it’s not a party thing – it’s always been like this.’’
With two decades of experience in his field, Christchurch software architect Mark Rickerby has seen the issue of online voting raised again and again. ‘‘Since the early 2000s, and possibly as far back as the 1990s, online voting has been discussed. And a lot of people have presented really compelling critiques of it.’’
Rickerby says he was surprised by Ardern’s comments this week. ‘‘Anyone with an understanding of operational security will look at [online voting] and go: ‘This isn’t going to work’.’’
His main concerns echo Parry’s; namely, protocol design problems. ‘‘People need to recognise, the entire foundation of modern computing is insecure.’’
Society appears to view technology with unfounded optimism, he says. ‘‘We have to stop this thinking that technology is progress. There’s nothing inherently progressive about it. Old systems can be better than new systems.
‘‘We can do something worse now than we have done in the past. We seem to have this assumption things get better and that’s not always how they work.’’
The heads of New Zealand’s intelligence agencies have also warned against online voting, as part of the Government’s inquiry into the 2016 local and 2017 general elections, later expanded to include an investigation into the electoral system’s resilience against foreign interference.
Addressing Parliament’s justice select committee in April, Government Communications Security Bureau (GCSB) boss Andrew Hampton and New Zealand Security Intelligence Service (NZSIS) head Rebecca Kitteridge said there were ongoing security concerns about online voting.
In an email, Hampton explains that any move to online voting would need to build in robust security at every stage of the process to maintain integrity and ensure trust in the voting process. ‘‘We know from intelligence and from public reports that elections around the world are increasingly targeted, including by state actors.’’
He points to a Canadian report that found in 2018 half of all advanced democracies holding national elections had their democratic processes targeted by cyber-threat activity – a threefold increase since 2015.
The National Cyber Security Centre in its latest annual report identified 347 ‘‘significant incidents’’, of which nearly 40 per cent were assessed as being linked to state-sponsored actors.
However, Hampton says he understands the challenges local government is facing with voter participation. ‘‘GCSB will work with the Department of Internal Affairs and engage with local government on the development of options to ensure that cyber security is considered as an integral part of any future plan to move voting online.’’
InternetNZ chief executive Jordan Carter is on a similar wavelength. He says while the internet is ‘‘great for many government services’’, online voting isn’t yet one of them.
‘‘To uphold public confidence in the process and outcomes of elections, vote counting must be transparent and trustworthy. It isn’t enough for voting not to be hacked, we also have to be able to prove that it has not been hacked. In my view, online voting technology can’t offer this assurance yet.’’
However, Carter supports investigating the targeted use of online voting in local elections to address access needs and better serve people with a disability or mobility issue.
Auckland University’s head of computer science, Dr Giovanni Russello, says the country’s entire attitude to cyber security needs to shift. ‘‘At the moment, it’s all reliant on human experts who are basically inundated with work. They’re usually not funded well, unless an organisation gets hacked, then they can get some money. As soon as things stabilise, it’s back to business as usual.’’
The reactive mentality doesn’t bode well for ongoing resilience, he says.
With a team at Auckland University he’s working on machines that can constantly check for cyber security vulnerabilities and raise red flags when necessary.
When asked if he’d rule out online voting in New Zealand, Russello says he would not.
Other countries, from the United States to Estonia, have employed online voting, with varying degrees of success, he says. ‘‘There are systems that are secure. But it’s all about probability. If you want a system that’s 100 per cent secure then no, it’s never going to happen.’’
Plus, if bad actors want to affect New Zealand’s democracy they don’t need to intercept voting systems, he says. Microtargeting, disinformation and fake news can be easier avenues.
‘‘Look what happened with Cambridge Analytica,’’ he says. (In 2018, it was reported tens of millions of Facebook users had had their data harvested by the political firm, with the aim of using it to manipulate voter behaviour.) Last week, at internet gathering NetHui, one man, who claimed to have been designing election software since 1993, raised his hand to offera warning: ‘‘I don’t think New Zealand is ready for the tsunami of s… that’s coming our way.’’
Rickerby, the software architect, was at the conference. As was Ardern. ‘‘She’d been listening to these discussions about how New Zealand isn’t prepared,’’ Rickerby says. ‘‘So I was very surprised when, a week later, she said she was in favour of online voting.’’ software architect
‘‘We have to stop this thinking that technology is progress. There’s nothing inherently progressive about it. Old systems can be better than new systems.’’
Mark Rickerby
Government Communications Security Bureau directorgeneral
‘‘Elections around the world are increasingly targeted, including by state actors.’’ Andrew Hampton
InternetNZ chief executive
‘‘It isn’t enough for voting not be hacked, we also have to be able to prove that it has not been hacked.’’ Jordan Carter