Electronic voting, cybersecurity, and Russian hackers

The Coronavirus emergency brings back talk about online voting, prohibited by our Constitution. According to Stefano Zanero, of the Polytechnic of Milan, it is necessary to ensure that all the IT infrastructures linked to the elections are secure, because in any country the first threat to consider is always that of those in power. We met him

In a 2018 cartoon by xkcd, Randall Munroe's webcomic, a computer engineer replies to a journalist's question about electronic voting, "it's terrifying... don't trust any voting software and don't listen to anyone who tells you it's safe".

Is this an exaggeration? The topic is particularly current: in an editorial in Sole 24 Ore, Davide Casaleggio wrote that the Coronavirus emergency could "also be an opportunity to test the online vote for municipalities where it will not be possible to go to the polling stations for the referendum at the end of March".

For Stefano Zanero, cybersecurity lecturer at the Polytechnic of Milan, "this is exploitation": in just over 20 days it is not possible to "set up the platform, test it, do security tests, and distribute credentials to citizens house by house in a quarantine area". Yet, beyond the tight deadlines (the referendum has been postponed in the meantime), there are also other problems.

Online voting

We must first distinguish between electronic voting at polling stations and online voting: online voting involves voting remotely, for example from home. Zanero recognises that it would have advantages, for example for those travelling. According to its supporters, turnout could also increase – a particularly effective argument where this is decreasing, even if the causes are probably to be found elsewhere, for example in disillusionment with politics. Anyway, online voting – explains Zanero – "by its nature does not meet the Italian constitutional requirements, as it cannot be made secret, anonymous, free, and equal". It is a structural question, not a technological limit that can be overcome: "Either you are not able to know if your vote has been counted or you are able to prove your vote to those who bought it". In a country where the problem of exchange vote exists, online voting is therefore, according to Zanero, "idiocy".

Local electronic voting

Local electronic voting involves going to the polling station and using electronic machines instead of paper and pencil. However, for Zanero, the only advantage would be to have the results a few hours earlier. In fact, it should be considered that the only way to be able to do it safely – according to a report by the American National Academy of Sciences – would be to do it with machines that produce a "paper trail", that is, a printed card for each voter who will insert it in the ballot box, after checking that their voting preferences have been correctly reported. Out of a total cost of 400 million Euros per election, the only savings would be 13 million Euros for printing and distributing the ballots, but on the other hand there would be the cost for developing the machines. For Zanero it would be an irrational choice, especially bearing in mind that the current voting system is transparent, verifiable, and reduces the possibility of rigging to a minimum.

Voting technologies and cybersecurity

Technology can play an indirect role in elections even without being used directly in the vote. For Zanero, indeed, “the security of the vote and the IT problems relating to the vote also concern all the backend systems, for example those that produce the lists of voters, those that produce the electoral certificates, and those that manage the transmission and counting of the votes in their aggregation. We are less worried about this, even if the only type of infrastructure that can be proven to have been violated by foreign actors – for example in the United States – was this, not the voting machines".

This brings us to the issue of cybersecurity. And while it is possible that there are attacks by external actors that we have never heard of (the most capable groups "probably acted without us realising"), for Zanero the risk in general is not so much that of external attacks, but of internal tampering. In fact, the Italian system is designed so that those in power "must organise the elections and cannot govern the results": when it was designed, the experience of fascism was still alive, in which people voted, but the system was made so that they could not vote freely.

And with the electronic vote, "what happens if those who produce the electoral machines have an interest in tampering with the election?". The problem is so complex – it would be a matter of verifying the firmware of tens of thousands of machines – that as said earlier the only solution would be to produce paper results so that there is a parallel verification method.

The European framework

A European Parliamentary Research Service paper from September 2018 highlights how most European countries remain faithful to traditional paper ballot.

In Switzerland, where people vote very often (up to four times a year only for referenda and popular initiatives), postal voting is also possible. Remote voting in itself is fully constitutional – and online voting was also used, with a system developed by the Post Office. In 2019, however, Canadian researcher Sarah Jamie Lewis reported flaws, which had existed for years and theoretically could have allowed to fix the results without being identified: issues so serious that the online vote was definitively closed. For Zanero, this is the experience of all the states that tried electronic voting before Italy.

In our country, electronic machines were used for the consultative referendum on the autonomy of the Lombardy region in 2017. For Zanero, this attempt made a very poor show of itself: "Slot machines that printed random results, machines that did not have paper inside and that did not print what they were supposed to print, machines that jammed, machines that were left in test mode and therefore lost an entire morning of votes until someone realised that they had to be in actual voting mode".

The Netherlands used electronic voting systems for about ten years, but gave up in 2007. Ireland gave up after spending € 50 million on equipment. Norway experimented with online voting in the 2011 and 2013 municipal elections, but the project was cancelled in 2014 due to security concerns and because the system had not increased turnout.

Only Estonia gives all voters the option to vote online in national elections. For Zanero, however, it cannot be used as a term of comparison: “It is less populated than the municipality of Milan, it has a completely different history from ours, for example from the point of view of the exposure to the exchange vote. There is no requirement for voting secrecy in the Constitution and they have an infrastructure whereby every citizen has an electronic authentication tool that they use to do everything and are therefore used not to be giving to anyone else".

The case of the Democratic primary in Iowa has recently caused a sensation in the United States, but "it is so tragic from the point of view of how the application was developed that perhaps it is not even to be used as an example".

Parties and direct democracy

Zanero recognises that electronic voting, however, can make sense for anything other than the election of a democratic country: the board of directors of a company, the apartment bloc assembly, or an association. But if it is a vote that also indirectly determines the behaviour of a political force – this is the case of the PD primaries or the votes on the Rousseau platform of the 5 Star Movement – there should be cautions that may not be identical to those of a national vote, but still strong, to avoid external or internal influences.

On the other hand, there are also official forms of direct democracy, for example, the experimentation of Barcelona – where 400,000 citizens helped define the municipal administration's programme – which would be impossible without using online tools. If it is a matter of non-fundamental decisions, for which the risk of exchange vote is low, for Zanero the risk may be acceptable. Finally, there is another element that according to Zanero must be dealt with – a question that is not technical but political, namely "the impact that this change in the way of managing public affairs has on a social and political level: we must ask ourselves questions about how this new medium of expression would alter the democratic process itself. Regardless of whether it is secure or not, changing medium is not neutral about what happens".

blog comments powered by