'Upgrade' elections with online voting, says cryptography expert behind Switzerland's e-voting system

The last major upgrade to UK electoral law was votes for women 100 years ago, notes cryptographer David Galindo

If you were to design a democratic voting system designed to exclude certain groups in order to favour the incumbent political parties, you'd probably come up with something like the processes used in most Western countries today.

You wouldn't need to build insecure back doors or vulnerabilities; you'd simply make it as inconvenient as possible for certain people to vote. In the US, for example, gerrymandering is legal and employed by both major parties, likewise voter suppression.

It is also not uncommon to find polling stations sited only in the suburbs making it hard for non-drivers in the inner cities to cast a vote. People with disabilities, minorities, expatriates, young people and those serving in the military are similarly inconvenienced. It's not just the US, of course. Variations on the theme of deliberate barriers to participation are commonplace almost everywhere.

This, rather than genuine fear of hacking, is the main reason for resistance to online voting by politicians, believes David Galindo, a cryptographer who has helped design online voting systems in use in Switzerland and Australia.

"Once they've been elected by the current system they have zero interest and zero motivation to allow new voting channel that will make it easier for people who currently are not voting because of the inconvenience," he said.

The state of New South Wales only backed down after losing a 2008 court case brought by blind voters who complained of a lack of access. Only about 10 per cent of blind now read braille with most depending on electronic devices to help them navigate the world. Arm suitably twisted the Australian state decided that e-voting was the least-worst option it was introduced for certain groups.

Galindo, now a senior lecturer in computer security at the University of Birmingham, was instrumental in designing the system with the Spanish developer Scytl. He remains a passionate advocate of online voting as a way of including disenfranchised and excluded voters who often bear the brunt of government policy and is an advisor contributor to the think tank Webroots Democracy which campaigns for the better use of technology in democratic representation.

Political resistance is not the only hurdle faced by online voting. There's also the ever-present fear of powerful state actors manipulating elections. Galindo insists there is no evidence so far of this occurring in Switzerland, Australia or Estonia and that any such actions including apparent Russian hacking of the US electoral register have all occurred within the existing system.

Nevertheless, there is extreme caution around introducing something new in the democratic process. The last big change in the way elections are carried out in the UK was when women were allowed to vote. It's a process that evolves very slowly.

There's an element of fear about new technology

"There's an element of fear about new technology, and security experts who are meant to have a say on this are very conservative," he said.

There is also the problem of conflation in the public mind of disinformation campaigns, Cambridge Analytica and Russian troll farms with online voting, whereas, in fact, they are unrelated. They also believe the current system to be more watertight than it actually is.

"No form of voting is 100 per cent secure. You always have trade-offs. Normally the arguments against internet voting consider remote attackers that do not have a physical presence in a polling station, and most hackers cannot do much against you voting in a polling station, but of course we know that every time there's an election there are some irregularities, people trying to abuse the system, inconsistencies in counting. As a margin of error if you do manual counting there can be one to two per cent inconsistency in the UK. That is a significant number."

So would the risks of manipulation and margins of error be lower with online voting?

"It depends on how you design the system," said Galindo. "We have a lot of knowledge today. Switzerland has been doing this, and Estonia and Australia on a regular basis with no problems so far. So we look at how they do it and then start from there."

Zero-knowledge proofs

To beat this 1-2 per cent inconsistency an online voting system needs to be as secure as possible and also capable of taking account of malicious actors within the system. The system designed by Scytl uses zero-knowledge proofs, which prove that a computation has occurred without revealing anything about that computation. In the case of electronic voting, votes are encrypted to ensure privacy with zero knowledge proofs used in the decryption process when the vote is counted.

"By respecting the privacy of the vote you can open ‘the envelope' and do the counting without revealing anything private, but at the same time you can prove that all these competitions were done properly," Galindo explained.

Additional security is built in by splitting the decryption key and sharing it between a number of trusted parties within the electoral authorities.

"You split the control of a very sensitive operation between a number of parties - say seven parties - and you need let's say you decide that three or four of them agree to on them performing the quorum in order for the sensitive operation to take place."

The unlocking of the votes using the cryptographic key takes place at a ceremony with those four officials present in much the same way that the results of ballot paper counts are unveiled. While it would be possible (although difficult) for four malicious representatives to reverse-engineer the votes to see how someone voted, the integrity of the vote would be unaffected. So the system is not perfectly ‘trustless', but then neither are the alternatives, said Galindo.

"In the end, you need to place some trust assumptions in any system - even in the current system. In particular, you trust that the electoral commission and the polling stations are behaving and that only eligible voters can vote and that no one is tampering with ballot boxes. If you are a voter, you don't know this."

Provided the software is open source and open to scrutiny, and so long as it is implemented properly, online voting should be more transparent and trustworthy while bringing elections into the modern age and encouraging the young and the excluded to make their voices heard, Galindo said.

Galindo also commented on researchers' findings of a flaw within the Scytl zero-knowledge proof implementation, saying there's a low risk that it could have been exploited.