Estonia is a pioneer in digital citizenship. The Baltic nation provides all sorts of government services online, including electronic national identification and a digital residency that allows foreigners to launch Estonian companies while living in another country. It also allows its citizens to vote online.
Estonia held the first legally binding election using internet voting from personal devices in 2005, and has continued to improve and grow its access to digital voting since. As of the last election in 2019, 48% of all voters cast their ballot through a laptop or a smart device, says Arne Koitmäe, the head of the country’s electoral office.
Internet voting has been used in other countries—such as in Switzerland, for Geneva’s canton elections since 2003—but nowhere else is it used as routinely and extensively as in Estonia.
There are many factors driving it. First, Estonia has one of the world’s highest rates of internet penetration. According to the World Bank, in 2019 at least 90% of the population had internet access.
Then there is the ecosystem. Having been on the forefront of digitization since the 1990s, Estonians are used to accessing all sorts of government services online through a digital identification system connected to their biodata. With the exception of getting married, divorced, or buying a home, every government service is available online in Estonia. “[When] governmental services are all online, then voting seems like another service, like a natural extension” says Koitmäe.
Last, but not least, Estonia is a very small country. With an electorate of about 900,000, it’s far easier to prevent fraud, and monitor electoral (and other government services) to address possible irregularities.
Not so easy
While conditions in Estonia may be ideal for digital voting, there’s no reason other countries can’t follow its example.
“The challenges are certainly different in bigger countries, but the principles are pretty much universal,” says Koitmäe, who suggests starting small.
Proceeding in “slow, methodical way” is precisely the philosophy of Voatz, a digital voting startup. Voatz has been working to bring digital voting to the US since 2014, when Nimit Sawhney—now the company’s CEO—and his brother Simer came up with the idea for a blockchain-based voting app at a SXSW hackathon. In the first election where Voatz was adopted, the 2016 Democratic state primary in Massachusetts, only 15 voters used the app. Then in 2018, 150 used it in the midterm elections in West Virginia. Eventually, earlier this year during the Republican primary in Utah, 7,000 people voted through the app.
Once a jurisdiction has decided to permit electronic voting, the voter can ask their election coordinator for their ballot to be sent digitally to their smartphone. Then, they can download Voatz’s app, and verify their identity through fingerprints and other information. Voatz doesn’t store identity verification information, so it doesn’t expose any sensitive details that risk being stolen. The voter can then open the ballot through Voatz, vote, and send it. Once the vote has been received, an anonymized receipt is sent to the voter, and it can be used to audit the election, too.
Voting through Voatz is an option for overseas military and disabled voters in Utah County, Utah’s second most populous county in the current presidential election.
Unlike in Estonia, people using Voatz’s platform can only do so through smart devices that can read biometrics like thumbprints or faces, which according to Sawhney guarantees a higher level of security.
There is another big difference between the Estonian voting platforms and Voatz. Unlike the Baltic republic, the US doesn’t have a uniform digital ID for all its citizens—in fact, it doesn’t have a uniform ID, digital or otherwise. The lack of a federal identification, combined with the fact that elections are run by states with different rules, puts the onus on certifying the voter’s identity on the voting platform. “The private sector is doing the job of the government here,” says Sawhney.
In theory, at least, internet voting has the potential to make voting easier, and therefore it might be a welcome innovation for increasing turnout and voter engagement. That’s particularly true for voters with disabilities who can find additional support in technological aids on smart phones. But these benefits need to be weighted against the risks.
So far, cybersecurity experts have been more critical of Voatz than impressed by it, among them MIT researchers, who published a paper earlier this year that studied the platform and highlighted its security limitations.
Voatz pushed back against the paper, noting that it was based on an outdated version of the app, and claims that so far, despite many attempts, there has been no successful hacking of the platform. “A lot of the criticism is theoretical, but we work on the ground,” says Sawhney.
More sensitive than mobile banking
When advocates of mobile elections discuss security, they frequently point to digital banking as a point of comparison. Surely, if a system is safe enough to share your most confidential financial data, it can handle one vote every now and then? Not really. According to the ACE Electoral Knowledge Network, an initiative started by the UN in 1990 that collects election insight and researches election innovations, there are several significant differences between voting and conducting other sensitive transactions online.
The main concern is anonymity. Digital financial transactions rely on the ability to safely identify the person conducting them. But voting needs the opposite—the certainty that the voters can stay anonymous. Yet at the same time, they need to be able to prove their identity, adding a level of complexity.
The tension between secrecy and verifiability, says Koitmäe, is something Estonia, too, continues to try and improve upon. Both are essential for voter trust, and citizens need to be able to cast their vote in privacy, while the system needs to be able to ensure there is no fraudulent voting.
There is, too, the issue of intimidation. Voting from a mobile device, or from a browser, opens the way to potential threats. Because there is no guarantee of privacy as there is with in-person voting, someone could, for instance, force the voter to make a certain choice, and then demand to check how the vote was cast. To avoid this, says Koitmäe, Estonia allows voters to cast as many votes as they want, and only registers the last ballot cast before the close of the election, so someone can go back and make a different choice, if their previous vote had previously been coerced.
Sawhney, instead, is working on a different method for smart devices. Voters will be able to send a secret SOS message, which could be as simple as holding the phone at a certain angle, if they don’t feel free in casting their vote. Their selection wouldn’t be counted, and they can go back and vote later.
Hacking is, of course, another—if not the—major concern, especially since personal devices often lack strong protection against malware, according to experts. But issues of safety exist even with conventional voting machines connected to a network. Although it’s much easier to protect digital voting machines from hacking when they are under the surveillance of electoral authorities, research conducted on Diebold AccuVote-TS, the most widely used internet connected machines in the US, has found them to be alarmingly vulnerable to hacking.
“No system is perfect”
Still, more countries seem at least digital-voting curious. Brazil has recently put out an international bid to find internet-connected remote voting options. The Philippines might follow the example soon too, says Sawhney, who thinks that digital voting might be adopted in more countries within two to four years.
For the US, however, he expects a longer transition, although he says he can see some cities adopting digital voting by 2022, and all US overseas voters using digital voting by 2024. In eight years, he hopes, digital voting will be an option for all Americans.
While Voatz and the Estonia say their online voting systems have never been successfully hacked the likelihood goes up in relation to how important the election is, and how much interest there might be in swaying its results. “The biggest problem with a public election like in the US is the amount of money that the adversaries who want to disrupt the election are willing to spend,” says Avi Rubin, a professor of computer science at Johns Hopkins University and director of its Information Security Institute.
Rubin rejects the idea digital voting could be a safe option for public elections, particularly for arguably the world’s most important: the US presidential and congressional elections.
Evidence, he says, shows the interest in disrupting the US election is significant, including from foreign powers such as China, Russia, or Iran, and digital voting would expose the system to further vulnerabilities. Given the level of sophistication of potential attacks, the risks would be very high. Besides hacking, or identity theft, disruptions could be caused by diverting voter traffic to fake sites mirroring the election ones, sending them back to the true election site only if they vote in a certain way, or slowing down internet access in areas expected to lean towards an undesirable political direction, perhaps dissuading a few of the voters to cast their ballot.
“I think the election wouldn’t stand a chance,” says Rubin.
Sawhney concedes that no technology is beyond hacking, but he doesn’t think that means digital voting has no hopes of working. “No system is perfect, but the goal is to making the hacking so expensive that it’s not worth it,” he says.