Online Voting: The technology is now here.
In 2013, I co-authored a paper on online voting with Professor Schwartz. In it, we looked at various experiments in online voting and the risks and challenges to using them in Canadian elections. We found that in order to implement online voting, government would need to be able to convince voters that the system met the following democratic principles we expect in a voting system:
facilitated accessibility and reasonable accommodation
voter anonymity
fairness
accurate and prompt results
comprehensible and transparent processes
system security and risk assessment
detection of problems and remedial contingencies
legislative certainty and finality
effective and independent oversight
cost justification and efficiency
The full paper can be found here:
https://elections.ca/content.aspx?section=res&dir=rec/tech/elfec&documen...
A decade later, the findings are more relevant and the technology required to make online voting successful is now commonplace. Our findings in 2013 were that for an online voting system to be safe and trustworthy, both the technology and legislative framework needed to be in place. If we look at cryptocurrency and the block chain technology, we now have the ability to allow voters to both cast a secret ballot and have the assurance that the vote cannot be changed by using advanced mathematics and personalized secret keys. In BC, the BC services application on smart votes along with two factor identification (ie, where you get texted a code) provides nearly more security than in-person voting where ID cards could be faked, or mail in ballots where the ballots could be intercepted or a voter may never know whether they arrived. Voter identity can be checked by video or in person to make sure they are the real voters and secure phone technology can further verify voters are residing in BC.
Now, I understand some people fear that technology can be hacked by domestic or foreign players. The reality is that we can and do design systems that are safe and can not be hacked. When we hear of governments or big business being hacked, it is almost always because someone's computer has remote server access and they clicked on the a hacked email, or a website has an external administrative login or public facing database and used an insufficiently long password (notwithstanding silly stories of public officials installing voting machines onto new computers and leaving default as the password). Even the risk of internal bad actor can be mediated by having proper access controls and certain systems partially or completely offline. By using and installing only hardened servers with proper firewalls, limited services and software installed, and offline ballot processing, the voting process can be entirely safeguarded.
To implement online voting we still need to ensure the legislation and electoral authority are equipped for disasters. While redundant technology can safeguard the system and ensure the vote is accurate, voters still need the confidence that if there was a threat or a disruption, paper ballots will always be a backup option.
To ensure online voting is safe, as well as protect foreign interference in our elections in general, votes need to have confident that our electoral authorities have the power to deal with unknowns even if comprehensive measures. In other posts I will go into reforming the electoral authority.