Trust is paramount in electronic voting

Katrin Nyman-Metcalf:

Trust is paramount in electronic voting

PanARMENIAN.Net - In the framework of constitutional reforms in Armenia, the new electoral code addresses the introduction of electronic voting among other things. PanARMENIAN.Net spoke to Katrin Nyman-Metcalf, the Head of Research at the Estonian e-Governance Academy and the Head of the Chair of Law and Technology at Tallinn Law School about the peculiarities of e-voting in Estonia and the challenges the system faces worldwide.
Estonia has held electronic voting a total of five times. What conclusions can be drawn from the system on the basis of this experience? What are the strengths and weaknesses of the system?
No breaches of the system have been reported, despite attempts both by opponents and people testing it to “break” it. So the first conclusion is that it is secure. (During the last parliamentary election, the results were to be adjusted due to an unclear vote on a ballot. This showed people that online or electronic voting can in fact be more secure than the traditional voting system.) The internet voting is getting increasingly popular, and not just among young people or urban residents. However, a less clear conclusion is the efficiency of e-voting in terms of participation rates: in the penultimate European Parliament elections, Estonia registered a relatively high turnout. Many attributed the result to the e-voting system, but the country's voter turnout was lower during the next EP election. So it’s not really possible to determine whether the internet voting affected the participation rates.

The system is generally safe, user-friendly and has been accepted by many. It at least makes voting easy for people who travel or live abroad, thus keeping them interested in elections. However, it is embraced by people who are involved and might vote anyway. So it has not managed to attract all categories of people: reasons for them to vote or not appear to have quite little to do with how easy it is. The internet voting has not changed much thus.

At one point, an international team of experts tested a “copy” of Estonia’s electronic voting system. Allowing hackers to test the system for durability, the researchers identified a number of vulnerabilities that enable manipulating election results. In general, how is the security of e-voting system ensured in Estonia today?
None of the attempts to manipulate the voting actually worked, with no vulnerability affecting the results. The system is regularly tested and checked for further refinement. One important aspect is its transparency which reveals details as to how it works. The votes are encrypted and can only be decrypted in a secure manner. Each voter can verify their vote has reached the server from which it is counted. This part has been improved so that people know their votes are counted. Independent observers can follow the vote counting process (pretty much like traditional voting).

What was the cost of Estonia’s introduction of the e-voting system?
It is very difficult to answer this question. To participate in elections, people must possess secure electronic IDs in the form of ID-cards or mobile ID. Estonians do have such IDs which they use daily for many other things. So this doesn’t really cost much as such. But if a country does not have the IDs, they will first have to introduce them. This is a time-consuming process and is quite expensive when first installed. Later on, costs are soon compensated, but only if the IDs are used for other services too. Internet voting also saves on paper ballots and related costs, with no special equipment needed. Here we have to be clear about the terminology: many countries use some form of “electronic voting” where certain machines are used, whereas the Estonian system uses regular internet.

A considerable distrust for the institution of elections is generally observed in Armenia. In recent years, in particular, the results of no election campaign have been recognized by the opposition. How effective do you think will the introduction of electronic or online voting system be, given the lack of confidence in elections? Will it increase confidence in electoral processes, or vice versa?
As I mentioned before, internet voting hasn’t shown to be insecure, but people may still distrust it. The level of distrust depends on both the general level of confidence in the political system of the country and on the level of computer literacy. Estonia is advanced in e-governance in general and is a world leader in internet banking, with many people quite accustomed to using electronic services here. Although Armenia does have some electronic services, the e-government is not as widespread as it is in Estonia. So electronic voting might appear strange to some people. Also, voters need to have confidence in the government in the first place to further trust electronic voting. Internet voting shouldn’t thus be among the first elements of e-governance to be introduced but rather come a bit later to strengthen democracy and governance.

During elections, political forces can observe the voting process through observers and members of election commissions. Do Estonian political forces have access to the process of monitoring the results of electronic voting during elections? How is the process organized? Or, perhaps, only the Central Electoral Committee is engaged in monitoring activities?
Observers can monitor the electronic counting too by contacting the Central Electoral Committee. The process is similar to that of regular voting.

What do you think is more appropriate: implementation of the system at the national level, or initial probation in local elections?
It does not really matter, but as I said before trust is of special importance. It might be a good idea to launch the system locally, as it is always easier to start with a pilot and probably have more trust. In any case, however, a secure ID system is needed, and unless there is already an existing one, it can be expensive and complicated to create such a system just for a small region.

Did the first election get international independent experts’ assessment? What feedback has been received?
Estonian elections are regarded as free and fair by all relevant international observers, in line with the highest international standards. There has been a great interest in the internet voting system. However, as there are no other examples of such a system, the assessments differ from those of traditional election. Some international observers are skeptical, given the uniqueness of the system, but as I said before, no serious and convincing examples of breaches or problems have been registered. I believe skeptical remarks stem from a general skepticism of e-governance, elections being just one aspect of it.

It is important to include a possibility of correcting the vote in any internet system, with only the last vote counting. This feature also minimizes possibilities of electoral fraud. People can otherwise go and vote in person (in the pre-voting available a few days before election day in certain locations) in which case only that vote counts.

How did the system further develop? What peculiarities does it have now?
One important improvement was the feature of verification of votes in response to some observers' fears, suggesting that votes may disappear, paving the way for manipulation.

Also, some technical aspects of the system have also been upgraded to make it more transparent.

It is noteworthy that when the system was first introduced, the then President made a claim to the Supreme Court for pronouncing on the legality and constitutionality of the system. The court found it was in line with the constitution.

What do other countries need for the successful adoption of the system operating in Estonia?
Other countries need both practical (ID system) and philosophical (certain level of trust) measures. The system should form a part of e-governance and not be implemented as a sole reform. Data protection legislation and implementation must also be in place to strengthen peoples' trust in public data handling in general.