The Centre of information technology and systems
About us
News
Internet voting in Lithuania: theoretically possible, but lacks public trust
.png)
2024-04-19
Internet voting in Lithuania: theoretically possible, but lacks public trust
With the third election approaching, the discussion about internet voting as the solution to increase the number of voters and simplify the vote count is becoming more frequent. While some list the advantages of such voting, others see threats. We discuss this subject matter with habil. dr. Antanas Cenys, a professor at the Faculty of Fundamental Sciences (FMF) at Vilnius Gediminas Technical University (VILNIUS TECH).
All systems are vulnerable
One of the biggest problems pointed out by cybersecurity experts regarding internet voting is the vulnerability of systems. During elections, there is fear that the hackers of hostile countries could attempt to infiltrate the system and influence the voting process. In the opinion of VILNIUS TECH's professor, such scenario is possible, however, unlikely.
"All systems, even the most resistant ones, can be hacked. The question is - when, by whom, and at what cost. For instance, even online banking systems can be hacked and still we continue to use them because their convenience factor. We assess if that convenience outweighs the risk," says the Head of the Information Systems Department, A. Cenys.
When evaluating the possible attempt of unfriendly countries to hack internet voting, it should be noted that there are simpler and cheaper ways to influence election results. "The question is, what is the aim, how much effort would it require, and whether it's really worth it. For election results not to be annulled, they cannot significantly differ from public opinion polls," explains the professor.
Programming code – closed or open source?
The strength and resistance to intrusions of systems also depend on the type of code used in their creation.
For example, Estonia uses closed-source programming for its internet voting, so in this case, only the developers or selected experts know how their system is built. According to Prof. habil. dr. A. Cenys, this can be an advantage for security purposes as vulnerabilities are then less exposed and exploitation of them less likely. On the other hand, trust in closed-source systems is always limited. The average voter does not know how the system is built, whether everything is fine with it, in other words, whether the system was not deliberately created with vulnerabilities or programmed to allocate more votes to one candidate.
Meanwhile, open-source systems can theoretically be verified by anyone knowledgeable. There are even open-source platforms designed for creating electronic voting systems (e.g., "Microsoft Election Guard"). Concealing vulnerabilities in such systems is much more complicated.
Secret voting - through electronic government gates
Another dilemma is how to keep the voting secret when logging in to the voting platform is required - one would have to use electronic government gates and verify their identity. This could possibly violate the constitutional requirement for secrecy.
"What is being voted for is cryptographically encrypted in electronic voting. To ensure that the voter can check whether their vote was actually counted, there is what is called end-to-end verification. A person can monitor the status of their vote from the moment of voting until the end of the elections," explains Prof. habil. dr. A. Cenys.
The system does not allow seeing what the vote was for. This protects the legitimate choice of the citizen. The system also prevents individuals, using someone else's authentication, from seeing their expressed opinion and attempting to influence their choice. To reduce the impact on the voter, it is possible to change their choice several times while voting online.
"For the same reason, mobile phones cannot be taken into the voting booth: interested parties can bribe the voter and demand to photograph their ballot as proof. The internet voting system can perfectly encode everything. However, the weak point in this case could be the person himself, if they choose a weak password, disclose it to others, or write it down on a piece of paper and keep it next to the computer," says the VILNIUS TECH scientist.
Which signature is more authentic?
Both in conventional and electronic voting, the voter must sign. But are these two signatures equivalent? Professor Dr. A. Cenys claims that these signatures do not differ legally, but practically there is a difference, which poses a certain threat to internet voting.
"The essential difference is that I can pass my electronic signature on to someone else, for example, to my wife, for her to sign for me online, which can’t be done through the conventional method. Meanwhile, when voting in person, I cannot pass on my signature to anyone, and I must enter the booth alone. However, when voting electronically from home or work, we cannot guarantee that someone is not behind the voter's back," notes the professor.
Nevertheless, when voting electronically, there are several safeguards if a person were forced to vote against their choice. In such systems, there is the possibility to cancel one's vote until a certain time and vote multiple times, excluding previous votes. "Here arises another problem - what if someone else cancels my vote, against my will, using my login?"
The biggest problem - lack of trust from voters
When discussing the advantages of electronic voting, it is often emphasized that it will be cheaper, more convenient for the user, as it will save time, and more people, especially the young ones, will participate in elections. However, A. Cenys sees several problems here:
"Elections in Lithuania do not happen so often that the electronic voting system would financially pay off. Another fundamental problem with elections is the voters' attitude towards the importance and significance of their vote. In many countries, it is observed that the voter turnout is gradually decreasing. Although some people vote out of the sense of duty, the number of those who believe in the significance their vote is increasing."
Another problem that the professor sees is the distrust of people in new digital systems. According to A. Cenys, voters feel much calmer when they can monitor the progress of the elections, the commission, the vote counters. However, when voting online, they have additional questions about whether the computer counted everything correctly, whether the vote was indeed assigned correctly, and where they can complain if suspicions occur.
Similar examples can be found abroad. France and Finland, which have experimented with electronic voting, eventually have abandoned this method of voting. In Estonia, politicians who have run for office have expressed distrust in the voting system and the legitimacy of the elections themselves. However, the example of our neighbour shows that over time, the number of people voting electronically has grown: in the first elections, only a few thousand voters participated, but last year - more than half of voting population.
"With time, people get used to it and start appreciating the advantages. The most important question in this situation is - what to do to make elections more reliable in the eyes of society?" asks the scientist.
Although internet voting has many advantages, Prof. habil. dr. A. Cenys concludes that the pros do not outweigh all the risks and disadvantages: "Electronic voting is not widely spread worldwide yet. It is not riskier than other internet services we often use, but to offer it to voters as an alternative, we need to convince society that it is not risky, and that's complicated. The example of Estonia shows that the popularity of such systems has grown over time. We can only hope that with the digitisation accelerating in all areas of life, it will also affect the electoral process."
The article was prepared by Milda Mockunaite-Vitkiene, Internal Communication Project Manager at VILNIUS TECH Public Communication Directorate.
Photo by Aleksas Jaunius.
All systems are vulnerable
One of the biggest problems pointed out by cybersecurity experts regarding internet voting is the vulnerability of systems. During elections, there is fear that the hackers of hostile countries could attempt to infiltrate the system and influence the voting process. In the opinion of VILNIUS TECH's professor, such scenario is possible, however, unlikely.
"All systems, even the most resistant ones, can be hacked. The question is - when, by whom, and at what cost. For instance, even online banking systems can be hacked and still we continue to use them because their convenience factor. We assess if that convenience outweighs the risk," says the Head of the Information Systems Department, A. Cenys.
When evaluating the possible attempt of unfriendly countries to hack internet voting, it should be noted that there are simpler and cheaper ways to influence election results. "The question is, what is the aim, how much effort would it require, and whether it's really worth it. For election results not to be annulled, they cannot significantly differ from public opinion polls," explains the professor.
Programming code – closed or open source?
The strength and resistance to intrusions of systems also depend on the type of code used in their creation.
For example, Estonia uses closed-source programming for its internet voting, so in this case, only the developers or selected experts know how their system is built. According to Prof. habil. dr. A. Cenys, this can be an advantage for security purposes as vulnerabilities are then less exposed and exploitation of them less likely. On the other hand, trust in closed-source systems is always limited. The average voter does not know how the system is built, whether everything is fine with it, in other words, whether the system was not deliberately created with vulnerabilities or programmed to allocate more votes to one candidate.
Meanwhile, open-source systems can theoretically be verified by anyone knowledgeable. There are even open-source platforms designed for creating electronic voting systems (e.g., "Microsoft Election Guard"). Concealing vulnerabilities in such systems is much more complicated.
Secret voting - through electronic government gates
Another dilemma is how to keep the voting secret when logging in to the voting platform is required - one would have to use electronic government gates and verify their identity. This could possibly violate the constitutional requirement for secrecy.
"What is being voted for is cryptographically encrypted in electronic voting. To ensure that the voter can check whether their vote was actually counted, there is what is called end-to-end verification. A person can monitor the status of their vote from the moment of voting until the end of the elections," explains Prof. habil. dr. A. Cenys.
The system does not allow seeing what the vote was for. This protects the legitimate choice of the citizen. The system also prevents individuals, using someone else's authentication, from seeing their expressed opinion and attempting to influence their choice. To reduce the impact on the voter, it is possible to change their choice several times while voting online.
"For the same reason, mobile phones cannot be taken into the voting booth: interested parties can bribe the voter and demand to photograph their ballot as proof. The internet voting system can perfectly encode everything. However, the weak point in this case could be the person himself, if they choose a weak password, disclose it to others, or write it down on a piece of paper and keep it next to the computer," says the VILNIUS TECH scientist.
Which signature is more authentic?
Both in conventional and electronic voting, the voter must sign. But are these two signatures equivalent? Professor Dr. A. Cenys claims that these signatures do not differ legally, but practically there is a difference, which poses a certain threat to internet voting.
"The essential difference is that I can pass my electronic signature on to someone else, for example, to my wife, for her to sign for me online, which can’t be done through the conventional method. Meanwhile, when voting in person, I cannot pass on my signature to anyone, and I must enter the booth alone. However, when voting electronically from home or work, we cannot guarantee that someone is not behind the voter's back," notes the professor.
Nevertheless, when voting electronically, there are several safeguards if a person were forced to vote against their choice. In such systems, there is the possibility to cancel one's vote until a certain time and vote multiple times, excluding previous votes. "Here arises another problem - what if someone else cancels my vote, against my will, using my login?"
The biggest problem - lack of trust from voters
When discussing the advantages of electronic voting, it is often emphasized that it will be cheaper, more convenient for the user, as it will save time, and more people, especially the young ones, will participate in elections. However, A. Cenys sees several problems here:
"Elections in Lithuania do not happen so often that the electronic voting system would financially pay off. Another fundamental problem with elections is the voters' attitude towards the importance and significance of their vote. In many countries, it is observed that the voter turnout is gradually decreasing. Although some people vote out of the sense of duty, the number of those who believe in the significance their vote is increasing."
Another problem that the professor sees is the distrust of people in new digital systems. According to A. Cenys, voters feel much calmer when they can monitor the progress of the elections, the commission, the vote counters. However, when voting online, they have additional questions about whether the computer counted everything correctly, whether the vote was indeed assigned correctly, and where they can complain if suspicions occur.
Similar examples can be found abroad. France and Finland, which have experimented with electronic voting, eventually have abandoned this method of voting. In Estonia, politicians who have run for office have expressed distrust in the voting system and the legitimacy of the elections themselves. However, the example of our neighbour shows that over time, the number of people voting electronically has grown: in the first elections, only a few thousand voters participated, but last year - more than half of voting population.
"With time, people get used to it and start appreciating the advantages. The most important question in this situation is - what to do to make elections more reliable in the eyes of society?" asks the scientist.
Although internet voting has many advantages, Prof. habil. dr. A. Cenys concludes that the pros do not outweigh all the risks and disadvantages: "Electronic voting is not widely spread worldwide yet. It is not riskier than other internet services we often use, but to offer it to voters as an alternative, we need to convince society that it is not risky, and that's complicated. The example of Estonia shows that the popularity of such systems has grown over time. We can only hope that with the digitisation accelerating in all areas of life, it will also affect the electoral process."
The article was prepared by Milda Mockunaite-Vitkiene, Internal Communication Project Manager at VILNIUS TECH Public Communication Directorate.
Photo by Aleksas Jaunius.
.png)
.png){kind=link}