Can we solve the problem of abstention through Internet voting? The subject has been agitating the political class since the first round of departmental and regional elections on June 20. For Véronique Cortier, Research Director at the CNRS and specialist in the security of communication protocols, it’s a little more complicated than that.
(Numerama) Is it possible to create a truly secure system for online voting?
Véronique Cortier: In the current state of knowledge, we do not know how to make an online voting system as secure as paper voting at the ballot box (when it is properly monitored). There are many difficult points: voter authentication (how can you be sure that it is the voter who is voting?), Resistance to buying votes and perhaps even more, transparency of the ballot: how can I be sure that my vote will be counted?
There are voting systems that address each of these points, but none solves all the problems together, especially if one wants a voting system that is simple enough for the voter. And in any case, it is much more difficult for a voter to understand than voting at the ballot box. In short, at the present time, there are no online voting systems that are sufficiently secure to be used in the context of a political vote with issues (regional, legislative, etc.).
Are the current experiments carried out (in France as elsewhere) around electronic and internet voting satisfactory?
VC: There is one example that I like, which is that of Switzerland. Switzerland has long been experimenting with electronic voting. She has an extremely open approach to citizens and scientists. Thus, Swiss regulations define very precisely the requirements to be met, such as the secrecy of the vote and the transparency of the ballot. The source code of the voting solution must be published, along with its detailed description (its “specification”). Before an election takes place, the new version of the system is subject to public scrutiny for several months. It is (legally) possible to attack the system and we are even paid for it! This is a so-called “bug bounty” program. This allows everyone to get a feel for the system and find problems before the system is used.
Thus, following the last bug bounty program, significant flaws had been detected and the use of online voting was suspended. The good news is that the loopholes were detected before the system was deployed on real elections in Switzerland. It would be appreciable for France to follow this process of transparency on the operation of the system, its documentation, its source code and the required security properties.
Is there an election that would lend itself better to this kind of ballot?
VC: Yes, there are several “good” reasons for using online voting. These are first of all cases where the elections are already held by correspondence, because the voters cannot come. Paper voting by correspondence generally offers very poor security: one cannot be sure that the right ballots are counted, perhaps they do not even reach their destination. And if they arrive at their destination, how can I be sure the recipient doesn’t take the opportunity to look for who I’m voting for?
Another reason to use online voting is when the ballot is complex. For example if there are a very large number of questions (this is the case in Switzerland, the United States) or if the voters rank the candidates in order of preference. It then becomes difficult to count the ballots by hand.
With the ballot box voting, we are at a very high level of security and transparency
In general, a good question to ask is: what solution does online voting replace? Is security decreasing or increasing compared to the system already in place? Clearly, compared to ballot box voting like the one organized for regional elections, we are at a very high level of security and transparency and online voting can only worsen the situation.
How to ensure the sincerity of the vote in these circumstances?
VC: It is not an easy question and yet it is very important. There are several possible approaches, I will describe a very classic one, like the one we use in the online voting system that we offer, Belenios.
When the voter votes, his choice is encrypted on his computer, this forms the (encrypted) ballot which is sent to the voting server, which centralizes the election. The voting server then publishes the ballot to a public ballot box (eg a web page) and the voter can verify that his ballot is in the ballot box.
To count the election, several authorities will decipher the ballots (each has a piece of key, as in the opening of safes). To preserve the secrecy of the vote, the ballots will first be mixed and “re-randomized”, an operation which makes it possible not to recognize them, without changing the content. On the other hand, the authorities produce a mathematical proof, called “proof with zero disclosure of knowledge” (yes, yes, that is an extended name), which ensures that they have correctly deciphered all the bulletins, without forget or add more. Thus, everyone can verify that the result corresponds to the encrypted ballots present in the public ballot box, even you. Now, in practice, you probably don’t have the technical knowledge to verify this evidence. But “anyone” can do it, as well a group of hackers, as scientists or experts that you will have mandated.
There is still one delicate point: how can I be sure that my voting computer has encrypted “Titi” if I wanted to vote for “Titi” and that it has not encrypted “Fat Twink” instead? This is a point that we do not deal with in Belenios. Solutions exist, in Switzerland for example, but they require the voter to receive additional voting material.
It is impossible to know if a person who votes by Internet is not under pressure when it comes to putting his ballot in the electronic ballot box. Isn’t that a fundamental problem?
VC: Absolutely, with electronic voting, there is no longer a voting booth, we cannot know if the person is alone when they vote. We know of stories where voters (for professional elections) were “invited” to vote using the local union office computer (“because it is convenient”). Not necessarily easy to vote for the competing union in this case.
With electronic voting we cannot know if the person is alone when they vote
However, there are limits. First, several systems offer a defense: for example, you can vote later and only the last vote is taken into account. So you vote for the union when you’re in the room, and you start over later. It’s not perfect, but it limits. Secondly, it is not feasible on a large scale, whereas the purchase of votes by purchasing the identifiers can be done more widely.
In short, it is an important problem, which does not seem to me to be the ” most important »In the sense that there are worse, but it is indeed one of the difficulties.
Do you think electronic and internet voting could really lower abstention? Or change the voting trends to a minimum?
VC: There have been studies on the subject in other countries and the general trend of these studies suggests that no, it does not change abstention, or marginally. Indeed, it can change a little who votes and therefore potentially the result. This is not my research subject, but a report written by Belgian colleagues speaks about it.
Editor’s note: In this report, we can read that ” in France, internet voting had no impact on the participation rate. Voting by the internet has had a negative impact on the number of valid ballots. There are few differences between paper votes and internet votes, even if the right-wing parties seem most popular among voters voting over the internet. “