Security in an electronic voting system


WHEN can malaysia implement electronic and internet voting? Given that the deadline is rather short, it is unlikely that a national use of electronic voting can be implemented for GE15.

However, Internet voting need not be too complicated.

For electronic voting, a lot of things need to be taken into account and need to be in place.

This includes election infrastructure (procurement and testing of new voting machines and associated manpower) and verification of ballot security which will require testing and verification of servers, level of independence vis- vis-à-vis the EC, auditors and many others.

For internet voting, servers and computers will definitely need to be installed, related software/web pages/applications need to be developed, and independent auditors and observers need to be appointed.

More importantly, the system should ensure the privacy, security and accuracy that can be achieved through various existing and widely used encryption technologies.

For online payments or other sensitive transactions, a secure web address will typically begin with “HTTPS” rather than “HTTP”.

This refers to Hypertext Transfer Protocol Secure (HTTPS) in combination with the Secure Socket Layer (SSL) or Transport Layer Security encryption protocols often used as a standard for secure Internet communications.

Other potentially more complete protocols exist such as Secure Electronic Transaction (SET) which is used to ensure the security, authenticity and confidentiality of economic transactions (such as credit cards).

For increased traceability and immutability of digital ballots, digital voting can be conducted on established public blockchain networks.

There is no need to create a dedicated blockchain, which reduces costs.

Blockchain technology uses real-world signatures through cryptographic techniques as well as encryption keys.

Of course, solutions exist, but the most important driver is political will.

Do our politicians want this? Does the Malaysian government have the will to increase voter turnout and reduce electoral costs?

Or are they motivated enough to improve education, social mobility, access to electronics and better incomes for people, especially in rural areas?

If we are to follow the Estonian model that voter identification depends on mandatory digital ID, online voting in Malaysia would also require something like the planned National Digital ID (NDID), a digital ID and authentication for verify a person’s identity in the digital world. .

Therefore, in terms of timing and alignment with other national initiatives, the National Registration Department (NRD) plan to upgrade 38 NRD documents by 2023 in terms of security features to maintain the authenticity of documents, should be harmonized with NDID, which can only be fully implemented in 2024 to provide one of the means or framework for authentication of voters.

As mentioned in the article “Electronic Voting in a Multi-Channel System”, access is only one factor in increasing voter turnout.

Therefore, initiatives such as Jendela Phase 2, which aims for 100% Internet coverage of the population and the increase in fiber optic broadband access to nine million premises by 2025, must coincide with better access to quality education, information, increased awareness of political issues, better socio-economic conditions and, above all, structural reforms that promote high standards of governance and more equitable policies.

This is the ideal situation for a national implementation of Internet voting.

As mentioned earlier, internet voting may not be that complicated and Malaysia can start with overseas citizens, out-of-state campus students, low-income groups, area dwellers rural areas, the elderly and people with disabilities.

Subject to the adoption and success of Internet voting, more groups may be gradually included to finally be offered nationwide one of the standard voting channels for all.

From this level, the NDID may not be necessary.

Existing voting systems that are generally secure (or as secure as possible) are already available.

How secure is it?

This is a widely debated space, especially between the leaders of companies or organizations that develop voting technologies and experts and researchers in computer science or cybersecurity.

Opposing experts often point to potential hacking issues, or that voters’ smartphones and laptops could be hacked by malware.

Even if this is not the case, and even if a receipt was provided as a paper trail, opposing experts argue that the votes could be intercepted or corrupted during transfer.

Some experts even go so far as to say that Internet voting cannot reach a level where it is completely safe and that nothing is superior to paper ballots.

Proponents have largely dismissed many claims, citing faulty reporting and biased research.

First, even the paper ballots and the commission that administers them have not been exempt from criticism of questionable fairness and integrity.

Do critics say that commissions are always completely trustworthy and that paper ballots are entirely error-free?

Second, we are talking about a multi-channel voting system, where Internet voting is first applied to a smaller group of people.

Therefore, technological evolution takes a cautious step to minimize risks, while meeting the needs of disenfranchised persons.

More importantly, other channels are not sidelined.

The physical deposit of ballots remains the main voting channel and it is now proposed to transform it into electronic voting machines.

Third, besides Estonia, proponents claim that there are cases of general elections in the United States where internet voting was used without any security flaws.

Other countries like Switzerland, Canada and France have also used Internet voting on different scales.

In Estonia, the process involves encrypting the ballots and authenticating the voter’s identity, followed by removing the voter’s identity before the votes are counted.

Throughout the process, there is a separation between the electoral commission, the auditor and the voters, involving the secure encryption-decryption of digital ballots and the secure movement of a sealed physical hard drive (or storage device that stores the digital ballots) which will be inspected by the auditors, with the final vote count in a computer isolated from the internet.

Additionally, the cryptography used would verify that the digital ballots have not been tampered with.

Fourth, Internet voting has been widely used in private sector organizations, especially in Japan.

Private sector online voting systems require the same elements as political elections – voter authentication, voter anonymity, secure ballot deposit and guaranteed ballot integrity.

Private sector online voting systems may use standard encryption used in the banking industry, such as high-speed SSL and SET protocols.

Fifth, with the much-vaunted Industrial Revolution 4.0, new technologies such as blockchain can further enhance the security of online voting by making transactions traceable, private, and immutable.

With the points above, we come back to the reviews with some food for thought.

Is there a level at which e-commerce or online money transactions are fully or totally safe?

Are these experts saying that nothing can beat the security of physical cash transactions locked away in a cash register?

Or are these security experts saying that e-commerce and online banking are just as risky and unreliable as Internet voting?

Aren’t we already widely using our smartphones and laptops, which critics point to as being riddled with malware, to do business and transact online?

Don’t we trust banks, financial institutions and e-commerce platforms with our money?

Sure, we don’t vote as often as we spend our money, but does that mean our money is worth less than our ballots?

Would the same cybersecurity experts have different opinions on the security of e-commerce and online transactions if their research had been funded by big tech and global technology leaders in the payments industry?

These large organizations have worked together to develop security protocols that many people trust when transacting online.

We don’t seem to trust voting on the internet to advance democracy in the same way that we trust our money to be kept in banks and transacted on the internet in a globalized world without borders to advance trade. Maybe we shouldn’t.

Is advancing democracy, transparency and inclusiveness less important than advancing capitalism?

Like many things, it comes down to the will and the destination of the money. When there is a will, there is a way.

Ameen Kamal is the Head of Science and Technology at EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research. Comments: [email protected]

Previous Inside the struggle to sell entry-level vehicles
Next Chinese-American firm plans to sell Hudson Yards building