Online voting: necessity of end-to-end verified ballots

The vast majority of daily life is conducted through the screen of a smartphone. From depositing checks to communicating across the world, there is hardly anything we cannot do online… until the first Tuesday after the first Monday in November. With the exception of absentee and early voters, every intended voter must make the dreaded trek to the polls. Nothing makes a person impatient like a U.S. presidential election, but we will have to wait a while longer for secure online voting to be an option. While voting by iPhone sounds like a great alternative, it presents more challenges than it solves at this point in time. However, rapid advancements in cryptography and technology make voting from home almost plausible.

Remote voting already occurs for certain subsets of voters. For example, 23 states and the District of Columbia allow absentee ballots to be returned over email and five other states allow voting through an online portal. For many remote voters like those living abroad or with disabilities, the use of online voting is not a choice but rather a necessity. Having the ability to vote online is about accessibility and alternatives to traditional voting methods allow them to more actively participate in democracy. Only 7% of the three million eligible voters living abroad (and paying taxes) voted in 2016 elections according to the Federal Voting Assistance Program’s biennial Overseas Citizen Population Analysis. This poor turnout highlights the need for improvement and advancement of our voting systems. Rather than focus on the flaws of potential online voting platforms, we may be better served by considering the question of online voting in terms of improving it where it already exists. End to end verification is a necessary condition for potential online voting schemes because it allows for elections to be audited and ensures that there is accountability for the overall tally and individual ballots. 


End-to-end verification (E2E) of ballots by voters, administrators and the public offers great potential for boosting security while retaining the privacy of a secret ballot. Secret ballot elections provide numerous advantages over open elections including, but not limited to, allowing voters to cast their ballots without being influenced by intimidation, blackmailing or money made by selling their vote. It is speculated that E2E cryptographic voting methods will face more scrutiny not for being more or less secure than current methods, but rather for being new and difficult to understand. For this reason, it is important that a concrete definition of “secret” is created and that cryptographers and other professionals in the field are able to advocate for their systems and prevent unfavorable precedents. It is important to note that it does not mean that verification has to occur at each step and that E2E-V is a property that can be achieved in an election rather than a single cryptographic method. E2E systems function very similarly to poll books stored by Parliament.

However, with respect to voting over the internet, there are many obstacles that must be overcome before applying it on a national scale. First, servers pose a threat to the security of elections over the internet. Dishonest servers could change the outcome of an election by replacing real ballots with fake ones. A corrupt server could potentially break the secret ballot or an individual aware of the methods used could undo the encryption. The latter has a low probability of occurring because there is not an effective algorithm for computing discrete logarithms but is still a concern. Electronic versions of ballots are subject to tampering with ballots such as deletion, replacement and modification. Like any voting system, a bad actor could claim that his or her vote was not accurately captured. The confidence in an election is easily eroded so even though such claims can be discounted by security experts, many bad actors acting simultaneously would quickly jeopardize the legitimacy of an election. This can be remedied by adding more methods of review to reduce risks and detect security violations as well as by conducting rigorous audits to improve the confidence of election outcomes. Likewise, internet voting schemes are subject to denial of service attacks and malware on less regulated personal devices that we do not yet have the technology to address.

By Teresa Jones