Cybersecurity and transparency of system designs are crucial to making internet voting a reality in the UK
A group of the country’s foremost experts in electronic voting (e-voting) have published a paper that sets out the technological and societal challenges that the UK must overcome for internet voting to be deemed secure and reliable.
While several countries have introduced some limited forms of internet voting, Estonia became the first to implement permanent national online voting. Although electronic voting was introduced into the UK Parliament for the first time during the COVID-19 lockdown, providing secure online voting to all, as recommended by the UK’s Digital Democracy Commission in 2015, has proven to be more challenging.
In a new thought paper written by the Institute of Engineering and Technology’s (IET) e-voting working group, chaired by Professor Steve Schneider from the University of Surrey, cybersecurity experts detail the issues such as the design, deployment and operations that need to be overcome to make internet voting a reality in the UK.
Some of the key points from the paper include:
- Cybersecurity is a critical challenge for internet voting. Technology is not currently in a position to address the range of cybersecurity threats that could undermine an internet voting system.
- Given the critical nature of elections and the requirement for public trust, transparency of the system design will be essential. Open reviews and trials will be necessary. The system design will need to integrate mitigation strategies that protect elections in the case of a cyber-attack.
- Internet voting should be considered as an additional voting channel rather than a replacement of traditional voting channels. One of the objectives of any electoral process is to be as inclusive as possible. It’s crucial that solving an accessibility issue doesn’t generate a digital divide.
- Current technology is suitable for elections in low-coercion environments. These include elections within companies and other organisations, and for elections where the secrecy of the ballot is not required – for example, shareholder ballots or votes within Parliament.
Professor Steve Schneider, Director of the Surrey Centre for Cyber Security at the University of Surrey, said: “The cybersecurity risks and the imperative to ensure a level playing field during a secret ballot election makes internet voting uniquely challenging. In this report, we set out what policymakers and technical experts must do to clear the significant hurdles.”
Note to editors
Read the full report.
The IET’s e-voting Working Group: Steve Schneider (Chairman), Nick Coleman, Richard Crowther, Eric Dubuis, Aggelos Kiayias, Dave Palmer, Jordi Puiggali, Awais Rashid, Mark Ryan, Barbara Simons and Thomas Zacharias.