The discussion around electronic voting machines (EVM) seems to be heating up.
Last week, Prime Minister Imran Khan received a detailed demonstration of locally made electric cars. Although the Minister of Science and Technology Shibli Faraz claimed that these machines "cannot be hacked," the Prime Minister expressed his hope on Twitter, "Ultimately we will hold elections in Pakistan and all participants will accept the results."
Faraz reiterated the statement that EVM is "unbreakable" at a media briefing held in the Parliament building later, and once again proposed that electronic voting is a solution to manipulation. However, it is encouraging that he accepted the decision by the Election Commission of Pakistan (ECP) to approve or reject these machines, and invited legislators and the opposition to test these machines.
ECP continues to express reservations to EVM. But the past few weeks have also made significant progress on the issue of electoral reform. The government has also softened its position and seems to be keen to adopt a more conciliatory approach. There also seems to be some behind-the-scenes progress in getting the opposition to join. Civil society organizations are actively carrying out activities. The Senate is beginning its deliberations.
But the issue of election technology remains a big challenge. This is an attempt to explain why this question is not black and white, and why you need to be careful when evaluating it. But first is the good news.
Benefits of election technology
Electoral technology is a mystery. It does bring verified and documented benefits. The introduction of EVM and Results Transmission System (RTS) has greatly accelerated the speed of results reporting. This is a blessing to developing countries such as the Philippines, various African countries, and even Pakistan, where long-term delays in counting and reporting often provide opportunities for tampering with votes.
EVM has also greatly reduced India’s polling station fraud. Unlike paper elections, EVM can prevent ballot marks from being incorrectly marked and damaged, ensuring that each ballot is valid.
Technology may be more inclusive. Studies have shown that voters find that electronic voting is more user-friendly and more reliable. Researchers report that EVM has significantly enhanced the capabilities of disadvantaged groups in India. An experiment in the United States found that using mobile devices to vote can significantly increase voter turnout by three to five percentage points. Internet voting can provide the right to vote for overseas citizens, foreigners, military personnel, and diplomats. Citizens from countries such as Estonia, Brazil, and India that have a prominent history of electoral technology innovation are often very proud of their electoral infrastructure.
Technology may also be more cost-effective: the management cost of e-voting in Estonia is about half of using traditional systems. Automation can also greatly reduce the huge manual workload involved.
A good example is Indonesia, which is now seriously considering switching to electronic voting. Indonesia recently merged presidential elections and regional elections into the world's largest single-day voting event. This involves approximately 7 million election workers and security personnel who work in the hot summer. More than 550 of them died of fatigue, and thousands were hospitalized due to fatigue. In this case, technology can play a key role.
These benefits of technology are undeniable and definitely worth pursuing. However, election technology also has a dark side.
The dark side of election technology
Almost all carefully investigated voting systems—EVM or Internet voting platforms—have been hacked. In most cases, hacking is very easy. There is even a YouTube demo on the subject.
Defcon, the world's premier security conference, is now hosting an annual election technology hackathon, aimed at educating policy makers, election administrators, and civil society. In the 2019 iteration, the organizers collected 100 voting machines, each of which was certified for use in one or more states in the United States. Everyone was hacked throughout the weekend. Well-known expert organizers on election security commented in their report: "Although this result is disturbing, we have noticed that at this point, it is an unsurprising result."
Similarly, technology does not necessarily inspire confidence in citizens and reduce distrust. I wrote about India before, where prominent opposition parties, civil society, and technical experts are now strongly calling for the lack of transparency, ineffective audits, and procedural violations of the EVM. Venezuela has one of the oldest and most advanced EVM deployments in the world, and elections are often controversial.
Technology can't tame savage instincts. In some parts of India, elections are still fierce and violent. Just in May of this year, after the parliamentary elections, post-voting violence in towns and villages in West Bengal resulted in 25 deaths and 7,000 women being sexually harassed. In 2019, a village was set on fire. In Venezuela, weeks of violent street protests occurred before the 2017 polls, in which 125 people were killed.
However, the biggest impact is the United States, which has just witnessed its most controversial election in two decades. According to some polls, only about 60% of Americans believe that Joe Biden’s victory is actually legal. Currently, several swing states are conducting highly controversial audits of machines, votes, and processes.
As of March this year, 47 state legislatures have proposed a staggering 361 election reform bills to reconfigure voting laws. Georgia, Arizona, and Florida took the lead in actively implementing these new rules. During the year, we are likely to see a decisive battle in the U.S. Supreme Court. In contrast, the famous Al Gore/George Bush conflict in 2020 seems almost civilianized.
These negative factors are equally undeniable and very disturbing. I believe that the latest developments in electoral technology give us great reasons to be optimistic, but we need to act very cautiously. There are several big questions that need to be solved: Why is election technology so complicated? What path should we take? What mistakes do we need to avoid?
Voter privacy and election integrity
People usually think of electronic voting as an IT (information technology) issue, which is the work of a computer expert or professional software team, such as building a website or building an application.
As a person working in this field, these are the questions I get asked most often: If you can bank and shop online, why can't you vote online? Isn’t it a problem to conduct billions of dollars in digital transactions around the world every day? Why bother about EVM when we already have ATMs on every street corner? At the end of the day, isn't this all information transmitted over wires?
This comparison is completely natural, but it is also completely wrong. For decades, the information security community has been opposed to it. I personally think this is a good opportunity to convey the depth and scale of the electoral technical challenges and why it is difficult to get it right.
The biggest problem is secret voting.
Through online banking and online shopping, we maintain the integrity of the process by ensuring that every transaction and every step is strictly checked and balanced. Strict security solutions and fail-safe mechanisms are deployed, detailed logs are maintained, and information is backed up in distributed data centers.
But for elections, voting must be anonymous. Our concept of voter privacy can be traced back to ancient Greece thousands of years ago, and today it is recognized as a basic right enshrined in the Universal Declaration of Human Rights. All identifying information was deliberately stripped from the vote. It is now impossible to track individual votes-which is entirely as it should be-but, following this logic, it is almost impossible to detect any tampering. This is a good thought experiment to try for yourself-if you can't track something, how do you protect it?
Using a physical ballot box can easily ensure the privacy of voters. Putting multiple ballots into a box will automatically anonymize individual ballots. Observers and cameras can track the box. But the electronic voting system is actually a "black box"-people can no longer see what is happening inside. EVM often fails, loses, adds or switches votes.
Researchers have identified many security vulnerabilities that can be easily exploited by attackers. In some systems, voters can manipulate the results with the push of a button. In the event of an accident, there were no receipts or logs available for review, and no backups in the remote data center.
If the attacker is capable, the incident may not even be discovered. Moreover, unlike paper, it is equally easy to change one vote or one thousand votes in the digital realm. Experts have long warned of the paradox that in most cases, electronic voting systems are actually more susceptible to manipulation than paper elections.
This inherent tension between voter privacy and election integrity is the reason why Ireland and Germany abruptly terminated their EVM deployments, and why many other countries choose to stay away from this Pandora's Box. At that time, more than ten years ago, there was no way to assure citizens that machines were processing their votes correctly. Other countries, including India and the United States, have chosen a mixed route, introducing a voter verifiable paper audit trail (VVPAT) as a backup mechanism.
This problem is especially obvious for Internet voting where there is no paper record. Before last year’s U.S. presidential election, the U.S. Department of Homeland Security distributed a confidential report to election officials in all 50 states, warning against “high-risk” Internet voting, and warning that attackers could easily be undetected. Circumstances to manipulate a large number of votes.
Banks also use advanced security features, such as multiple passwords, transaction codes, two-factor authentication, and voice biometric technology, which are too expensive and impractical for elections. Banks are still being attacked by hackers and suffer huge losses every day.
Cybercrime is an unusually large industry: a study estimated that the losses amounted to US$6 trillion-if cybercrime were a country, it would become the world's third largest economy after the United States and China. Another study estimated that the amount of online payment fraud between 2021 and 2025 was US$206 billion, which is 10 times the current net income of the global giant Amazon.
The way we recover from attacks and incidents is also very different. Banks are usually able to use detailed tracking mechanisms and logs to combat fraud and reverse transactions. They conduct detailed forensic investigations and collaborate with each other. In fact, quite a lot of money was recovered. This is difficult to do in elections.
The risk sharing strategy is also different. To quote election security expert David Jefferson: “Compared with e-commerce fraud, voting fraud is more difficult to manage. The natural business practice of “sharing costs” or “sharing risks” has no election analogy. There is no way to illegally disqualify unqualified voters or attackers. "Loss" caused by voting is passed on to other voters, and votes changed by malware cannot be restored. No one can buy "insurance" to make up for these losses. There is no way to make up for the damage caused to the election."
Another crucial security difference: In stark contrast to banks, the election system attracts a completely different category of attackers-elite intelligence agencies. There is ample evidence that Russia and China’s election campaigns supported by the state have penetrated into the U.S. voting system. We are now officially entering the field of cyber warfare, which is a brand new alliance.
A key weapon in the cyber warfare arsenal is the secret practice of discovering and hoarding system vulnerabilities, and then using them at the most critical moments to produce destructive effects. This is called a "zero-day attack"-because the attacked party actually has zero days to solve the problem.
The Stuxnet worm is a malicious computer malware that caused serious damage to Iran's nuclear program in 2010. It used four hitherto unknown vulnerabilities in Windows, an unprecedented number. In 2015, researchers demonstrated a zero-day attack on the world's largest Internet voting deployment of the iVote system in New South Wales.
These considerations of foreign intervention prompted the U.S. Department of Homeland Security to formally designate the U.S. election system as a “critical infrastructure” in 2017, at the same level as dams, nuclear power plants, and power grids. Now, not only is the government more directly involved in protecting these systems, but any major attack on them can lead to retaliation, sanctions, counterattacks, and even war.
Availability is also a key factor that distinguishes banks from elections. Internet banking is available 24/7, and interruptions are common. It is very common to go to the store and find that the payment service is interrupted by credit card. But the deployment time of the voting system is very, very short—usually only one day—and, within that time frame, failure is not an option at all. Any system or protocol failure-and how to deal with it-is an immediate cause of suspicion. We must realize that it is not enough that elections are fair. They must be seen as fair.
For the banking system, shutdowns or failures are mostly a minor manageable inconvenience that sometimes affects some people. Technological failures during elections can have direct and lasting effects—loss of civic confidence, political deadlock, and protests. Poland's electronic voting system suffered a major breakdown during the 2014 local elections. The Polish courts presented about 1,000 legal challenges, and about 60,000 people protested on the streets.
I hope these arguments can explain why Western countries have always avoided EVM, and why almost every country that has tried Internet voting has failed, while Internet banking and e-commerce have always existed.
In the cybersecurity community, until recently, people generally believed that Internet voting was an impossible task. In 2018, the National Academy of Sciences released an authoritative report on election technology written by authoritative experts. they said:
"At present, the Internet (or any network connected to the Internet) should not be used to return marked votes... In addition, Internet voting should not be used in the future, unless there is a very reliable security and verifiability guarantee for development and implementation, because there is no Known technologies can guarantee the confidentiality, security, and verifiability of marked ballots transmitted over the Internet... Conducting secure and credible Internet elections will require a lot of scientific progress."
Since 2018, several countries, including Switzerland, Australia, Russia, and the United States, have relied on cryptography to build next-generation Internet voting systems. All of these have been hacked. It seems that only Estonia has achieved success. It is too early to tell whether they have found the Holy Grail, but the signs are promising.
It is generally difficult for developing countries to adopt technology, and this trend is particularly evident in electoral technology. Most of these experiments failed, and some were even catastrophic. An example of a textbook is Kenya.
In 2013, Kenya spent US$260 million on biometric verification technology and result transmission systems. An international observer commented that it is more modern than anything the European Union (EU) has seen, and is reportedly “tamper-proof”. It failed miserably on election day.
First, the battery of the biometric verification system began to run out. It was later discovered that several polling stations did not have electrical outlets. Inadequately trained voting staff have forgotten their login credentials to access the system. The verification system failed to identify a large number of voters. As a result, the SMS transmission system was overloaded and crashed. Facts have proved that the Election Commission only conducted a small test run, rather than the extensive large-scale tests recommended.
When the statistics of the results stagnated, the Election Commission asked the poll staff to use drivers or helicopters to fly to the statistics center in Nairobi to deliver the results in person. Then a computer error inexplicably multiplied the number of disqualified votes eight times, causing confusion and anger for days. The losing party clearly strongly protested fraud and manipulation.
NPR described it as "the most modern election in African history" and also a "victory of Murphy's Law."
In China, we started our own internet voting experiment in 2018 and it is expected to be the largest deployment in the world. This hastily assembled system contains almost all the errors in the book. I served in the Internet Voting Task Force (IVTF) formed by the Supreme Court to evaluate the system. We hacked it in a few minutes. We documented multiple critical vulnerabilities in almost every major component. To our dismay, we even discovered simple attacks that lay voters can launch, as long as they sit in front of their home computers. There is no homework at all.
A large amount of research literature has appeared to analyze such cases. Some people suspect that the real reason is not technology, but psychology. In a recent paper on the "unintended consequences of electoral technology" in African countries, election expert Nic Cheeseman stated, "...the increasing use of these technologies is driven by obsession with technology rather than its effectiveness. Driven by rigorous evaluation; they may create significant opportunities for corruption, thereby weakening its potential impact; and they bear huge opportunity costs. In fact, it is precisely because new technologies tend to focus on more'traditional' strategies Moving away, the failure of digital checks and balances tends to make the election process more susceptible to manipulation than before."
This superstition is usually manifested in the belief that technology will lead to completely safe and credible elections, just as legitimate as elections in any Western country.
This situation rarely happens. Technology does not eliminate the burden of trust. It usually transfers trust from one party to another—electronic voting systems may resist certain attacks, but may not resist others.
In some cases, the use of this technology introduces its own set of risks, which is a common concept in risk management. The attack develops over time. Security features that look good on paper may actually fail, while security features used in one country may not be available in another. Technology must be very carefully adapted to the social and cultural realities of each environment.
Cheeseman cited various other issues that are very relevant to us: election technology is usually implemented in a way that prioritizes efficiency over transparency. The flash of new technology tends to divert our attention away from the overall ecosystem that needs to be established to manage and support technology.
In fact, certain elements of the ecosystem may require more attention and expense than the technology itself. Deploying technology will bring huge new organizational and logistical challenges, and most countries may not be prepared.
Many election commissions rely heavily on international funding and foreign expertise, and the long-term sustainability of such technical interventions is questionable. Most importantly, technology may not be able to solve social and human factors—such as voter intimidation, bribery, coercion, media prejudice, and abuse of state power—problems that are also critical to restoring citizens’ confidence in elections.
But Chessman is keen to assert that he is not opposed to election technology in principle: "These observations are not intended as a declaration against the digitalization of elections... But the analysis draws attention to the importance of a more careful assessment of these issues, and the importance of these technologies. The benefits-and the need for more careful planning when deploying."
This is how we also need to adopt electoral technology in Pakistan.
We need to build capacity in electoral technology. This is hard work, but relatively simple. We also need to work on the ecosystem. This is an arduous task that requires research, dialogue, foresight and statesmanship.
Electoral technology has a very messy history, but there is light at the end of the tunnel. The researchers finally resolved the Goldie knot, the seemingly impossible conflict between voter privacy and transparency. In the past decade, there has been a revolutionary game-changing development: it is now possible to protect the privacy of voters while ensuring that votes are not tampered with.
Researchers have devised ways to track individual votes in an encrypted manner, without revealing their content, while also ensuring that they have been calculated correctly. A simple way to describe this situation is how to use a tracking number to track courier deliveries-with surprisingly futuristic features, this number also guarantees that no one will tamper with your package.
This new paradigm of "evidence-based elections" and "verifiability" provides voters with ironclad guarantees that their votes have not been manipulated. Voters no longer need to blindly believe in technology and opinion poll workers that they can now use computers or mobile phones to audit these systems at home. This kind of transparency is unprecedented and is a big step towards restoring citizens’ confidence in the election.
When we wrote the IVTF report in 2018, our first recommendation to ECP was that it urgently set up a research department. Its first task is to investigate and adjust a verifiable voting system for Pakistan. Estonia was the first successful implementation. Other countries have also noticed.
The Indian state of Telangana is actively studying the Estonian system for its pilot projects. Microsoft has partnered with some of the world's largest election technology vendors to make EVM verifiable. It is worth celebrating that our own stakeholders are converging to this technology. After a few bumpy steps, this is a great start to our own journey of election technology.
But there is still a lot of work to be done.
On the one hand, ECP needs a coordinated modernization drive. Otherwise, it would be impossible to deploy electronic voting on a large scale. ECP also needs to actively shift to technology.
So far, ECP has an excellent record of using technology to help voters. A typical example is the award-winning 8300 SMS service, which voters can use to access their voting information on their mobile phones. But with election technology, for some puzzling reason, ECP chose to outsource these difficult problems. This has proven to be counterproductive.
Because it does not cultivate in-house technical expertise, ECP is forced to find suppliers, who usually lack expertise in new technologies and are unfamiliar with the complexity and reality of the Pakistani election environment. This will automatically limit the options. Minor adjustments to existing systems are possible, but the window for real innovation has been closed. In a sense, ECP's huge reliance on technology is a subtle but very real restriction on the autonomy that ECP boasts.
Second, we need to work hard on the ecosystem. The ECP and the government need to encourage extensive consultation and extensive stakeholder participation at every step of the process. The opposition needs to accept the government's invitation to discuss electoral reforms. Electoral technology is too important to be mastered only by technicians, politicians and government officials.
President Arif Alvi took the lead in making the debate public. It is also important for civil society to stick to its position. Citizen activists, academics, and civil society actually lead election integrity efforts in countries such as the United States and India. The Fafen (Free and Fair Election Network) call for "wider public and political discussions" is of course very welcome. Pildat (Pakistan Institute for Legislative Development and Transparency) also recently organized a very successful short course to initiate ongoing discussions.
But there is still a lot of research to be completed. We need to build various types of EVM and Internet voting systems under the sun. We need to seize every possible opportunity to test promising systems in university elections, trader organization polls, and lawyer committees. We need to conduct high-quality trials in a scientific and rigorous manner. We need to be immersed in the electronic voting literature and documentation ecosystem components, best practices, standards, and common pitfalls.
We need to build bridges with the international research community like Estonia, India, and Australia. We need bug bounties and hackathons that meet international standards. We need usability research, we need cost-benefit analysis, we need threat models and risk assessment.
We need to develop a mechanism suitable for Pakistan to promote transparency and third-party auditing. We need to study logistics, workflow and maintenance. If we are to build one of the largest EVM deployments in the world — more than 300,000 machines — we need to conduct environmental impact studies.
This list is very long.
This type of work-true research and development, adapting technology to our own unique and complex ground reality-has rarely been done before. It is not clear whether we have the expertise and ability to conduct such research. We need to build this culture.
In the West, it is a mode of operation: technology policy comes directly from high-quality research. This is usually done through research collaborations, round tables, seminars, working groups, and public solicitation of opinions. When South Africa considered introducing electronic voting last year, the public and civil society received more than 12,000 submissions.
If this seems too much work, then it is.
If there is a key lesson in the saga of electoral technology, it is that we cannot take shortcuts. We need to follow every process in the book, we need to tap me and cross every t. The electoral technology ecosystem is usually the most overlooked part of deployment.
A simpler way of thinking: we not only need Estonian-style software to succeed-we need to cultivate a spirit that people can innovate such systems and deploy and use them successfully. We need to instill this professionalism, a commitment to transparency and democracy, those high standards of research, and-most importantly-this sense of vision and depth.
The irony is that the real secret to successful election technology is not just having the most advanced machines or the most advanced systems. Rather, it has to do with the quality of our efforts, how we interact and cooperate with each other, and our true commitment to transparency. To quote Cheeseman's words on African election technology: "Unsurprisingly, we found that the biggest gains from digitalization come from countries with higher quality of democracy and more independent election committees."
This journey is not easy, but it is very worthwhile-this is the real democratic cause.
Title illustration by Radia Durani
The author teaches at NUST. He has a postdoc in election security and advises the government and ECP on election technology. You can contact him at taha.ali@gmail.com. He is also part of the PIVOT Election Technology Awareness Project (Twitter: @pivotpk)
Published on EOS Dawn on August 15, 2021