Vikki Wiercinski

Should We Be Able to Vote Online?

A dialogue between Dave Meslin and Aleksander Essex.

Dave Meslin says yes

Activist and author of Teardown: Rebuilding Democracy from the Ground Up (Penguin, 2019)

Should we be able to vote online? Newsflash: Many Canadians are already voting online, and have been for quite a while. And the sky hasn’t fallen. In fact, residents of Markham, Ontario (a city with more voters than Saskatoon, Surrey or the entirety of PEI), have been voting online for local elections since 2003!

Remember 2003? That was the year of the SARS pandemic, Jack Layton’s election as NDP leader, Paul Martin’s swearing-in as Canada’s 21st prime minister, and Ralph Klein’s pathetic and hopeless campaign against same-sex marriage. Do those things seem like ancient history to you? In political terms, they are. Yet that’s how long we’ve already been experimenting with online voting. And each and every year, those experiments are growing and spreading further. Canada now has more than 200 municipalities using online voting, joining dozens of other countries who also offer online voting for local, regional or national elections.

So rather than “Should we be able to vote online?” perhaps the better questions are “When will we all be voting online?” and “How will we ensure that the system is fair and safe?”

Leaving aside the typical fear-mongering from traditionalists, online voting does indeed come with some valid concerns and risks. Some argue voting online should be as simple as banking online. But it’s much more complex, because of the need for anonymity. When you purchase something with your credit card, you expect the credit card company to know exactly what you bought. And if there is an error, it can easily be identified and fixed. When you cast a ballot, however, you rightfully expect no one to know who you voted for. But how can you ensure your vote was even counted properly? And how could you complain if it wasn’t? I confess, this gets messy. But creative solutions are being pioneered successfully all over the world.

Another concern is about coercion. In a traditional voting booth, no one can forcibly influence your vote, because you’re literally acting alone. If each of us has a PIN for voting, the door would open for someone to buy and sell votes or take votes from members of their own household.

But these obstacles aren’t reasons not to vote online. They are simply reasons to move forward with caution and explore creative solutions.

Let’s be very clear. This is an inevitable reform. We’re dating ourselves by even having this discussion. I’m 48 years old, so I have clear (and fond) memories of waiting in line for VHS rentals, using microfiches and getting my “bank book” updated by a “teller.” So waiting in line to place a paper ballot in a box seems normal to me. But for millennials or Gen Z, anything other than online voting must seem a foolish remnant of the Stone Age. They will not debate this topic any more than I would seriously consider replacing my smartphone with an abacus, carrier pigeon or darkroom.

 

Aleksander Essex says no

Professor and specialist in cybersecurity and applied cryptography at Western University

Online voting is a complex topic. But I think I’ve found a way for us to settle this debate once and for all: coin-toss. I’ll throw. My honourable opponent calls. If they’re right, I’ll concede defeat and become an adviser to their favourite online voting company. If they’re wrong, they’ll concede defeat and join Elections Canada’s efforts at hand-counting paper ballots in the next federal election.

The only problem is we live far away from each other, so meeting in person isn’t exactly convenient. What about this: I’ll toss the coin and tell you who won. Yes, you’ll just have to trust me, but I’m totally good for it. But hold on—if my honourable opponent is uneasy trusting a total stranger to report the coin’s fate, what about trusting an online voting company to decide an election…?

Elections Canada staff count paper ballots by hand in front of candidate representatives. When it comes to election outcomes, candidates and citizens alike don’t have to take a stranger’s word for it. This is our baseline. Any new voting technology must meet (and ideally exceed) this standard of transparency.

Some jurisdictions in Canada do offer online voting. But how transparently? Incredibly, there are no federal or provincial standards. Ontario municipalities, for example, largely work in isolation, relying on for‐profit vendors to set their own bar for accountability. In my experience, some of the most prominent vendors won’t even respond to basic requests for information, like which cities they’re working with or what their ballot looks like. These should hardly be trade secrets when we’re talking about public elections involving millions of voters.

Some cities claim their online voting systems are secure because they have conducted a type of cybersecurity review called a penetration test. So what? Voters don’t care about the system. They care about the result. It would be like telling your insurance company you won’t get in an accident, because your car passed a safety inspection. Or like telling the Canada Revenue Agency that they can skip the audit because you used CRA-approved tax software.

It would be a different story if these companies were providing meaningful evidence directly supporting the correctness of the result. Is there a way to do this in the online case? Yes, and I’m encouraged by the sober seriousness of Switzerland on this front. But online voting in Canada has been ongoing for 20 years, and we’re still mainly just seeing companies tell us who won. In the words of one Ontario mayor: “The people who run the system tell us we have no worries.”

This is good news for me: If this is our standard for online voting, my “trust me” coin toss should present no issue. And on that note, I’m pleased to declare my victory in this debate. It’s been a pleasure. See you at the polls!

 

Dave Meslin responds to Aleksander Essex

Let’s begin with the word “trust.” Aleksander Essex has proposed that we shouldn’t use online voting because it requires “trusting an online voting company to decide an election.” And he equates that with “trusting a total stranger” to report the result of a coin toss.

There are a few flaws in this analogy. First, Essex is suggesting that a traditional paper-ballot election doesn’t already require an enormous amount of trust. But when I mark my ballot and drop it into a cardboard box, I’m putting my faith and trust in the people who run that particular voting station. Yes, it’s true that ballots are transparently counted by hand in front of candidate representatives. But for many hours beforehand, those ballots are being handed out by thousands of poorly trained temporary contractors who have ample opportunities to attempt fraud. So we have no choice but to place our trust in the people who run each polling station. More importantly, we trust the system itself to detect any attempts of fraud. Online elections would be no different. We’d have to trust the key players as well as the system’s built-in security measures.

Essex is particularly concerned that online elections are often run by private companies. But we already trust companies—every single day—with our money. According to Essex’s logic, I should withdraw all of my savings and investments and hide the cash under my mattress, because leaving my money with a bank is like “trusting a stranger.”

To be clear, I don’t fully trust the banks either. But I do trust the systems, regulations and controls that have been set up by the government to protect my own money. We all do. We trust those systems every single day, and there is no reason why we can’t replicate the same kind of digital protections for our elections.

We trust the current system to detect any attempts of fraud. Online elections would be no different.

As I mentioned in my opening remarks, creative solutions are available for every challenge that faces online voting. For example, there’s the thorny issue of coercion and/or selling ballots. With a traditional paper ballot and secret-voting booth, there is no practical way for a pushy spouse to force their partner to vote a certain way. The victim of coercion can simply say “Sure honey, I’ll vote for the Burger Party”… and then vote for the Pizza Party instead. Similarly, with paper ballots there’s no incentive to bribe a voter, since there is no way of knowing whether they actually followed through with their commitment. But with online voting, both coercion and bribery could become a problem, since someone can watch over your shoulder as you vote for the Burger Party on your phone or laptop.

The solution is surprising and fun: Let people vote as many times as they want, but only count their last vote. So you can watch me vote for the Burger Party, if you’d like, but as soon as you leave the room I might simply vote again—for Pizza. This anti-coercion mechanism is already being used in electronic elections all over the world.

I do agree with Essex on many points. For example, he’s rightly concerned that we currently have no federal or provincial standards and that we have to rely on private companies to “set their own bar for accountability.” This is absurd—and dangerous. National guidelines, of the highest standards, must be adopted for something as important as elections. But this is not a reason to avoid online voting. It’s simply a crucial step that must take place first.

Clearly, much work must be done before we’re ready to use online voting for provincial or federal elections. The good news is that we’re getting closer all the time. For example, I was just reading about a team of local security experts who detected an interesting problem with an online voting system being used in Ontario. They discovered that the confirmation page shown to the voter could essentially be hacked and an outsider could decipher who a voter chose, based on the length of the candidates’ names! So, what did they do? The security experts reached out to the company and worked in collaboration with them to fix the problem.

Just a few weeks ago, one of the security-team members proudly announced on Twitter that “from our perspective, vulnerability is resolved.” The name of this heroic expert…? Aleksander Essex. We’re fortunate to have this kind of home-grown talent to ensure online voting is done safely!

I’ll repeat my earlier statement: Rather than asking “Should we be able to vote online?” the better questions are “When will we all be voting online?” and “How will we ensure that the system is fair and safe?” Interestingly, despite his being my alleged “opponent” in this dialogue, Essex is living proof that we already have the expertise required to make this important reform happen.

 

Aleksander Essex responds to Dave Meslin

I’m unsure whether my honourable opponent would have taken my “trust-me” coin-toss bet. That said, Dave Meslin asks some excellent questions, like “How will we ensure the system is fair and safe?” Or “How can you ensure your vote was counted properly?” He also acknowledges that online voting has “valid concerns and risks,” including undue influence and ballot secrecy, and that the solution is likely “complex” and “messy.”

But this is all rhetorical—he proposes no specific solution, rubric or pathway forward. Instead he argues that “we’ve already been experimenting with online voting” for 20 years. In his opening remarks, he made several references to the early 2000s. Allow me to make one in return. Asserting that online voting is inevitable, without any particular plan to manage the risks, is like standing on the proverbial flight deck of the aircraft carrier in front of a “Mission Accomplished” banner.

Meslin goes so far as to suggest that paper ballots are a “foolish remnant of the Stone Age” (they’re actually a 19th-century innovation). By this old-equals-bad argument, much of our lifestyle can be discarded. Kiss our neolithic comforts goodbye. No more bread, shoelaces or dogs, folks. No more saying “folks,” folks. English is old. And who cares how useful or helpful an idea is if it’s old? Something to reflect on while sitting in the dark of one’s smart home during the next nationwide internet outage.

This tilt toward solutionism comes at the expense of good design. It approaches the problem backward: I’ve got a blockchain. I’ve got a chip. I’ve got an artificial-intelligence model. What can I stick it in? What new feature can I lard on top to sell more units?

The correct approach to engineering design begins with what you need the technology to do, and then (and only then) do you build the technology to do it. In the election case, good design would begin with standards and laws prescribing what the technology must do. What it must guarantee. Only then would it be built, tested and deployed. The onus must be on the designers to prove the design’s merit, not on voters to absorb the cyber and democratic risk.

Cost, convenience, newness and coolness are not principles of any Municipal Elections Act. Ballot secrecy is.

The Council of Europe Standards for E-Voting and the Swiss Ordinance on Electronic Voting are good examples of this sober, sensible mentality. Both outline detailed technical and procedural requirements to protect ballot secrecy and ensure verifiability.

Now compare this to the blank-canvas approach of the Ontario Municipal Elections Act, which governs the predominant purveyors of online voting in Canada. Its “Alternative Voting Methods” section leaves cities with the latitude to do what they want. Unfortunately, even for cities recognizing the enormity of the cyber-risk, no standards for online voting exist in Canada. None.

The enormous risks of online voting are somehow everyone’s problem, yet no one’s problem: Canada’s Charter doesn’t explicitly protect municipal elections. The one-time federal Ministry of Democratic Institutions was recently abolished. There’s no federal Election Assistance Commission-style agency, as there is in the US, to act as the definitive resource. Municipal elections are a provincial jurisdiction, which puts these contests outside the mandate of the Office of the Privacy Commissioner, Elections Canada and the Communications Security Establishment. Provincial election agencies tend to be hesitant to get involved without a clear mandate from their legislatures, but online voting somehow never quite seems to make ministerial agendas.

Still, for the first time, I’m starting to see some encouraging signs. Meslin referenced “creative solutions being pioneered.” Here’s one: end-to-end verification (E2E-V). This is a new paradigm that makes advanced use of cryptography to essentially create a mathematical proof that the election was counted correctly—while protecting ballot secrecy simultaneously. It’s the only approach I know that has a fighting chance of making online voting verifiable. Online voting vendors in Canada are starting to use the language of E2E-V. Perhaps most encouraging, so are some governments, such as Quebec and Nova Scotia.

To do online voting right, we must first set the right priorities. Cost, convenience, newness and coolness are not principles of any Municipal Elections Act. Ballot secrecy is. Certainty in the results is.

But, as Elections Ontario points out, as the public becomes more aware of election technology, they’ll want to know how they can be assured their vote is counted. How can they be assured that their vote remains secret and that the right person won? In the end, we accomplish this with evidence, not faith. The goal of democratic elections is not just trust. It’s trustworthiness.

_________________________________

Click here to sign up for our free online newsletter.

RELATED POSTS

Start typing and press Enter to search