Secure And Transparent Online Voting
It is a myth created by vested interests that eVoting is not secure. In comparative terms, offline voting is much more unsecure, and it is not even comparable to online voting when it comes to security and transparency.
Online voting platforms can have different degree of security and transparency depending on technology and features used. At Right2Vote, we provide certain standard features including OTP based authentication, Audit Trail, Voter Receipt, Secret Ballot, Encryption which ensures 100% secured voting. Over and above, we provide optional and premium security features like Voter Selfie, Two Factor Authentication, Geo Tagging, Geo fencing, Aadhaar based authentication, biometric authentication for elections where security is a major concern.
Key security risks in an election
All elections face certain key security risks – whether offline or online. These include:
- Impersonation
- Secrecy of ballot
- Hacking
Below, we discuss how these issues are tackled in booth based physical voting systems and online voting systems and why online voting systems are more secure and transparent.
Impersonation
As per Oxford dictionary, impersonation means an act of pretending to be somebody in order to trick people or to entertain them.
In an election, one of the biggest risks in that somebody else votes in place of the voter. This is very common in offline voting in Indian elections as all you need to do is carry a voter ID card or some other approved ID card. There is no biometric or other authentication at the booth. The booth officer just looks at the photograph in the ID card and tries to match the voter’s face against the ID card photo manually. The photo on the ID card might be 10-year-old and in black and white. Also, there is too much trust placed in the judgement of the booth official.
In an online voting, the problem of impersonation is tackled by OTP (One Time Password) based and biometric authentications.
Mobile OTP: This is one of the simplest and best methods of authenticating a voter. Mobile OTP is used across sectors for authentication purpose and used even for banking transactions where impersonation can lead to frauds of millions and billions. The only problem in mobile OTP as an authentication method is that the voter can on his own will share his OTP with somebody else and let somebody else vote on his behalf. Were such concerns are there, it is advisable to use other biometric authentication tools along with Mobile OTP.
Email OTP: Email OTP is similar to mobile OTP. Email OTP is a better than Mobile OTP in certain scenarios:
- Voters have concern relating to privacy and do not want the election officer to share mobile number of members with the election platform.
- Voters are spread across the world. OTP delivery via SMS might be an issue in some geographies due to cost, local regulation etc.
- In India and many other countries, governments have strict SMS template related regulation to stop the menace of spamming. If voters are spread across the world, it might not be feasible for the voting agency to take SMS template approval in all the countries.
- SMS has character limits and sending long voting instructions and voter receipt is not feasible on an SMS.
Email OTP can be used as the main authentication method or as the multi-factor authentication method. As OTPs have limited validity and can be used only once, it becomes increasingly difficult for voters to share multiple OTPs with somebody else to help him vote.
Aadhaar based authentication: Unlike most countries India has built a very advanced digital database of its citizens with biometric data. Aadhaar database and systems can be leveraged for voter authentication. Aadhaar based authentication has become very common in India for access to various government and non-government services in India including banking, telecom, passport services and many others. Aadhaar provides multiple authentication options:
- Aadhaar OTP: Aadhaar OTP is even better then Mobile OTP method as the OTP is sent by government system to a mobile phone registered in government database and OTP is also authenticated by the government system.
- Fingerprint: Aadhaar database has database of fingerprint of all 130 Crore+ Indian citizens. It provides digital remote biometric authentication capability which is being levered to deliver many government and non-government services. Biometric authentication is hundred times better than manual checking of ID cards in current offline voting systems. The challenge with fingerprint authentication is that most mobile instrument used by voters do not have Aadhaar approved fingerprint encryption, storage and transmission capability yet. Hence, Aadhaar based fingerprint authentication is currently not very viable for remote voting.
- Iris scan: Similar to fingerprint, Aadhaar also offer the option of remote biometric authentication based on iris scan. The only limitation of this method is that there are very few instruments which have capability to scan the iris and send the data in digitally encrypted format to Aadhar system for authentication.
- Face Scan: Aadhaar data base also have pictures of all the citizens and can be leveraged for biometric face recognition also. However, Aadhaar is not promoting this method right now.
Face recognition: Right2Vote also provides face recognition feature without the Aadhaar linkup. Face recognition by software is 100 times more accurate than manual face and ID card matching. The only limitation of this method is that the organization conducting the elections should have a database of its member’s (voter’s) photographs. Unless the photographs database is there, system would have nothing to match the voter against.
Voter Selfie: Voter Selfie is a proprietary feature provided by Right2Vote where, the system takes and stores the pictures of all the voters before they vote. Unlike face recognition feature, where the voter’s picture is matched against the picture in the database, here the picture is not matched against anything, but just stored in the system. Still, this leads to significant increase in security and transparency. It substantially reduces the impersonation problem as both voter and the impersonator know that the picture would be taken and there would be digital evidence of wrongdoing on their part.
Secrecy of Ballot
One of the biggest concerns in both offline voting and online voting is secrecy of ballot. Secret ballot is a very important feature of any election, and this helps in ensuring that a voter is able to vote freely and without any pressure. (For more about Secret Ballot read here ).
In an offline voting secrecy is secured by providing privacy at booth to the voter. In online voting system, the voter himself has to ensure that he votes only when he is in private space. In offline voting there should not be any hidden camera which can record the individual voter choice. Also, there should not be any numbering on the ballot paper which can help track back a ballot paper to a voter. In online system, the system design should be such that no link should be kept between the vote and the voter. There are platforms who do not have real secret ballot feature and claims to provide secret ballot feature by encrypting the data. But in such system, there is always a risk that the person having the encryption key can still know which voter voted for which candidate. This can defeat the purpose and objective of secret ballot. Such systems will never give the confidence to voter to vote freely. In Right2Vote platform, we ensure that no link is stored between a vote and the voter. Not even the Right2Vote’s top management can know who voted for whom. This ensures 100% secrecy of ballot.
Hacking
It is a common myth that only online voting can be hacked, and hacking is not possible in offline voting. That is not true. Some of the common hacks relating to elections are as follows.
Booth capture: In physical voting a common hacking technique is to capture the booth physically. The goons capture the booth and then cast all the vote in their own favour. In online voting, people worry that a person can hack into the system and cast all the votes in their own favour. If online hacking was so easy, world would have not moved to internet banking on online stock trading. There are enough techniques available to guard against any kind of hacking. Right2Vote’s online voting systems is very secure and such hacks is not possible. Encryption and other security techniques are used to ensure the data is securely stored and cannot be hacked.
Ballot box replacement: Another common hack in offline voting is replacement of ballot box after voting is done. Generally, there is substantial gap between end of election and result announcement. During the interim, the ballot boxes can be replaced with or without the support of election officers. In online voting, the votes are stored in a central cloud server which is encrypted and secured with both physical and digital security mechanism. Unlike physical voting where these ballot boxes are stored at remote locations, the digital servers are at central location with very high security. In online voting, result is generally announced immediately at the end of elections as counting is automatic and instant. It’s always better to announce the result as soon as election is over as this gives confidence to candidates.
Counting errors and frauds: In booth-based paper voting, counting errors and frauds are common. Counting is done by humans, who are prone to errors and malpractice. In online voting, the counting is automatic and instant. There is no human intervention. Hence, in online voting there is no change of counting errors or frauds.
Multiple voting: In paper voting or booth-based voting there used to be a problem that a voter was able to vote more than once. This problem has been more or less eliminated, in booth-based voting by ensuring that number of people voted and number of vote cast in the ballot box is tallied at the end of voting. Similarly, in online voting a proper audit trail is maintained of who all voted along with their IP address, time of voting and picture. Once a voter has voted, the system does not allow him to vote again. Also, the number of voters is tallied against number of votes received. This is done automatically and does not require any human intervention. This eliminates chances of multiple voting.
Denial of voting right: In offline booth-based voting, it is a common problem in sensitive areas that voters are scared to go to the booth to vote. Goons of candidates threaten voters from going to the booth and block them physically. In online voting, the voter can vote from anywhere. It is not possible for goons to physically block them from going to the booth as the booth is in their mobile phones. Online services also face challenges of denial of service by various DOS or DDoS methods. However, there is enough solutions for the same. OTP based authentication and temporary blocking of IP address on multiple wrong entry is one such basic solution.
Conclusion
Online voting is much more secure than offline voting as explained above. However, the biggest reason why democracies should move to online voting immediately is because offline voting denies right to vote to one-third of the population. Any voter who is unable to visit the specified booth due to any reason, is denied his right to vote. 33% of the population on an average is denies his right to vote due to booth-based voting. In 90%+ elections, the winning margin in less than 33%. Which means booth-based voting is the worst form of hacking and should be eliminated immediately.