Current offline voting systems are neither safe nor secure

For the last 2 years I have been trying to convince people that we need to move to mobile based voting system as it has several benefits including:

1. Higher voter turnout
2. Convenient for the voter
3. Cost saving
4. Time saving
5. Human resource saving
6. Instant result

Nobody disputes these benefits but still people are not willing to upgrade to mobile voting because they believe “online voting can be hacked – it is not secure”

I totally disagree with this argument due to following two reasons:

1. The current offline system is at least 100 times more unsecure and is regularly hacked. Still we are living with it.
2. Technology has evolved substantially to ensure that online transactions are safe – extensive use of emails, online banking, stock trading is a proof of that.

Do not agree? Let’s discuss these reasons in detail.

Standard hacking practices in current offline voting system

1. False voting: It’s a common experience that people go to voting booth to realize that somebody has already voted in their place. This happens because in the current system voter authentication happens by looking at the face of the voter and matching it with the photograph in the ID. Booth officials generally accept any government ID card as identity proof. People can impersonate anybody else with help of fake ID cards. This can never happen with Right2Vote’s mobile voting technology due to Aadhaar based authentication. There is no scope of manual errors or cheating. Each voter is authenticated only after checking with Aadhaar central database and fake ID cards are of no use.

2. Duplicate Voting: It’s a common practice that people have their name registered in more than one constituency or more than one booth. At times they have their name registered in the same booth twice also. These fraudulent voters are expert in removing ink mark from their finger and voting again. Many political parties pay these kinds of voters on the basis of number of vote they cast. This can never happen with Right2Vote’s mobile voting technology and Aadhaar based authentication as Aadhaar databank ensures that there are no duplicate records. Any duplicate record would be fished out as person would not be able to fake the bio-metrics.

3. Errors / Manipulation in Counting – Counting of votes specially in paper ballot happens manually and is prone to clerical errors. Several times recounting has provided different results which proves that errors and manipulation are common. This can never happen with Right2Vote’s mobile voting technology as vote counting is 100% automatic and instant. There is no human intervention hence no scope of human error.

4. Vote rejection – Lot of voter’s vote are rejected specially in case of paper ballot and postal ballot due to marking errors, illegible writing, procedural reason etc. In case of postal ballot rejection rate is more than 25%. With Right2Vote’s mobile voting technology all errors are corrected at the time of voting itself, as the voting screen alerts the voter and asks him to correct his mistake. Hence there is ZERO rejection of votes.

5. Booth Capturing – Booth capturing is so common in India that such news goes unnoticed in India. Videos of booth capturing during recent West Bengal local body election is all over the internet. This can never happen with Right2Vote’s mobile voting technology as votes are stored in central server and not at booth level machines. Even if some remote booth is captured by goons they will get access to Tabs which are just screens. They can neither caste new votes without Aadhaar authentication of voter nor manipulate stored votes as stored votes are safe in the central server.

6. Blocking of voters from reaching booth – It’s a common practice that goons in the area do not allow voters to reach the booth and vote. Again, several videos of recent West Bengal elections are available on the internet. This can never happen with Right2Vote’s mobile voting technology as voters can vote from anywhere directly from their mobile. Voters need not go to any booth.

7. Replacement of ballot box – One of the easiest method of hacking an offline election is to replace the ballot box with a different ballot box with fake votes. The fact that these ballot box need to be transported from polling booth to central storage area, need to be kept stored for 3 days before it is transported to counting area, increases the risk. This can never happen with Right2Vote’s mobile voting technology as votes are stored in the central server and result can be announced immediately after poll close.

8. Human manipulation: Every election is managed by humans. Lok Sabha election require 1 crore people to manage the election. Most of these people are not Election Commission employees, they are temporary workers posted on election duty, at times against their wishes. These people have little expertise on election matters and can be coerced, manipulated to compromise the system. And any system is as strong as the weakest link. This can never happen with Right2Vote’s mobile voting technology as the whole system is automatic without any human intervention. No human is required for authentication of voter, registering of vote or counting of votes. All these activities are handled by the system itself.

9. Disenfranchisement: One of the biggest frauds of the current offline voting system is that it denies Right to vote to 1/3 of the eligible population. The world is mobile, and people do not live all their life at one place. People move to other places for jobs, marriage, education and various other reason. The process of getting address on voter ID changed is so tedious, bureaucratic and long that most people give up. Voting percentage among NRIs is 0% and for soldiers its 3%. With Right2Vote’s mobile voting technology nobody is denied his right to vote. All voters can vote from anywhere directly from your mobile.

10. Voter list problems: One of the most common problems voters complain about in the current voting system is that suddenly name of the voter goes missing from the voter list. This can happen due to reasons like clerical errors, reorganization of voter’s constituency, voters name being listed at some other booth, old records etc. With Right2Vote’s mobile voting technology and Aadhaar linked voter list, such problems would never happen. Right2Vote sends real time alerts and reminders to voters and voter need not know the exact booth detail. Aadhaar data bank ensure that citizen name is always listed and updated.

11. Man in the middle attack: In current offline voting system the ballot papers and ballot boxes, before voting and after voting travel across geographies, changes many hands and are stored at different places over the period of election which might be longer than a week. There is always a risk that during any such movement or storage the ballot boxes are compromised. This is very common specifically in case of postal ballot where votes travel in envelop across geographies over days. Certain candidates hack the system at the local post office level to his advantage. Man in the middle attack is not possible in Right2vote’s mobile voting technology as votes are encrypted and stored at central server. The voters reach the central server in less than a second of vote casting and stays encrypted till result is declared at the end of the voting process. The whole transmission, recording and storage of vote is automatic and hence there is no risk of human manipulation.

This is just a small list of kinds of hacking of votes that happen in the current offline voting system. Now let’s discuss how online system have proved to be much more secure and trustworthy.

Online systems are safe and secure and hence well accepted in similar high risk sensitive areas

1. Emails Vs Post: If you have to securely send a message to somebody what would you choose – Online system (Email / SMS / Whatsapp) or offline system (post / human carrier)? Of course, you would choose online system. Most corporates and governments rely on online system for communication of most confidential information. If online hacking was so easy the world would not have moved to Email. All top government and corporate secrets are available for anybody who can hack Gmail and similar email systems. We have seen that leakage of information is more prevalent in government departments which rely on offline movement of files via peons compared to corporates where all correspondence happens via email.
2. Online banking Vs offline banking: How often we read in the newspaper that a person was robbed of the cash at store, on way to bank etc. We never hear that somebody bank account was hacked into and his money was stolen. Few complains we hear about online theft is most linked to the person being fooled into giving up him money rather than somebody being able to hack into the system to steal his money. All of us without fear keep lakhs of rupees in bank accounts and regularly do transactions worth thousands and lakhs without any fear. If online system were not safe and secure we would not have taken such risk.
3. Online stock trading Vs offline stock trading: Few of us would remember offline stock trading days when share certificates used to get lost in transmission, get stolen from the post office, each transaction used to take days before it was completed, there were issues relating to fake share certificates etc. With online stock trading, number of transactions have multiplied, transaction time has come down to seconds still people are more confident about the safety and security of the system. We regularly keep our shares in Dmat accounts online and transact online from mobile and laptops. We would not have risked all our life saving to such online accounts if we were not confident that the online system is safe and secure.

Security layers & Value at Risk: One more myth we need to clarify is that one successful hacking does not mean the result of the election can be changed. Its like assuming that one successful hack of online banking system of SBI would bankrupt the bank. All security systems have multiple layers of security. In almost impossible situation of successful breach also the number of vote that can be manipulated can be limited to one. Unlike banking transactions where one single banking transaction can be worth thousands of crores, in voting system one transaction is limited to one vote. Hence value at risk is very low. In each offline election hundreds and thousands of voters’ face one of the above-mentioned hacks. Substantial number of voters don’t get to vote, compared to that one or two vote hacks in impossible scenario should not be a very serious concern.

Conclusion: Right2Vote’s online voting system is much more secure than any offline voting system. If the voting system is online and internet linked it increases the security of the system and does not reduce it. Technology has evolved enough to ensure that online systems are safe and secure. People oppose up-gradation of technology due to fear of change, inertia, lack of understanding of technology or vested interest. Online voting is something that mankind will have to upgrade to sooner or later. The question is not whether it would be accepted or not, the question is how early it would be accepted.