ONLINE voting was a notable omission from the state government’s new reforms for councils, and it was a smart call: Online elections can’t work if we want our voting to remain private and trustworthy.
Many of the proposed changes released last week were based on the 2020 report from the Local Government review panel, which recommended “provision in the new Act for electronic/online voting to be introduced in the future once the integrity of the process can be assured (including allowing for a pilot)”.
But the integrity of online voting can never be assured, and thankfully the final proposal for WA reforms quietly dropped this idea and didn’t go down the path of NSW’s ‘iVote’ system.
Online voting is different from other sensitive tasks because when we bank online or lodge our tax returns, having our identity attached to our activity is central to those processes.
But our voting system is based on the principle of a secret ballot enshrined in our Electoral Act of 1856, written after we saw the chaos of New York’s Tammany Hall gangs rigging elections: We need to be able to cast a vote and have no easy means for others to confirm we’ve voted a certain way.
Without a secret ballot, voters are open to intimidation, blackmailing, or mass bribery.
Swinburne uni professor Dori Tunstall notes vote-buying or just threatening voters into compliance was the ordinary way elections were conducted in the US, until Americans saw how our secret ballot system worked here and adopted what they called “the Australian Ballot”.
But online voting is incompatible with the Australian Ballot.
If your identity can be connected to your vote, and you can log on afterwards and confirm your name is attached to your ballot and your vote is correct, we’re back to being susceptible to bribes and threats (only now it doesn’t have to be a thug standing outside the polling station, but an online blackmailer who doesn’t even need to be in the country).
If your identity can’t be connected to your vote, how do you ever know that your vote was recorded the same way as when you clicked?
You have no way to know if it was changed on arrival or en route by a corrupt official, a virus coded in another nation, or just a simple bug.
It’s true that you can’t double-check your paper ballot after you drop it in the box either,
but a fraud who tried to change a meaningful number of paper ballots would find it a time consuming and fraught process, risking exposure by scrutineers or other electoral officials.
UK computer security researcher Tom Scott has pointed out that with an online voting system it takes no more effort
to change one vote than it does to change a million, a massive upheaval of the benefit to risk ratio.
Scott argues that given the stakes and potential profits involved in elections – think of how much lobbyists, corporations, and even foreign powers spend to try to sway outcomes – it’s plausible someone might spend a much tinier amount of their lobbying budget on paying an outside hacker or an electoral commission employee to intercept digital votes.
Hackers are not rare, and these are not farfetched scenarios from a 90s technothriller movie: About 30 per cent of computers have malware on them because people click risky links, plug in unknown USBs, or open dodgy email attachments (I have). Even Australian federal government agencies have been hit by dozens of significant breaches this year.
NSW’s iVote system has already been shown to be flawed thanks to the work of researchers like cryptographer Vanessa Teague, who uncovered flaws that could see valid votes discarded. But even if by some miracle of perfect coding everything was made safe and secure, there is still the issue of trust.
Claims of voter fraud, as difficult and rare as it currently is, have already led to violent riots. If people instead just have to flush their votes into the cyber pipes and hope for the best, that could further undermine confidence among voters who don’t understand computers, and especially among voters who do.