ISLAMABAD: The task force on voting rights of overseas Pakistanis in its report pointed out various shortcomings in the proposed system of internet-based voting, reducing the chances of its use in the near future.
The report of the task force, constituted in April this year, was made public on Monday. It said online voting systems, even in the developed world, catered to relatively small number of voters – a mere 70,090 online votes were cast in the Norwegian elections in 2013, 176,491 in the 2015 elections in Estonia, and around 280,000 votes in the state election in New South Wales, Australia.
It also said that leading international cybersecurity professionals have repeatedly voiced serious concerns regarding the security of internet voting.
“Researchers discovered vulnerabilities and launched devastating attacks on such systems (including those deployed in the US, Estonia, and Australia) that impacted tens of thousands of votes,” the report pointed out.
Such demonstrations have played a determining role in discouraging deployment of internet voting in several developed countries.
In contrast, iVOTE, if deployed in Pakistan, will cater to over six million overseas voters, and will be the largest-ever deployment of internet voting in the world by far.
“In case of the aforementioned examples, the risk of system failure or mishap has been restricted to relatively small populations and geographical regions. However, in our case, failure or electoral rigging overseas is not confined to a few seats and can potentially impact each and every constituency in Pakistan, thereby playing a critical role in the formation and composition of the next government,” reads the report.
On April 12, 2018, Supreme Court of Pakistan convened a session pertaining to the voting rights of overseas Pakistanis. This session was presided over by Chief Justice of Pakistan Mian Saqib Nisar and included members of various political parties, IT experts from Pakistani universities, concerned citizens, and members of the media.
At the time, NADRA demonstrated iVOTE, an e-voting platform that would allow overseas Pakistanis to cast their votes for the forthcoming General Elections using the internet.
All parties in attendance strongly affirmed the right to vote for overseas citizens. However, the IT experts aired concerns about the potential security issues posed by the deployment of this system. As a result, on the directions of the SC, the Election Commission of Pakistan constituted a task force on April 19, 2018, to undertake a technical audit of the iVOTE platform.
The Internet Voting Task Force (IVTF) in its report said that over time, Western countries have established strong and resilient mechanisms to investigate and resolve electoral disputes. In comparison, our mechanisms, as evidenced in the aftermath of the General Elections of 2013, are still very fragile. Therefore, electoral improprieties in the overseas voting process can potentially lead to political deadlock and turmoil. To successfully deploy a new technology, we should be cognizant of the relevant social factors.
It further said that iVOTE categorically does not provide ballot secrecy as required in Clause 94 of the Elections Act 2017 and Article 226 of the Constitution of Pakistan. This shortcoming is inherent to this particular model of internet voting systems.
The report said casting votes outside a poll-booth environment typically enables vote buying and voter coercion. In our particular case, there is a very real possibility that votes may be bought and sold and coerced overseas in regions where the ECP has no mandate to investigate or prosecute such attempts.
Users can easily mount attacks on the system whereby they can cast votes for whichever national and provincial seat they choose, regardless of their constituency. These attacks can be launched by anyone with moderate technical ability and can easily be automated to manipulate votes on a large scale.
There is also the possibility of phishing attacks, whereby an attacker creates confusion in the minds of voters with fake and misleading email addresses.
Such attacks are exceedingly common and are especially effective against any population which is not tech-savvy. The banking sector typically deploys verifiability mechanisms and additional checks to prevent these attacks, but iVOTE has no such mechanism.
Distributed Denial of Service (DDoS) attacks are a persistent threat on the Internet. NADRA has deployed a leading international filtering solution to protect against these attacks, but election security researchers pointed out that this arrangement again compromises ballot secrecy by enabling foreign entities to decrypt and view, and potentially even modify, ballot contents of voters in an undetected manner.
The report further said that many of these security vulnerabilities are not specific to iVOTE but are inherent to this particular model of Internet voting systems. Therefore, even if the voting system itself has ironclad security, these attacks will still be effective because they do not target the voting system, but instead, they focus specifically on the voter’s computer and the underlying network, both of which are not under NADRA’s control. For this reason, certain territories (such as Estonia) have recently announced that they are abandoning this particular model of internet voting in favour of a rigorous cryptography-based solution.
No usability studies or tests have been undertaken on iVOTE to ensure ease of use for voters. Ideally, such a critical system would go through multiple large-scale mock trials for Pakistanis from all walks of life, (especially those with low literacy). This is an extensive and time-consuming process, which may necessitate alterations in the design, which in turn will require further development and security analyses.
iVOTE emails are dispatched from an unauthorised email server, with the result that emails to voters typically end up in the Spam folder. If these emails are dispatched at high volumes, this may result in wholesale blocking of emails and this can considerably hinder the voting exercise.
Certain internet voting systems provide superior security compared to iVOTE by enabling a measure of redundancy, ballot secrecy, coercion-resistance, and verifiability. For instance, internet voting systems in Estonia, Norway, and New South Wales were deployed alongside precinct-based paper voting systems.
In the event that the Internet voting system failed, citizens in these territories would have been able to vote using paper ballots. Citizens could ensure ballot secrecy and avoid coercion by casting their vote multiple times using different modalities. Moreover, voters could also verify that their votes were correctly recorded in the system via the Internet or telephone. In contrast, iVOTE does not offer any such fail-safe, ballot secrecy, coercion resistance or verifiability features.
The report recommended that new voting systems should be progressively deployed, starting with mock trials, deployment in surveys and non-political elections, followed by small-scale elections, and then scaling up over a period of years.
This approach – undertaken by countries like Switzerland and Estonia – has the advantage of identifying vulnerabilities at every step, while at the same time, containing the risk appropriately. This also enables voters to become more familiar with the system and for developers to incorporate improvements in the system. “We recommend a similar roadmap be devised for iVOTE along with appropriate milestones at every stage,” the report said.
It also recommended that the ECP reconsider other remote voting modalities, which are less controversial than internet voting and have been successfully deployed in many other countries.
“We note that postal voting is significantly safer than Internet voting in that, even though both modalities compromise ballot secrecy, postal voting is nevertheless not susceptible to hacking, which can completely compromise election integrity,” the report added.
Furthermore, embassy voting, while it poses significant logistics challenges and financial constraints, is even safer than postal voting because it preserves ballot secrecy and protects against coercion. In fact, our strongest recommendation for an alternative option for voting for overseas Pakistanis is to consider deployment of iVOTE in embassies using a closed intranet solution.
There is a critical shortage of cybersecurity skills and expertise in Pakistan, particularly within the field of election security. It recommended that the ECP launch a dedicated and well-funded research and development (R&D) cell with long-term and broad-ranging objectives. This cell should be specifically tasked with building much-needed technical capacity and skills in this domain, in informing and guiding the public debate on election technology, and in developing secure new technological solutions for elections in Pakistan.