Technology, Trust and Elections

Checkpoint for technology introduction

We begin this section with a caveat that the list making up the checkpoint should be treated as a starting point from which to evaluate the introduction of technology intended for public service. It is understood, acknowledged and foreseen that this section will undergo substantial changes after contributions from experts and interdisciplinary academics¹.

Software systems, by the very nature of their design, contain a set of risks—which as seen above, are especially visible for online voting systems.

We have divided the check points into 3 distinct sets which form the compoents of our framework to evaluate and assess the gaps:

1. One, on the intersection of human rights and technology.
2. Two, on the sufficiency of technology to meet the requirements of an elections process; and
3. Three, on the appropriateness of selecting the technology for a public service process.

Our recommendation is that these three aspects be considered indivisible rather than being selected as unique collections against which to evaluate any proposal to introduce new technology.

• Rights Based Approach

  • Representation - whether the introduction of the changes will continue to provide all citizen with the right to be represented on the electoral rolls without discrimination and exclusion.
  • Security - whether the proposed changes furnish citizens with adequate safeguards against harms originating from data theft.
  • Privacy - whether the proposed systems design includes and enhances the aspect of privacy which is inherent in the secret ballot design of the elections.
  • Coercion - whether the proposed design includes sufficient safeguards against citizens being intimidated or instead makes it easier to coerce them. E.g. The phone-based voting in the Telangana mock elections showed that it can be particularly easy to force and check whether the citizen is voting for the preferred candidate in an unprotected area.

• Minimal Requirements for Secure Elections

  • Secrecy of ballot - The topics of voter coercion and integrity of elections are pinned on the presence of a secret ballot. Thus it becomes a primary requirement of any software or technology being introduced in the elections - whether the system is able to securely record the choice of the voter.
  • Software independence ² - For elections to be auditable they have to be software independent. That is, “an undetected change or error in a system’s software cannot cause an undetectable change in the election outcome” (Rivest, 2008). This largely means that the output of any software based system should be auditable by (preferably) non-software based means. This would enable evidence to be gathered which record votes as intended, collect them as recorded and count them as collected.
  • Voter-verifiable Records - Public Bulletin Boards can help foster trust in the process but more importantly, allow citizens to watch out for deletions or additions to the electoral rolls, whether erroneous or by malicious intent. The results of the individual polling stations should be posted at the centers, so that third parties can verify the total count.
  • Contestability - The voter must be able to back up their claim when they say that the voting machine recorded their vote incorrectly. In the current model it is impossible to know (and trust) whether the vote recorded by the EVM is the same as the one displayed by the VVPAT. In cases where the number of votes recorded seem to far outweigh visual representations of the crowd at the booth, the citizen must have a way to challenge the veracity of the election.
  • Auditing - The first level of auditing is making sure that the EVMs are functioning and replacing those which are not. There is the additional problem of non-government sanctioned EVMs. A portion of the votes of the EVM should be tallied by hand, to make sure no hacking has taken place. If the count of the VVPAT slips doesn’t match that of the EVMs, then repolling should be done at that center, otherwise, the auditing process is pointless.
  • Technical knowledge and skills - Whether the governing authority has an adequate set of technical knowledge and skills related to the technology which is being introduced. The absence of specific, specialized and expert knowledge about the systems are a key gap which would need to be addressed if the numerous possible threat vectors are to be properly countered.

• Representative Deliberation³

  • Public announcement - It is necessary that the governing (and administering) authority for any project related to introduction of technology publicly announce a period of evaluation of the proposal and enable a set of reasonably well understood methods to provide feedback.
  • Scope definition and purpose declaration - The intended outcome, objectives and scope of the proposed system needs to be specifically announced along with details of the purpose. Ambiguity in any of these aspects leads to mistrust in the public interest software being designed.
  • Public availability of technology choice - It is imperative that the details about the selected technology, in terms of information technology architecture, systems design and similar are provided for the public to review, evaluate and examine to acquire better knowledge of the system.
  • Expert input and peer review - It is required to seek experts across a range of domains who can examine the publicly available documents and provide opinions on the suitability and appropriateness of the technology for the defined scope.
  • Public evaluation of prototype - Enabling a public evaluation of the prototype being designed as a lead up to the acceptance and deployment of the solution. This not only enhances public trust in the decision but it additionally helps counteract disinformation and prevents undue corruption.