
A combined online and postal vote will soon decide the UKās next prime minister, but doubts linger about whether the process is truly secure.
The National Cyber Security Centre (NCSC) ā a branch of UK intelligence organisation GCHQ ā stepped in to delay the ruling Conservative party leadership poll early in August while security for the online voting was tightened. . It is the first time the UK prime minister will be chosen using online votes, and continued worries over hacking raise questions about whether online voting is a safe or wise choice when the stakes are so high.
Reports suggest that the race between Rishi Sunak and Liz Truss for the top job was . Party members were due to vote with a unique code that could be used by post or online, and they would be able to change their vote until polls closed. It was this ārevotingā that the NCSC reportedly said represented a risk, and the ability has now been removed.
Advertisement
, director of the Surrey Centre for Cyber Security at the University of Surrey, UK, says the NCSC was right to take an interest in the vote considering the possible implications of a hack. He says that online voting simply isnāt ready for statutory elections yet.
āIt is certainly plausible that hostile nation states might have an interest in affecting the outcome of this election if they were able to, and also that they have the capability to do so,ā he says. āThey may be able to interfere by disrupting the election, either swinging the result in favour of their preferred candidate or casting doubt on the veracity of the result to undermine the legitimacy of the winner. These seem to be real possibilities that the system needs to guard against.ā
The NCSC and the Conservative party didnāt respond to requests for comment, but it is common knowledge that many nations run their own cyberattack teams and that some of these seem to have been involved in influencing elections. Meanwhile, physical electronic voting machines already in use in the US have been found to have security vulnerabilitiesĀ and to make .
Election fraud was happening long before computers were invented, so it doesnāt seem too much of a stretch to assume it will continue after the worldās polls move online. And given that government IT contracts are often chopped and changed, which can lead to changes in servicing or upgrade schedules or which software is used, there should also be legitimate concerns about the reliability of voting machines, or online services, even without deliberate attacks.
The NCSCās intervention should have reduced the risk of a deliberate attack influencing the UK voteās outcome, but even raising the issue may have damaged the publicās faith in online voting. For people to have trust in the political system, it is vital that elections not only work but are also seen and believed to work. Public distrust in electronic voting could further undermine faith in politics.
, a retired computer scientist and voting machine expert formerly working at the University of Iowa, says that making a vote public rather than secret is one way to guarantee safety, and that if people want to keep information on who voted for whom secret, then computers arenāt the way to go.
āYou simply post all the votes in public where everyone can inspect the votes, and you provide a way for voters who object to the way their own votes were recorded with a way to correct them,ā he says. āI cannot see how to guarantee ballot secrecy without some form of physical ballot voted in the privacy of a voting booth. Paper is a particularly convenient form of physical ballot.ā
Ultimately, there is no such thing as an unhackable machine or service, and hundreds of years of experience running votes with paper ballots means this remains the safest way to hold elections.