What if we told you the tiny European nation of Estonia has been voting online since 2005? In this episode, we take a closer look at the way the Estonian system works, the biggest obstacles to online voting in the US, and what it might take to transform one of the most important functions of our society.
Featuring:
Florian Marcus, Digital Transformation Advisor, e-Estonia Briefing Center
Ashby Fiser, CEO of Aviame
Mark Ardito, VP of Cloud Modernization, Kin + Carta
Key Takeaways:
- The Estonian voting system is just part of the country’s commitment to being the “Most Digitally Advanced Society in the World.”
- Estonia’s digital identity system lies at the heart of its digital capabilities.
- Ballot security, infrastructure, and ensuring voter confidence remain the three biggest hurdles to the United States in terms of building a reliable and secure voting system.
- Most experts still believe that paper ballots should be the gold standard for traceable, auditable voting.
- Collaboration, experimentation, and long-term perspectives are key to creating meaningful change to election technology.
Show Notes
(00:40) Why Can’t We Vote Online?
We’ve grown accustomed to sharing such vast amounts of information digitally. Many of the transactions we conduct online every day would have terrified us just a handful of years ago. Banking from your phone, applying for loans, managing credit cards, applying for jobs, renting out your home to strangers, and filing taxes.
So why can’t our voting systems work in the same way?
If this question has ever run through your head, you’re not alone. No surprise, there’s a lot to it. Many people will say it’s next to impossible –at least in the US–in the near future. There are many ways to look at it, and in just about every conversation about online voting, eventually, one country comes up: Estonia.
(01:24) Examining Estonia
With a population the size of Philadelphia, Estonia is known for its vast wilderness, black rye bread, having absolutely no one famous born there, (go look up “Famous Estonians” and you will see what I mean. No one you have ever heard of. No offense Estonia but you need to pick up your PR game), and the option for every citizen to vote online since 2005.
Today, we’re going to talk about how Estonia built its current system as well as the most significant obstacles preventing the United States from doing something similar.
We’ll also discuss whether the real question should be “Should we want to vote online?,” rather than “Why can’t we vote online?”
(02:06) Estonia’s Digital Society
Bordering Latvia to the south, Russia to the East, and the Baltic Sea to the north and west, Estonia has become known as “The Most Digitally Advanced Society in the World.” In fact, 99 percent of all public services are available online: driver’s licenses applications, obtaining permits, paying taxes, opening a business, and yes –voting, all happens through one digital tool.
Since the voting system was first introduced in 2005, the country’s acceptance of it has only grown stronger. In fact, it has flourished. No major vote recounts, no hacking scandals, and in the most recent election, 46.7 percent of all votes were cast online, bringing down the cost per vote by an estimated 50 percent.
Is it a glimpse into the future about how governments will operate? Is it something that only works on a small scale? Or are the threats too extraordinary, too uncertain, and potentially catastrophic, that it should be avoided like the plague?
(03:04) Keeping Ballots Secure
Ballot security is far and away the number one issue plaguing the voting process. Keeping who you voted for a secret so that no one can coerce you into voting for a candidate is imperative because secrecy keeps the coercer from knowing if you were compliant.
The anonymity of voting is also one of the simplest ways to understand the differences between things like financial transactions and voting. Fraud protection systems that help make online banking and tax filing possible depend specifically on linking your activity to your identity. However, in voting, that connection is completely severed, so the technical challenge is turned on its head. There’s also the question of motivation, and the differences between the government wanting your money and wanting you to vote, but we’ll put those questions aside for now.
(03:49) How Does Estonia Protect Anonymity?
So as we play our game of “Keeping up with the Estonians” We wonder how they keep every ballot a secret? It helps to look at the system as a whole. According to Anna Piperal, “The central idea behind this development is transformation of the state role and digitalization of trust. Think about it. In most countries, people don’t trust their governments. And the governments don’t trust them back. And all the complicated paper-based formal procedures are supposed to solve that problem. Except that they don’t. They just make life more complicated.” (Anna Piperal, TED talk, 2:46)
(04:37) The Digital Identity system
When Estonian officials talk about their digital society, they describe three design principles that have guided it since its early development in the 90s. The first is to guarantee privacy and confidentiality. At the center of the technology is the digital identity system, and a digital ID card. Every citizen is issued a digital identity that must be verified before any services can be accessed. We spoke with Florian Marcus, a digital transformation advisor at the e-Estonia Briefing Center, who showed us just how simple it is to vote in Estonia.
If you’re like me, you’re thinking, “End of story? But I have so many questions.”
Estonians says those two pins are what prevent someone from being able to vote fraudulently if they had your digital ID card. But again – what about keeping
my vote anonymous? Florian Marcus stated that: “Encryption effectively means that you can see in the source code how we encrypt our stuff, but to decrypt it, you don’t need to have found a particular line in the code. Instead, you would need a lot of brute computing power to decrypt that key. And the truth is that the encryption that we use these days would take all the different supercomputers in the world combined several years just to crack one sort of transaction”.
“The actual process of voting takes around 20 seconds. It effectively takes as long as you need to decide who you want to vote for.”
Florian Marcus – Digital Transformation Advisor, e-Estonia Briefing Center
(06:08) The Importance of Transparency
Florian was also quick to point out that the entire system’s source code is available on GitHub, meaning IT nerds like myself can take a look ourselves and point out its flaws.
Many experts working on this very problem, in the United States, the United Kingdom, and other European countries, seem to agree that this type of encryption is still not enough still for a country the size of the United States.
There is a type of encryption called homomorphic encryption that could be the solution. I won’t explain the math, because I don’t understand it but people who are much better at math than I am discovered a type of encryption that allows you to perform operations on encrypted data without decrypting it, which still keeps the calculations encrypted. Josh Benaloh at Microsoft has helped develop voting software called Microsoft Election Guard that leverages this encryption to count votes. This allows them to obtain an accurate tally of the total number of votes without seeing who you voted for. Wow. Mom was right. Math is cool.
(07:09) Infrastructure and Innovation
The second major issue is infrastructure. In other words, the systems, servers, software, and networks that online voting would depend on.
The key to the Estonian infrastructure is a data exchange platform called the X-Road. Anna Piperal explained: “Just like a highway, it connects public sector databases and registries, local municipalities and businesses, organizing a real-time, secure, and regulated data exchange, saving an auditable trace after each move.”
(07:51) The “Only Once” Principle
This brings us to the second design principle: Only Once.
Each piece of information is entered only once.
Permits, licenses, leases, contracts, basic medical info–think about how many times you’ve had to re-submit the same piece of information to multiple entities at your local government? I’ve lost track. In the back of my mind, I’m always thinking, “Shouldn’t you have this information already?”
The X-Road data exchange system is just a part of the infrastructure that makes online voting possible, but it illustrates a key point. It’s part of a much more robust approach to digital services. The lack of such an approach in the United States has been underscored by the efforts from several organizations trying to bridge the gap.
(08:50) The United States’ Digital Infrastructure Problem
Organizations like OmniBallot, Voatz, and DemocracyLive have been advocating for online voting as wells as for systems already in place to allow for members of the military and certain citizens overseas to vote online. However, several studies, including studies from the University of Michigan and MIT, have cautioned that the existing online voting systems are rife with vulnerabilities and security issues.
It seems that what’s been built so far, although well intentioned, isn’t supported by a strong enough foundation. It’s attempting to build a service that to work properly, depends on a bigger system that simply doesn’t exist.
It’s a bit like debating where to hang artwork in your home, finally agreeing that, yes, it does tie the room together above the fireplace, when you suddenly remember you don’t actually have any walls. Or floors. And you’re really just standing in an open field with a giant “Live Laugh Love” poster and nowhere to put it.
To make it even more difficult, in the United States, each of the states and the District of Columbia are independently responsible for voting and then the actual mechanics of voting occurs at the county level. Try getting all of those parties to agree on a single shared infrastructure for voting when we can’t even agree on how to pronounce pecan (pee-KAHN) , caramel (car-a-mel), or crayon (crayn).
ANYWAY–Foundations matter. Infrastructure matters. Okay moving on–the third major issue at hand. Voter Confidence.
(10:27) Ensuring Voter Confidence
Estonian leaders put trust at the forefront of their entire system, voting very much included.
The third principle at the heart of the Estonian System? Only YOU have access to the data.
In terms of the voting process, this idea of ownership takes shape in a few ways. First is the structure of elections themselves. Elections are scheduled for ten days. The first seven days are digital only. You can change your vote as many times as you want, and only the last vote is counted.
The issue of coercion comes up a lot here, and Florian said they’re often asked, “What’s to prevent someone from breaking into my home and forcing me to vote for a particular candidate?”
According to Florian, “Yes, somebody could break into my house and force me to vote for a particular candidate, but I’ve got seven more days to change my vote. And obviously that way, it’s very hard to leverage a meaningful part of the population. And even if somebody broke into my house, I don’t know, on the last online voting day at 23:59, just before midnight and would force me to cast my final vote in favor of some other candidates, the paper vote that happens afterwards, overrides any electronic vote. That is still another safeguard that we have for i-Voting.”
(12:15) Trust, Audits, and Accountability
Maintaining voter confidence and a trustworthy system brings up another critical process: audits.
Experts will often point to paper ballots as still the gold standard for an auditable, tangible way to ensure the accuracy of an election. Florian insists they’re able to maintain the same type of trace that’s counted with paper ballots.
We didn’t get into the weeds about the audit process with Florian, but cybersecurity experts around the world, including MIT’s Ron Rivest, have continued to urge government officials to adopt paper-based risk-limiting audit systems, rather than any online voting.
In 2019, Microsoft announced ElectionGuard, an open-source software development kit designed to help make voting, audits and security more efficient. Microsoft has also been quick to emphasize that the technology is NOT designed to support online voting.
(12:23) What about the Blockchain?
So where could the United States Start?
In Estonia, we have a digital government built from the ground up. And everytime a conversation starts about building trust in our voting process, the conversation usually circles back to the question “What about the blockchain? Isn’t the blockchain designed to solve this problem?”
Although the call for blockchain to solve all of our problems was more popular in 2018, it does seem to make sense in this case, a decentralized public ledger to help ensure security of information. What we learned is yes – blockchain technology plays a critical role in the Estonian system as a whole, but not the actual voting process itself.
“Overall the United States has overwhelmingly under-invested into these systems and we are paying the price for it now. We have a massive amount of work to do from an IT standpoint.”
Mark Ardito – VP of Cloud Modernization, Kin + Carta
(15:15) Modernizing the Voting System
Again – the foundation is everything. We spoke with Mark Ardito, Kin + Carta’s VP of Modernization, to get his perspective. Mark has spent his career helping big global businesses break free from old, sluggish technology and move to modern, agile ways of doing things. According to Mark,
“In the United States, we have an enormous amount of technical debt. What that means is we have not invested into computer systems in our government agencies for decades. We see sporadic pockets of investment, but nothing of substance. We have federal systems and then state run systems. All have varying degrees of digital capabilities. Heck, we had the governor of NJ tweet back in April amid the outbreak of COVID that he desperately needed 6 COBOL developers. The IT systems in NJ are over 40 years old and still running COBOL.” (ARDITO, CLIP 1)
“Talk about a lack of investment. Overall the United States has overwhelmingly under-invested into these systems and we are paying the price for it now. We have a massive amount of work to do from an IT standpoint.” (ARDITO, CLIP 1, continued)
(16:54) Building toward a Digital Identity System
Many say a secure universal ID system would create the foundation we need. Ashby Fiser is a UX expert and technologist, working at the intersection of politics and technology. She says it would be a good start but could be best suited if it was taken out of the government’s hands.
(17:30) Collaboration is Critical
The relationship between the tech community and the government is critical, complicated, and if you’ve ever seen clips of tech leaders like Mark Zuckerberg and Jeff Bezos explaining the internet to Senate committees, there’s ground to be covered.
Going back to the original question: why can’t we vote online? Some would say that we shouldn’t vote online. That the danger is too high.
Others argue it’s actually the best way to fight those threats…but that we simply aren’t trying to build a robust system that could actually support it and revolutionize the way we vote. Are we being shortsighted?
(18:26) The Long Term View
Ashby thinks perspective is everything,
“I think a lot of people have a really short-term viewpoint of things and you really have to look. In politics, one of the first things … I met with a guy who had been Obama’s CTO when I first started in this field. One of the first things he told me is you’re not going to get something done in a year. You’re not going to get something done in two years. You’re going to get one major thing done in your political career.
“I sat with that for a really long time and one of the major things I want to do in my political career, whatever that looks like, is to fix voting. If it takes me … I’m 40 right now. If it takes me till I’m 70 to have a universal voting system, I am going to be okay with that. That’s just not a perspective a lot of technologists are willing to take. “