Australia has used Internet voting in several elections in New South Wales since 2011. An assessment of the NSW program noted that there was a significant problem with mis-recorded votes, where votes were recorded as an alphabetic letter rather than as the required digits. Those votes were not counted, and voters were not able to re-vote. Other problems pertained to voter authentication, including a circumstance in which voters using truncated ID numbers (fewer digits than official ID numbers were required to have) were able to log in and vote. Using ID numbers was meant to anonymise the voters, but because the system failed to properly separate ID numbers from votes or voters, the New South Wales Electoral Commission was able to trace the votes to the voters using the incorrect ID numbers, completely contravening the country’s anonymity requirement.
In an online election in NSW in March, 2015 Verified Voting Advisory Board members Alex Halderman and Vanessa Teague discovered serious vulnerabilities while the election was in progress. Election officials paused online voting in the middle of the election to patch the worst problem, but many other vulnerabilities and issues they raised were not acknowledged or addressed.
Post-Implementation Review of the iVote Project (Price Waterhouse Coopers, 2015)
The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election (Halderman and Teague, 2015)
Problems with the iVote Internet Voting System (Computing Research and Education Association of Australasia, 2012)
Post Implementation Report (Elections NSW, 2011)
iVote Report (Allen Consulting Group, 2011)
Since 2015 various municipalities in Ontario have used Internet voting in their local elections. But Canada has not conducted any online elections at the provincial or federal level. In 2011 the British Columbia Elections Commission produced a paper recommending against online voting (see below), yet some jurisdictions have continued to move forward. Indeed, a primary election in 2012 was disrupted by hackers. In 2013 Elections Canada, the independent, non-partisan agency responsible for conducting federal elections and referendums in that nation, reported it is holding off on further experimentation with Internet voting until at least after 2015.
Toronto City Clerk’s Report Regarding Internet Voting (2016)
Recommendations Report to the Legislative Assembly (Independent Panel on Internet Voting, BC, 2014)
Security Assessment of Vendor Proposals (City of Toronto, 2014)
Web Accessibility (WGAC 2.0) Evaluation (City of Toronto, 2014)
Status Update – Internet Voting Service for PErsons with Disabilities for the 2014 Municipal Election (City of Toronto, 2014)
Internet Voting for Persons with Disabilities – Demonstration Script (City of Toronto, 2013)
RFP for Internet Voting (City of Toronto, 2013)
Scytl Agreement (City of Toronto, 2014)
Scytl Statement of Work – redacted (City of Leamington, 2014)
Scytl Statement of Work – unredacted (City of Leamington, 2014)
Dominion Statement of Work (City of Brockton, 2014)
Internet Voting Discussion Paper (Elections BC, 2011)
Internet Voting Report (Delvinia, 2004)
Estonia began an internet voting program in 2005. In Estonia, all citizens have a smart ID card, enabling voter authentication. Authenticating the voter is only one challenge, however. The Estonia system was evaluated by The Organization for Security and Cooperation in Europe / Office for Democratic Institutions and Human Rights (OSCE/ODIHR) after their team carried out an observation mission in 2011. They described a number of security problems, including lack of adequate protection of anonymity or privacy of the ballots.
In 2014, Verified Voting Advisory Board members Alex Halderman and Harri Hursti traveled to Tallinn with others to observe and study an online election. They found numerous vulnerabilities and extremely sloppy operational security practices, which they detailed in their report.
Security Analysis of the Estonian Internet Voting System (Halderman, Hursti, Kitcat, et al, 2014)
Report on 2011 Estonian Parliament Elections (Office for Democratic Institutions and Human Rights, 2012)
Finland explored the use of a kiosk-based online voting system, which was intended to offer increased protection against coercion, and reduce somewhat the risk of some forms of malware. Due to significant flaws in the system resulting in lost votes, Finland’s Supreme Administrative Court in 2009 annulled results of Finnish 2008 municipal election and called for a re-vote on a paper ballot system.
A Report on the Finnish E-Voting Pilot (Electronic Frontier Finland, 2009)
Report on Finnish E-Voting Pilot (Council of Europe, 2008)
France conducted an online primary in 2014, its first, using a system touted as secure, but journalists from the news site Metronews showed that it was easy to breach the allegedly strict security of the election and vote several times using different names, throwing the outcome into doubt.
Norway has experimented with internet voting systems. A “low-effort review of the source code” of Norway’s system was conducted by experts from the Norwegian Computing Center and the Norwegian University of Science and Technology, finding even at a rudimentary glance “significant problems with coding style, security and correctness.” We do not know if any mitigating improvements have been made to date, but the problems found had the potential for altered outcomes. In June, 2014 the Norwegian Government announced that it would no longer pursue internet voting pilot projects.
Public Review of E-Voting Source Code (Tapir Akademisk Forlag, 2011)
Other European countries have experimented with electronic or Internet voting and have elected to discontinue its use. In Spain, an election for a “referendum in the Spanish city of Barcelona encountered problems in relation to voter identification and identity theft, with a prominent voter finding that someone had already logged on with his authentication details and cast a ballot for him,” as reported in this comprehensive 2012 International Foundation for Electoral Systems (IFES) report about Internet and electronic voting. In August 2014, Arnis Cimdars, chairman of Latvia’s Central Electoral Commission (CVK) said that electronic voting was not secure enough to allow it to be used in Latvian elections, noting “According to our experts, it is not possible for us with current technology. We have some mental reservations about this method of voting, too… at the moment it is not possible to ensure the anonymity and security of this method of voting, so I don’t think it will happen very soon.”
Both Moscow, Russia and SwissPost in Switzerland have proposed online voting systems, but in both cases security reviews before they were fielded convinced authorities not to use them.