Ireland has a bit of a storied past when it comes to its relationship with electronic voting, managing to spend over €50m of public money on the scheme before it was scrapped in 2009.
The early 2000’s were a heyday for e-voting proposals as the wonders of technology had yet to be tainted by the now constant worry of being hacked. Taoiseach at the time Bertie Ahern was a strong backer of implementing the system, even going so far as to say it was an improvement on “stupid old pencils”.
31 countries around the world have used electronic voting machines in an election at one point or another, some with success and some with glaring failures, such as the UK’s trial of an e-voting system in 2007 where security was described as “catastrophically weak”.
“Electronic voting is not inherently insecure, but the organisations operating them often don’t implement the very necessary and sometimes basic cyber security measures in order to make them as secure as possible."
Fears over election security have heightened recently with the FBI’s indictments of 13 Russian nationals for meddling in the 2016 US Presidential Election. Add to this the links to Russian hackers gaining access to State voter registration systems and suddenly the integrity of future democratic elections across the world have been thrown into doubt.
Large-scale cyberattacks such as the WannaCry and Petya bugs in 2017 have demonstrated the weaknesses in governmental security systems and highlight why moving elections away from the tried and tested pen and paper looks like an increasingly bad idea.
“Electronic voting is not inherently insecure,” says Shane Chambers from Irish cyber security firm techguard.ie, “but the organisations operating them often don’t implement the very necessary and sometimes basic cyber security measures in order to make them as secure as possible.
“You’d be amazed how often companies and even government organisations skip basic cyber security measures. For one, they often don’t have a system in place to ensure all machines are patched and up-to-date. End-to-end encryption is another very important tool, as opposed to sending data over insecure means such as email.”
This issue of poor security raised its head again when the organisers of DEF CON, one of the world’s largest conventions for hackers, ran into trouble last month when attempting to purchase disused voting machines for their Voting Village, a part of the event where competitors attempt to exploit flaws in e-voting systems.
“It's important that individuals like us have time with these machines so that we can truly understand and tell everyone about the brokenness of these things."
The event has gone ahead before, with the 2017 contest even producing one machine that was hacked into playing Rick Astley’s “Never Gonna Give You Up”. More worrying results included the takeover of a system by simply uncovering the machine’s USB port and another by gaining access through a Wi-Fi connection.
All of these examples show deeply flawed systems at work and explain why there’s been so much trouble obtaining old machines for this year’s competition. The companies who build them don’t want their weaknesses exposed.
Some manufacturers have even sent letters to sellers of the machines insisting that they stop and that their actions were illegal, despite this being untrue.
TJ Horner, one of the convention attendees, spoke about the need for events like this to demonstrate the poor quality of the systems that elections have relied on.
“It's important that individuals like us have time with these machines so that we can truly understand and tell everyone [about] the brokenness of these things."
Chris Gallizzi, another DEF CON hacker who specialises in hardware, found that the voting machines were worryingly easy to reproduce.
“I would think that they would hire manufacturers to custom-build these chips, but they're all standard, off the shelf. For hardcore copyists it would probably take them about three months and maybe $4,000 or $5,000 to make an imposter machine. You could easily make a prototype."
"There are choices that we need to make now.”
All of the issues that have been uncovered so far have used fairly conventional computing methods, however the quickening pace at which AI technology is progressing has some experts worried about the potential harm it could do.
A new report, titled The Malicious Use Of Artificial Intelligence, raises concerns about the effect AIs could have not only in influencing voters through social media, but that previously secure systems may become more vulnerable to hacking.
“We live in a world that could become fraught with day-to-day hazards from the misuse of AI and we need to take ownership of the problems – because the risks are real,” says one of the reports authors, Dr Sean Ó hEigeartaigh, an researcher at Cambridge.
"There are choices that we need to make now.”
The topic has not been on the agenda in Ireland since the disastrous results of the first implementation attempt. With e-voting on the rise around the world however it will surely rear its head again before too long.
Technological advances are almost always seen as necessary to progress society but in the case of voting a question needs to be asked, what’s the issue with a pencil and some paper?
It’s worked pretty well so far.