Today, the second round of presidential elections is taking place in Poland. On this occasion, we interviewed Marcin Gawlas, CEO of the iVoting startup, about which we have already written several times on our portal. During the conversation, we tackled topics related to online voting.
iVoting and general elections
Blocksats: Can iVoting be used in voting in general elections?
Marcin Gawlas: It should be emphasized at the outset that iVoting is not currently a system that can be used in general elections. However, if we wanted to think about introducing voting via the Internet in the future, it would require the appointment of a wide scientific team of specialists from various fields (IT, cryptology, law). Such a National Team for the Implementation of Internet Voting in the Universal Elections would prepare clear technical requirements and a road map – implementation plan – containing a description of the system architecture and a set of recommendations necessary to amend the provisions in Polish electoral legislation. One should also examine all existing technological solutions in the world by a comparative method and consider how to avoid mistakes that have already been made in the world in our Polish solution. Our team has long declared its readiness to take part in such a nationwide scientific challenge. Only political will is needed here. There is a high probability that during the team’s work it would appear that iVoting is technologically closest to meeting the criteria for the voting system in general elections. Probably then the value of our startup soared up from which I would be extremely happy.
What would be the biggest challenge for members of such a Polish research team on Internet voting?
The challenge would be to secure the system in the best possible way against future threats, which may be quantum computers or major scientific breakthroughs, e.g. in mathematics or physics. The elaboration of a white paper describing the Polish project of voting via the Internet would be a great milestone on the road to introducing voting in elections via the Internet. Only then can the public consultation of the idea begin, because at this point we will know what we are talking about and what we are facing. Another problem is voters’ confidence in the IT system and digital exclusion. You should probably organize help for the elderly who are not able to operate computers or think about hybrid solutions – classic voting at the ballot box and the possibility of voting via the Internet.
Why don’t we vote via the web?
What is the difficulty of implementing such a system and why are we not voting via the Internet in the world, although it seems that society has been ready for it for a long time?
Today we are talking about the introduction of voting via the Internet, but few people in Poland are aware of the technological challenges it involves. I often compare making such a scalable system for millions of voters at one time and a maximally secure system for a trip to Mars. Why? So far, no one has been able to do this correctly. No system in the world guarantees one hundred percent that voting will be safe, strong, unambiguous and the device from which the vote is cast actually supports the right voter. The fundamental problem is the electronic confirmation of the voter’s identity while maintaining the transparency and audibility of the voting procedure. The topic of voice trading is also related to this, which could be easier thanks to computerization than when visiting the ballot box. Current IT systems are characterized by vulnerability to hacking, especially those based on cloud architecture or based on centrally managed servers, because the integrity of voting results depends on the integrity of administrators and software publishers. General election voting software must be open source, the code must be publicly known and available for analysis. The state would have to change its thinking about intellectual property by designing such a system and open to cooperation with the broadly understood community of programmers. Thanks to this, such software could be constantly monitored for manipulation, errors or, for example, the possibility of “electronically adding voices”. Rapid detection of vulnerability by the community of developers caring for the protocol code (the heart of the voting system) modeled on how it looks in Bitcoin, seems to be the most right way. Social control and supervision over the system is a key and fundamental issue. Even if everything I described above, we would do with Swiss precision, it could not be ruled out that any attack on the voting system would lead to a falsified result. However, the difference is that such manipulation would be immediately detected and voting could be repeated. In the current electoral system, this is impossible and would be extremely expensive. This is the fundamental difference in the approach to the risks associated with the electronic voting system. The question is whether the state is ready for such an innovative approach to the topic.
Society and election control
What could such social control of an online voting system look like?
One of the two solutions designed in iVoting gives you the opportunity to verify the correctness of voting and voting results using a decentralized and publicly available data register, and you can use a regular internet browser on your home device or smartphone to check how our voice has been counted. There are no centrally managed servers in iVoting that support the voting process, only the P2P trust network. Many devices participate in verifying how the vote has been cast and whether it has been correctly signed. Each user’s computer and smartphone can share part of the device’s resources to increase the level of cybersecurity of voting networks. The more devices use iVoting, the harder it is to break the system. Along with the increasing number of users, a network of devices strengthening the whole system is being built, this can be called a network of electronic notaries watching over the entire voting process. You do not have to know this as a voter, if you agree that your device’s resources in the background work on increasing the level of security of the entire system, you indirectly help in its security. In addition, the network is supported by trusted servers located, e.g. in local government server rooms or server rooms of telecommunications operators. Believe me, we have the best programmers in the world in Poland. Let us take care of the security protocol code of such a system, and no services or agencies will be able to influence the result of such electronic voting unnoticed. The correctness of the open source approach has been proven by Bitcoin, which has not been broken for several years.
Taming with technological innovation
How do you get your voters used to voting online?
You should start with pilot system tests in local governments in smaller groups in terms of the number of voting groups, e.g. in civic budgets or local referendums, as well as opinion-forming polls. An electronic referendum could be another good experimental field. The first amendment to the Constitution that I would make was the admission of a hybrid referendum – the possibility of voting in a referendum using electronic systems and a classic ballot box, or a mandatory referendum day in local governments regarding the most important issues related to local development once a year. The referendum is a great test tool for electoral systems because it has no direct impact on the choice of authority, but only on some policy direction of that authority, so the risk of a failed system test does not cause a political crisis. Another possible scenario for testing or even a milestone would be a system for voting in general elections for voters living abroad, soldiers on foreign missions or a test based on the vote of prisoners in prisons. Only after such pilot tests would I decide to implement a system for universal piloting.
Is voting by correspondence safer than voting over the internet?
I believe that correspondence voting is not transparent. In the IT system there is always a digital trace and you can get any manipulation after the thread. In correspondence voting, we do not know what happens to our voice during its delivery by post or courier. Cards can come without stamps and the voice is invalid. We are also not sure if the voice went to the ballot box (postal delay or counting manipulation). In my opinion, correspondence voting is the best tool for falsifying election results that you can imagine because no one is able to check the correctness of voting (after all, you can add a second cross on the card at any time during transport or after unpacking). We are also not sure if our voice has been counted at all. How to check? I believe that correspondence voting in Poland may lead to a political crisis with such a small difference in the polls of the main candidates for the President of Poland. Everything depends, as usual, on the intention of the counting votes.
Is blockchain technology the answer to all the challenges discussed above, or is it the best solution to problems related to voting via the Internet?
I am convinced that blockchain could be great for example in the subject of the voter list. We now have such a problem that if someone voted in the first round, e.g. on holiday at the seaside and took from their Municipality a certificate of the right to vote, they must now go back to the Municipality, where they voted in the first round and take the certificate to vote at your place of residence in the second round. This is completely absurd. I think that today we can easily create the Polish List of Voters in Blockchain. Such a decentralized register based on server infrastructure in local governments could enable a completely automated system of voter transcription from one local census to another. Everything would be monitored in the publicly available blockchain registry. The application would be submitted and signed in ePUAP – quickly and efficiently via the Internet. It would be enough to prepare the software and a network of specially secured servers – preferably localized in properly secured server rooms of Local Government Units. The network of such servers should be based on the structure of 314 poviats and 66 cities with poviat rights. The security standards of such servers must be subject to constant supervision and monitoring of access to the server room (exit input cards). The voter could also order correspondence voting cards in this way. Communes updated the register with the registration base. The register would also be updated to deprive citizens of voting rights by courts, which should also be foreseen. The system could also be used to report results from electoral commissions to the PKW, which would speed up the counting of votes and providing the result. Do you remember the famous emails from Poczta Polska to the Heads of Communes, Mayors and Mayors of Towns in the right to disclose PESEL data, addresses and voter name and surname, and matching SIMC, ULIC and TERC identifiers to them? There would be no need to share personal data about the voter, because ePUAP checks the PESEL and name and surname when signing the electronic application, so it would be certain that a given voter transcribed from one list to another, but without disclosing his data. Blockchain would undoubtedly be irreplaceable here. In the future, the server network could be used in the Polish system to vote in general elections. I think voting over the internet is a matter of no more than a decade. The iVoting team will present their results of voting systems research in less than 3 years, which I hope will bring us closer to the first general elections via the Internet.