"…first time the UK prime minister will be chosen using online votes, and continued worries over hacking raise questions about whether online voting is a safe or wise choice when the stakes are so high….many nations run their own cyberattack teams .....Public distrust in electronic voting could further undermine faith in politics….
"Douglas Jones..says that making a vote public rather than secret is one way to guarantee safety, and that if people want to keep information on who voted for whom secret, then computers aren’t the way to go…. “I cannot see how to guarantee ballot secrecy without some form of physical ballot voted in the privacy of a voting booth.””
COMMENT: . There were many problems with having such a small number of voters. (Conservative Party members only) choosing the Prime Minister of the UK, but conducting this election with online voting undermines confidence further. Bloomberg: "Even Liz Truss’s Supporters Worry Her Plans Could Create Havoc for the UK”. Allegra Dengler
https://www.newscientist.com/article/2334827-tory-leadership-contests-online-vote-is-still-vulnerable-to-hackers/
Tory leadership contest's online vote is still vulnerable to hackers
Hacking concerns continue to dog the online Conservative party vote, which will decide next UK prime minister – should online voting even be used in such situations?
TECHNOLOGY | ANALYSIS 25 August 2022
By Matthew Sparkes
A combined online and postal vote will soon decide the UK’s next prime minister, but doubts linger about whether the process is truly secure.
The National Cyber Security Centre (NCSC) – a branch of UK intelligence organisation GCHQ – stepped in to delay the ruling
Conservative party leadership poll early in August while security for the online voting was tightened. There are still concerns about it. It is the first time the UK prime minister will be chosen using online votes, and continued worries over hacking raise questions about whether online voting is a safe or wise choice when the stakes are so high.
Reports suggest that the race between Rishi Sunak and Liz Truss for the top job was delayed because of specific concerns. Party members were due to vote with a unique code that could be used by post or online, and they would be able to change their vote until polls closed. It was this “revoting” that the NCSC reportedly said represented a risk, and the ability has now been removed.
Steve Schneider, director of the Surrey Centre for Cyber Security at the University of Surrey, UK, says the NCSC was right to take an interest in the vote considering the possible implications of a hack. He says that online voting simply isn’t ready for statutory elections yet.
“It is certainly plausible that hostile nation states might have an interest in affecting the outcome of this election if they were able to, and also that they have the capability to do so,” he says. “They may be able to interfere by disrupting the election, either swinging the result in favour of their preferred candidate or casting doubt on the veracity of the result to undermine the legitimacy of the winner. These seem to be real possibilities that the system needs to guard against.”
The NCSC and the Conservative party didn’t respond to requests for comment, but it is common knowledge that many nations run their own cyberattack teams and that some of these seem to have been involved in influencing elections. Meanwhile, physical electronic voting machines already in use in the US have been found to have security vulnerabilities and to make unpredictable errors.
Election fraud was happening long before computers were invented, so it doesn’t seem too much of a stretch to assume it will continue after the world’s polls move online. And given that government IT contracts are often chopped and changed, which can lead to changes in servicing or upgrade schedules or which software is used, there should also be legitimate concerns about the reliability of voting machines, or online services, even without deliberate attacks.
The NCSC’s intervention should have reduced the risk of a deliberate attack influencing the UK vote’s outcome, but even raising the issue may have damaged the public’s faith in online voting. For people to have trust in the political system, it is vital that elections not only work but are also seen and believed to work. Public distrust in electronic voting could further undermine faith in politics.
Douglas Jones, a retired computer scientist and voting machine expert formerly working at the University of Iowa, says that making a vote public rather than secret is one way to guarantee safety, and that if people want to keep information on who voted for whom secret, then computers aren’t the way to go.
“You simply post all the votes in public where everyone can inspect the votes, and you provide a way for voters who object to the way their own votes were recorded with a way to correct them,” he says. “I cannot see how to guarantee ballot secrecy without some form of physical ballot voted in the privacy of a voting booth. Paper is a particularly convenient form of physical ballot.”