The Finnish eVoting Experiment: What Went Wrong?

AUTHOR
Olli I. Heimo, N. Ben Fairweather and Kai K. Kimppa

ABSTRACT

In this paper we analyze the validity of claims made in Finland of benefits from an electronic voting (eVoting) system in the context of the recent election there. We also look at the potential harms from an eVoting system and then compare the benefits with the risks. According to our analysis of the discussion in Finland, legal, ethical and technical experts in the field see the benefits to be marginal, whereas discussion in Finland and elsewhere suggests the harms can be fundamental. The main problem with the application is that it has been done without carrying the underlying principles of the paper ballot over to the eVoting system.

Justifications given in Finland for the eVoting system have been the following: ‘cost savings’, ‘activating passive voters’, ‘speed and efficiency of the system’, ‘staying in the front line of ICT-using-nations’, and ‘reliability of counting votes’. The argument was also made that ‘if the banking system can be made secure, why not the voting system?’ The possibility to ‘follow the Estonian way’ (where Internet and Mobile Voting were introduced) was later hinted at, but never really mentioned as a justification, although if the more passive citizens are to be activated, this seems like a logical next step. All these claims are, of course, prima facie plausible. However, most of them do not stand up to close scrutiny, nor are the problems with the stated justifications the only ones with the eVoting system as it was implemented in Finland.

There are problems with the claims, some major, some minor. Cost savings from using the system are questionable at best. Information Systems tend to need updates and modifications from year to year, and according to official reports, at least for now, there have only been extra costs from the system (Valtiovarainministeriö, 2000-2008). Passive voters would still need to show up to the voting location (as there was no Internet or Mobile voting), thus the novelty may have resulted in some new voters, but this is unlikely to last. Clearly, the system is faster in giving results than the traditional paper ballot. However, the time saved: reducing the count from approximately 4 hours to 30 minutes if all (or major part of) voters use the system, is hardly a major advantage if elections are held once every 18 months. ‘Staying in the front line’ of anything can be questioned to be a value in itself. Some justification for why it would be valuable is of course needed. Reliability of the system is questionable – already problems have been discovered with the user interface of the system, the system itself is a black box (‘security through obscurity’), and the functioning which is a mystery to all except the designers and auditors of the system. Internet and/or Mobile voting might actually activate currently passive voters, however, the results from other votes in which these have been used show a jump in activity (novelty value of the application) which then soon fades to almost same figures as before. Also, if the voters are so passive that they cannot, on a bank holiday, be bothered to go vote – should they?

Unfortunately these are not the only problems with the system. Other problems raised include the following: votes are kept together with the voter’s name after the vote is cast, thus effectively eradicating anonymous voting if those holding the keys to the ballot, at any later date, want to know who voted for whom. The implications of this are clear and could be, in a changed political climate, catastrophic. There is, unfortunately no guarantee (check sum or similar) that the software actually used is the same as the audited one. Many critical faults were found in the audited software, but only two of these were fixed in the software used. The software used is proprietary – only a select few, after signing a very restricting non disclosure agreement, were allowed to verify whether the software actually is secure (see e.g. Fairweather & Rogerson, 2002, p. 15 on the need for transparency). The system is, by definition, much more complex to understand than a paper ballot which can be explained to anyone in 15 minutes. By contrast the software, cryptography, etc. involved in an eVoting system cannot (see e.g. Mercuri, 2001 on difficulty to explain systems to laypersons). Finally, there is the possibility of hidden back doors in the software. A hostile takeover of the system (by either national or external parties) is thus much more likely than with traditional paper ballot.

Finally, the user interface of the system malfunctioned due to non-intensive testing. This led into invalidation of the vote in the three municipalities which used the eVoting system. In the media and in the statements given out by the government officials, this was described as user error – when in reality, it was a user interface error (which was actually found in the user tests, but ignored). The user interface did not clearly verify that the vote had actually been recorded, and thus the percentage of lost votes was over three times as high as on average on the paper ballot (0.7% ? 2.36%). Those critical of the system grasped this in their public statements with vehemence, some of them pointing out that ‘if even the user interface was this faulty, what about the actual system?’ – yet, others critical of the system thought the ‘logic’ from faulty user interface to faulty system self evident, and failed to even mention the latter aspect. This was then, predictably, twisted by those in favour of the system as ‘being a minor problem with the user interface, which can be corrected easily enough’, thus leaving the actual underlying problems wholly unhandled.

Even though the Finnish eVoting experiment is for the moment on pause, and it is unclear whether it will be continued, it may continue without attempting to answer even those faults with the system which could be addressed, let alone trying to mitigate those problems with the system that cannot be solved.

REFERENCES

Fairweather, N. B. & Rogerson, S. (2002) Technical Options Report online at http://www.local-regions.odpm.gov.uk/egov/e-voting/pdf/tech-report.pdf, accessed Jan 21st 2003

Mercuri, R. (2001) Electronic Vote Tabulation: Checks and Balances PhD thesis,
University of Pennsylvania.

Valtiovarainministeriö (2000-2008), Valtion talousarvioesitykset [Finnish Ministry of Finance, Budget Presentations], http://193.208.71.163/indox/tae/index.html, accessed Dec 1st, 2008.

Other sources used

Various news papers (e.g. Helsingin Sanomat), public statements by government officials in television, public and private Internet forums (e.g. Effi mailing lists) etc.

Comments are closed.