E-voting and the ‘S’ word

What is the most crucial aspect of a nationwide general election conducted via electronic voting? People would be surprised to hear the answer in the corridors of power in Pakistan; it’s anything but the ‘S’ word: security.

As an expatriate engineer who has worked on electronic voting for years with some of the world’s leading researchers, I was surprised to learn this.

I travelled to Pakistan in December 2018 to demonstrate secure and verifiable voting to the authorities concerned in Pakistan. Unfortunately, the response was lukewarm, so my co-founder and I called it a day and resumed our focus on other areas in technology, where we could be of service to our homeland.

In 2021, the current government started pursuing electronic voting with zest and zeal hitherto unseen in the politics of Pakistan. So, despite the deadly impact of Covid-19 and the uncertain travel situation, we decided to go to Pakistan again and see how we could help highlight the ‘S’ word.

I am not going to complain about our months-long battles with red tape. We were prepared for that and expected bureaucratic and political hurdles every step of the way. However, we did not expect the kind of response we got once we did connect with the stakeholders: nobody was interested in getting security right for such a critical and large-scale project.

Once a country decides to hold elections electronically, it has two options. One, use outdated digital ‘bean-counter’ technology such as those used in India, Congo, or Iraq. Second, leverage the decades of research and development in the domain of secure digital elections and conduct cryptographically verifiable voting.

A plethora of hacking demonstrations is readily available for machines that pick the first route. For example, India’s electronic voting machines (EVMs) are an anachronistic reminder of a world before cybersecurity was ever a national concern (their fundamental design continues to remain the same as it was in the early 1980s).

Using these old EVMs also happens to be the easier way forward – letting the state claim it has conducted ‘electronic voting’, regardless of the repercussions.

The consequences can be disastrous. Defending against threats without even fulfilling the basics of a secure design (for example, threat modelling, detection and response, hardware root-of-trust, end-to-end security based on a zero-trust model) will produce catastrophic and embarrassing results for Pakistan’s security.

Simply claiming that the machine is secure because it is offline is a laughably weak posture in an era where Stuxnet – a virus – ended up ruining one-fifth of Iran’s nuclear centrifuges even though they were not connected to the internet.

It is, therefore, almost tragic that the current government wants to ram through its plans for electronic voting without completing due diligence in the area of security. Their concerns and priorities for cybersecurity are little more than lip service and hollow statements.

Giving security its due attention also helps in building trust and consensus among all stakeholders for the general elections. For example, leveraging the secure technology of end-to-end verifiable voting enables independent judiciary, the media, international watchdogs, and most importantly, the people of Pakistan to answer the fundamental question of trust: ‘How do I ensure that these machines are not lying to me?’

The writer is a security engineer with more than a decade of cybersecurity experience. The opinions expressed in this article do not reflect those of any of his current or former employers. He can be reached at: kz@inspirated.com