Research 'Internet voting for voters outside the Netherlands'

By Arjan van Venrooy

Internet voting for voters who are not in the Netherlands on voting day. It sounds so obvious in a time when we do almost everything via the Internet. Commissioned by the Ministry of the Interior and Kingdom Relations (BZK), Highberg conducted a study in 2014 on the risks of this form of voting.

Research 'Internet voting for voters outside the Netherlands'

The study concluded that Internet voting cannot meet all safeguards. Internet voting takes place from an environment that cannot be controlled by the polling station (or any other government organization). The risk of coercion or influence on the voter is one of the residual risks of voting by voters outside the Netherlands, whether Internet voting, postal voting or proxy voting.

Because the guarantee of voting freedom cannot be met, the guarantee of voting secrecy also applies that it cannot be guaranteed by the government on the side of the voter. Incidentally, this is no different from letter voting.

In the comparison with letter voting, for many of the threats surrounding Internet voting, while the knowledge (and in some cases, effort) required to develop a threat is high, the threat can then be applied at marginal additional cost. Therefore, the scale at which the threat can occur can be very large and is no longer determined by the human effort or resources required. In a sense, it can be said that the threat is then automated. Incidentally, recent developments show that less and less specialized knowledge is needed to carry out these threats; cybercriminals rent out ready-made malware, viruses and DDoS capability at ever lower costs.

The risk analysis recognized several threat scenarios that affect the guarantee of integrity, including the two threat scenarios Non-eligible voter casts vote and Manipulation of vote or result. The extent to which the guarantee of integrity can be met depends primarily on the design of the Internet voting system and the extent to which this design is correctly implemented. However, it is impossible for the government to protect the voter's computer from manipulation. Such manipulation (in a scenario where an attacker has managed to surreptitiously install malware on the voter's computer and thereby change the vote cast) is also extremely difficult to detect.

Use in other countries

BZK also asked in which other countries voting was done via the Internet, and if so with which systems. A worldwide survey showed that Internet voting was used in only seven countries in 2003. Only Estonia introduced Internet voting on a national scale, in the other six countries Internet voting was reserved for a specific group of voters such as residents of a specific state, or voters residing abroad. It was notable that in all the countries studied turnout had not increased significantly, but costs had. 

The study also focused on innovations in voter verifiability; the ability for voters to verify that their vote was counted as intended. These new forms of verification also raise new questions: if everyone can verify that their vote was counted correctly, how does this prevent a voter from having proof of what they voted, and thereby enabling the (illegal) selling of votes? 

Cabinet response

Minister Plasterk sent the government's response to the Highberg report to the House of Representatives in March 2014: "the time is not yet ripe for Internet voting. There are too many risks involved and it is costly. The Cabinet gives priority to abolishing the registration requirement (per election) for voters who are allowed to vote from abroad, so that it becomes easier for this group of voters to participate in elections."

History of Internet voting

Internet voting, by the way, is not something of recent years. Internet voting was used in official elections in the Netherlands as early as 2004 and 2006. On our website, we have created a comprehensive overview of the History of Internet Voting.

Do you want to know more about Voting over internet? Ask Arjan van Venrooy.