Sign up to our newsletter
As Britain takes to the polls for its general election this week, many have questioned why voting in the country hasn’t advanced to the digital age. While Thursday’s vote will take place in schools and local halls, a breakthrough from the University of Birmingham suggests that this old tradition may come to an end in time for future votes across the UK.
SC Magazine reports that the technology is designed to work even for those whose computers are suspected to be infected with malware. Called a Du-Vote, the credit card sized device takes inspiration from card readers distributed by banks to authenticate transactions in their online services.
“The main advantage of this system is that it splits the security between the independent security device and a voter’s computer or mobile device. A computer is a hugely powerful, all-purpose machine running billions of lines of code that no one really understands, whereas the independent security device has a much, much smaller code base and is not susceptible to viruses,” explained Professor Mark Ryan, from the security and privacy research group at Birmingham University.
The device works in conjunction with a unique code that they need to type into the computer when the device is connected, and it could be ready in time for use at the 2020 or 2025 general elections, the research group says.
Gurchetan Grewal, part of the project team also told Phys.org, “This is currently the only piece of work that addresses a core problem of e-voting – namely, that someone may have viruses or other malware on their computer. For example, the system in Estonia, where they have already introduced online voting, does not deal with this potentially undetectable source of vote manipulation or breach of voter privacy.”
However, others remain skeptical that secure e-voting is this close. Speaking to SC Magazine, Jeremy Epstein, a senior computer scientist at SRI International, predicts that we’re still 20-30 years away from a genuinely secure solution to rival the ballot box: “It’s difficult to predict when the political pressures will force e-voting to happen; it’s already happening in the US, Estonia, and other countries. However, it’s not *secure* e-voting, it’s just e-voting – every system that’s been examined has been insecure.”
“The university research focuses on the security of the voting experience, sometimes at the expense of usability by the voter. Vendor systems focus on usability, and are (so far without exception) completely insecure. We need to bring the two together to come up with systems that are both secure and usable,” he added.
The paper, titled ‘Du-Vote: Remote Electronic Voting with Untrusted Computers’, is due to be presented at the IEEE Computer Security Foundations Symposium in Verona, in July.
Author Alan Martin, ESET