THE BLOG

Online Voting For Trade Union Ballots, Moving Beyond The Security Debate

19/12/2016 13:00 GMT | Updated 19/12/2016 13:00 GMT

Following this year's Trade Union Act, which included a requirement for a minimum 50% turnout on ballots for industrial action, the UK Government recently announced the start of an independent review into whether trade union members should have access to electronic voting alongside traditional paper-based methods.

Led by Sir Ken Knight, the proposal to use internet voting has raised the usual concerns about security and rigged elections. Indeed, security is the main driver of the review with the Government's official press release outlining its responsibility to identify 'risks of interception, impersonation, hacking, fraud or misleading or irregular practices'.

Security is, of course, fundamental to any new technology, and internet voting is no exception, but it's interesting how online voting sparks disproportionate levels of concern, over and above that of other technologies used by Government and elsewhere. In spite of 12 years of successful and secure implementations, online voting continues to be shrouded my misconceptions around the technology and security protocols used. Indeed, voting online is arguably more secure than our current system of postal voting where voters have no way of knowing if their vote has been received, if has been manipulated in any way or if it has been cast-as-intended, recorded-as-cast and counted-as-recorded.

When looking at the security issues around online voting, it's important to understand that the presence of a security risk does not mean the voting channel is vulnerable. What makes a system insecure is a lack of proper security measures to mitigate that risk. In online voting, as in other technologies used in both public and private sectors, advanced security protocols and frameworks are fundamental to risk mitigation. To get even more technical, a full security framework that proactively provides full voter data protection, incorporates end-to-end encryption, absolute voter privacy, transparency and auditability will be a prerequisite to any online voting system which the review finally recommends.

The question which the review should be asking isn't whether online voting is secure, but rather which technology is needed to make sure we mitigate the risks that online voting presents. There are risks of interception, impersonation and intimidation with all methods of voting, whether union members decide to use online voting or more traditional paper-based systems.

Similarly, not all security systems are created equally. There is a clear distinction between basic and advanced information security. Standard security methods are sufficient for protecting certain internet services, such as online banking, but have proved to fall short when it comes to the protection needed for online voting. Similarly, online voting systems need to be auditable, to ensure the final election result is correct, but at the same time voter privacy must be maintained which can't be done with standard monitoring mechanisms.

Get it right, and trade union leadership has an opportunity to connect with its members in a new and exciting way. The benefits of online voting, alongside ballot boxes and postal votes, are numerous including greater member engagement and turnout to ballots, great usability and enhancement of the voter experience, accessibility through being able to vote anytime and anywhere, efficiency savings as the need for polling stations and election staff is reduced, mitigated voter coercion and greater accuracy.

Rightly or wrongly, the Trade Union Act 2016 will ensure that strikes only ever happen as a result of a clear, positive decision by those entitled to vote. Modern secure online voting systems enable those voters to exercise their right to vote in private, without fear of intimidation and ensuring that the votes received by the voting system contain their vote intention (cast-as-intended), that the votes are stored in the ballot box (recorded-as-cast), and that the vote decryption and vote counting process did not manipulated the vote content during the process (counted-as-recorded).

Ian Brook, Director, Northern Europe, Scytl