The 10 commandments for cyber resilience
November 2017
Next weekend, voters in France take to the polls, starting one of the most significant elections in recent European history, with Marine Le Pen’s Eurosceptic anti-immigrant Front National (FN) seeking to take power.
The French government who introduced electronic voting for those living abroad for their 2012 presidential election, last month revoked the right of French Nationals to vote electronically next week, referring to the threat of external hacking. Since then, the e-voting debate has been reinvigorated, years after it was being piloted across Western Europe.
Liberal Emanuelle Macron stated this week that electronic voting should be available to all of France by the next presidential election in 2022 and Conservative François Fillon called for e-voting to be re-established for French Nationals abroad in time for then.
In the age of digital transformation, the failure of large Western European states to adopt successful e-voting systems is perplexing.
The issue has been that hacking has been able to adapt to innovations in cyber resilience and that the systems that have been piloted haven’t been transparent enough to earn the trust of average voters. Last year, California, Florida and New Jersey piloted online voting for the presidential election and the hackers immediately sought to overwhelm it, with cybersecurity start-up Cylance immediately stating that they could hack their system.
The French election comes weeks after the Netherlands election. It marked 10 years since the Dutch outlawed electronic voting. The 2007 decision was largely put down to “reliability and risk” and followed a highly controversial 2006 election, in which 90% of votes were cast online. Investigations found that the machines were not secure, with an ineffective security lock making it possible to wirelessly connect to the machines from a radius of 10 metres.
The German Constitutional Court banned the use of NEDAP voting machines in 2005, stating that elections had to be “public in nature”, stressing the need for transparency.
Ireland bought e-voting machines, but they were suspended from use after a small pilot before being scrapped in 2010. The Irish press referred to this as the “e-voting scandal”. Despite this, the Irish announced last month that they were going to explore the introduction of electronic voting for citizens living abroad.
In the UK, online voting was piloted 5 times between 2000 and 2006, but then discontinued. Last year John Penrose MP stated on behalf of the Government that the UK did “not have any plans to introduce electronic voting … in poling booths or remotely via the Internet”.
Estonia, which has an electorate of fewer than 900,000 people, is the only EU country with successful long term electronic voting in place for all citizens.
There should naturally be a demand for trustworthy transparent electronic voting. During current election counts in the UK, each candidate will send polling agents to a town hall at which party members will watch over independent counters sieving through paper ballots in order to confirm the democratic legitimacy of an election. It has historically led to election results not being known until the early hours of the morning, with some constituencies not releasing results until the following day or later.
There has been a participation crisis in some European Democracies and it is thought that electronic voting could have positive implications for turnout, particularly among young people. Last year, in a regional online poll conducted in the Veneto, Italy, turnout was over 60% in a non-binding referendum on their position within Italy. In Estonia, scholars have found that “casual voters” that make up 10-15% of their current electorate probably wouldn’t have voted if the online option hadn’t been available.
In the coming weeks, without the benefits of electronic voting, the French and Europe will face an agonising wait to find out the election result.