The elections may be over, but the frenzy is still there. Earlier this year before the elections were conducted it was reported that overseas Pakistanis will not be able to vote this year as the system were not ready.
Earlier on April 12, 2018, the Supreme Court of Pakistan had convened a session pertaining to the voting rights of overseas Pakistanis and the session was presided over by Chief Justice of Pakistan Mian Saqib Nisar and included members of various political parties, IT experts from Pakistani universities, concerned citizens, and members of the media. NADRA at the session had demonstrated its e-voting platform iVOTE that would allow overseas Pakistanis to cast their votes for the forthcoming General Elections using the internet.
The parties in attendance had strongly affirmed the right to vote for overseas citizens. However, the IT experts expressed their concerns about the potential security issues posed by the deployment of this system. As a result, on the directions of the Supreme Court, the Election Commission of Pakistan constituted a task force on April 19, 2018, to undertake a technical audit of the iVOTE platform.
According to the latest news, the task force on voting rights of overseas Pakistanis in their report pointed out that there are various shortcomings in the proposed system of internet-based voting that ultimately reduces the chances of its use in the near future.
The report read that online voting systems, even in the developed world, catered to relatively small number of voters – a mere 70,090 online votes were cast in the Norwegian elections in 2013, 176,491 in the 2015 elections in Estonia, and around 280,000 votes in the state election in New South Wales, Australia. Furthermore, it also stated that the leading international cybersecurity professionals have repeatedly voiced serious concerns regarding the security of internet voting.
The report although was constituted in April has been made public on Monday, 13th August 2018.
The report goes on to state that various demonstrations have played a determining role in discouraging deployment of internet voting in several developed countries, it reads that “Researchers discovered vulnerabilities and launched devastating attacks on such systems (including those deployed in the US, Estonia, and Australia) that impacted tens of thousands of votes.”
Since the iVOTE system in Pakistan is to be deployed for over six million Pakistanis, it is to be one of the largest deployments of online voting in the world. The report goes on to read that “In case of the aforementioned examples, the risk of system failure or mishap has been restricted to relatively small populations and geographical regions. However, in our case, failure or electoral rigging overseas is not confined to a few seats and can potentially impact each and every constituency in Pakistan, thereby playing a critical role in the formation and composition of the next government.”
However, the Internet Voting Task Force (IVTF) in its report said that over time, Western countries have established strong and resilient mechanisms to investigate and resolve electoral disputes. The report also mentions that iVOTE categorically does not provide ballot secrecy as required in Clause 94 of the Elections Act 2017 and Article 226 of the Constitution of Pakistan.
There have been concerns about phishing attacks and hacks that can possibly disrupt the voting procedures. With Distributed Denial of Service (DDoS) attacks being a persistent threat on the Internet, NADRA has deployed a leading international filtering solution to protect against these attacks, but election security researchers point out that this arrangement compromises ballot secrecy by enabling foreign entities to decrypt and view, and potentially even modify, ballot contents of voters in an undetected manner.
Moreover, the report does state that
“many of the security vulnerabilities pointed out are not specific to iVOTE but are inherent to this particular model of Internet voting systems. Therefore, even if the voting system itself has ironclad security, these attacks will still be effective because they do not target the voting system, but instead, they focus specifically on the voter’s computer and the underlying network, both of which are not under NADRA’s control. For this reason, certain territories (such as Estonia) have recently announced that they are abandoning this particular model of internet voting in favour of a rigorous cryptography-based solution.”
The report also gives valuable suggestions that the new voting systems should be progressively deployed, starting with mock trials, deployment in surveys and non-political elections, followed by small-scale elections, and then scaling up over a period of years. Also, that the ECP should reconsider other remote voting modalities, which are less controversial than internet voting and have been successfully deployed in many other countries.
