Voting is a prime example of a system of collective choice that could be vastly improved by taking advantage of SSI to support making those collective choices over distance. Shannon Appelcline, the long-time editor-in-chief of the Rebooting the Web of Trust (RWOT) series of SSI conferences and a technical writer for Blockchain Commons, explores this topic in depth by outlining the problems with distance voting to date, considering the possibilities of true voter agency, and detailing how SSI fits into this new vision for open democracy.
The wonder of democracy is that members of a city, region, or country can vote to personally decide how their society is governed—through either direct or representative democracy. However, managing votes isn’t as easy as it sounds, particularly in the ever-more-remote world of the twenty-first century.
In-person voting works relatively well because it’s easy to block double voting when you can physically connect each individual person to a specific identity. When a state requires physical presence, it can verify identities by checking preauthenticated voter logs or comparing handwriting or signatures. Even if a state doesn’t have sophisticated civic records, it can use other physical means to minimize double votes, such as inking thumbs with indelible ink. In-person voting also has other benefits, such as reducing coercion or undue influence that could otherwise corrupt democratic ideals.
Unfortunately, in-person voting offers strong security at the cost of accessibility: although a state can ensure that votes are proper, it also loses many possible voters. There are cases when no one might be able to vote in person due to disasters of various sorts—as happened in various locales during the COVID-19 pandemic of 2020 [1, 2]. This directly contradicts the core desires and needs of a democracy, which is all about government by the people.
To expand our democracies by improving accessibility, we need to figure out how to authenticate identities as we move further away from a physical voting box. SSI can do this and, in the process, create new possibilities for voter agency that far exceed the capabilities of state-sponsored identities.
21.1 The problems with postal voting
For the past few decades, postal voting has been on the rise, allowing voters to assert their identities by mail. Once, it was solely the province of those who had an excuse to vote absentee, but today increasing numbers of people can vote by mail. In the United States, 28 states (and the District of Columbia) now allow early voting without an excuse, with Colorado, Washington, and Oregon voting entirely by mail [3]. As a result, postal voting in the United States has nearly tripled in recent decades, from 7.8% of votes cast in 1996 to 21% in 2016 [4]. Similarly, the UK enabled on-demand postal voting in 2001 [5] and saw 22% of their votes cast by mail in 2017 [6]. However, the rest of the world is only slowly edging toward this democratic innovation: many other countries still restrict postal voting to absentee and overseas voters.
Postal voting certainly improves the accessibility of democracy, as people can vote without leaving their homes. However, in taking the first step beyond in-person voting, it also loses some security benefits.
Although many claims of concern over voter fraud are politically motivated, The Christian Science Monitor [7] has illustrated several real cases of postal voting fraud in Florida and Texas, where attackers used the disconnect between the voter and the voting authority to introduce false or coerced ballots. Similar concerns regarding “undue influence,” “personation,” “bribery,” and “treating” have been raised in the UK [8]. These examples are not isolated.
A particularly notable case occurred in 2018, in NC-9, the ninth congressional district for North Carolina in the United States. Here, statistical anomalies in the voting results revealed that an organization had been harvesting absentee ballots and altering them before their submission [9]. A high “unreturned” rate of postal ballots suggested that some may also have been discarded [10].
CONSIDER The problem in North Carolina resulted from centralization: the people who picked up the absentee ballots. Any centralized authority could similarly prove untrustworthy.
Together, these problems demonstrate how hard it is to reliably assert identity from afar, at least when using traditional identities. Even for this simple, well-understood method of distance voting, better solutions are needed than those supported by most of today’s state-sponsored bureaucracies.
21.2 The problems with e-voting
Postal voting isn’t the endgame for voting accessibility, as postal delivery itself is rapidly being left in the technological dust. In the modern world, the clear next step in voting accessibility is e-voting, where people will be able to vote using the internet. Unfortunately, e-voting is even more removed from in-person voting than postal voting and thus may be even more prone to security problems.
To date, e-voting has mostly been used by websites for ratings. Although online ratings are often useful, they also highlight significant problems with digital identities, which can be freely and anonymously created. Amazon has fought against both Sybil attacks [11] and paid reviews [12]. Similarly, Rotten Tomatoes has spent several years battling against the corruption of ratings for movies that have diverse leads—and was forced to entirely shut down the site’s pre-release ratings as a result [13, 14].
CONSIDER To date, many problems with e-voting result from Sybils, which are multiple, fake accounts. How can you know that a digital person is “real”? That’s one of the problems that SSI seeks to address.
An e-voting system that supported an open democracy would need to find solutions that worked much better than the bandages used so far on internet rating sites, as shown by Australia, France, and Spain, all of whom flirted with e-voting in recent years but ran into problems with security or misapplied results [15]. Although solutions may be difficult, there’s a real need: after Hurricane Michael hit the Florida Panhandle in 2018, Bay County Supervisor of Elections Mark Andersen allowed about 150 people to vote by electronic methods, 11 of them via email [16]. Although this decision wasn’t directly supported by U.S. law, it showed how electronic voting could support increased inclusivity. So how do we get there?
21.3 Estonia: A case study
As it happens, one state is already there: the Republic of Estonia. It has a mature e-voting system that depends on Estonia’s national digital identity (https://e-estonia.com/solutions/e-identity). Although this is a state-issued identity, not an SSI-based identity, it offers a first look at using the internet to enable open democracy.
In Estonia’s “i-voting,” residents use their Estonian ID card and a computer to cast ballots during an early voting period and can change their votes up to the end of that period. This very accessible system also contains some thoughtful security. As explained in chapter 6, the system uses private keys for authentication and to generate digital signatures, which ensures non-repudiability. Other advantages include privacy and limited mutability. This has all paid off: when Estonia tested e-voting in local elections in 2005, fewer than 1,000 people used the system [17]. On the other hand, in 2019, almost 250,000 people voted via the internet, about 44% of the total voters (https://rk2019.valimised.ee/en/voting-result/voting-result-main.html).
However, there are issues with the Estonian i-voting system. A May 2014 “Independent Report on E-voting in Estonia” [18] raised serious concerns over whether votes or voting results might be changed. There have also been complaints about the limited publication of Estonia’s e-voting code [19]. This dovetails poorly with societal trends, where voters have become increasingly suspicious of the systems used to manage their votes, even for in-person voting [20, 21].
Perhaps more importantly, the Estonian e-voting system hasn’t actually shown an increase in the voting population: the 2011 and 2019 parliamentary elections each had about 63.5% voter turnout, despite a dramatic increase in e-voting in the same timeframe [22]. In the end, we must ask: is it enough simply to mirror in-person voting systems in these more distant scenarios? Or can we do something more? Or, to keep this on the topic of SSI: could we do more if we had a technological system that offered new possibilities?
21.4 The three pillars of voting
Although increased accessibility is a big win for open democracy, looking at voting systems solely through the lens of security and accessibility assesses them based on what they have been, rather than what they could be. If a democracy is truly about empowering the members of a state, then their ability to vote should be empowered, too. This can be done by improving the voter’s agency—something that largely hasn’t been considered in traditional systems.
These three pillars of security, accessibility, and agency can each be divided into more precise principles, which together outline both the needs and the possibilities of a fully open voting system.
21.4.1 A state’s bill of needs
The state’s bill of needs includes the following principles of security:
-
Authenticity —A voter must be able to prove an identity. We know each voter.
-
Accreditation —A voter must be able to prove that they have the right to vote via a means such as a verifiable credential (https://www.w3.org/TR/verifiable-claims-data-model). We recognize each voter’s authorization.
-
Non-repudiability —A voter must not be able to change or disclaim their vote after it’s locked in. We know each vote is unchanged by the voter.
-
Immutability —An attacker must not be able to change any vote. We know each vote is unchanged by attackers.
-
Auditability —A state must be able to recount votes and verify their authenticity, accreditation, non-repudiability, and immutability. We know that the voting results are accurate.
21.4.2 A voter’s bill of rights
The voter’s bill of rights includes these principles of accessibility:
-
Openness —A voter must be able to vote in a time, place, and manner that maximizes their likelihood of voting. I can easily vote.
-
Simplicity —A voter must be able to vote without undue complexities or burdens. I can simply vote.
The voter’s bill of rights also includes the following principles of agency:
-
Privacy —A voter must be able to vote without others knowing how they voted. I can keep my vote private.
-
Assignability —A voter must be able to proxy their vote on certain topics using delegation credentials, creating a delegative democracy [23]. I can lend my vote to others.
-
Mutability —A voter must be able to change their vote up to the point where it is locked in, to support their agency and improve security by offsetting the possibilities of coercion and influence. I can change my mind.
-
Verifiability —A voter must be able to verify that their vote has been accepted and tabulated. I trust my vote was counted.
-
Transparency —A voter must be able to learn how the system works, so that they can verify its accuracy, as well. I trust the outcome of the vote will be accurate.
-
Provability —A voter must be able to selectively disclose how they voted if they choose to, creating proofs that make this disclosure irrefutable. I can choose to make my vote public.
-
Permanence —A voter must not be able to lose their right to vote, unless they do so in a well-understood way outlined by the transparent rules of the system. I will always have my vote.
-
Portability —A voter must be able to use their identity and/or their credentials in a variety of different venues, as designated by their individual rules. I can bring my voting record with me.
21.5 The advantages of SSI
Though Estonia has been the most successful example of improving accessibility of voting without impinging on security, it didn’t do much to increase the agency of its voters. It only meets two of the agency principles: privacy, assuming a voter trusts Estonia, and mutability. The more expansive possibilities for user agency are ignored, and that’s in large part a failure of state-sponsored identities being used as the basis of e-voting systems. Truly empowering people requires that empowerment be built into the digital ecosystem from the beginning, starting with voters owning their own identities.
Enter (at last) SSI. It’s not just a different technology, but also a different way of thinking. It changes identity from a passive system handed down by an all-powerful authority to something that each person individually controls. This makes each person their own agent in the system: they can decide how their identity is used. In other words, they have agency.
CONSIDER Ground-breaking technologies are revolutionary. They don’t just improve the efficiency of traditional tasks, they change how we think about them. Consider, for example, how the internet changed everything from looking up information to making purchases. SSI can be similarly revolutionary.
An e-voting system supporting agency begins with a voter who has personal control of their SSI credentials via their digital wallet (chapter 9) and decentralized identifiers (DIDs—chapter 8). This intrinsically supports three of the rights of agency: a DID can exist forever (permanence), interact with different systems (portability), and sign verifiable credentials (VCs) for delegates (assignability).
Although a state could restrict a person’s ability to vote, it could never delete the DIDs or VCs associated with those votes, so the voter could continue to selectively reveal their votes in the future through consensual provability. Even better, a voter could use various VC-based methods of selective disclosure, including zero-knowledge proofs (ZKPs), to show a consistent voting record across city, regional, country, and even online voting realms.
This user-agency-focused e-voting system would exist as part of an ecosystem built on SSI ideals. The trustless consensus systems at the heart of such an ecosystem would engender more agency: the voting software would need to be transparent, with its code publicly available. This, in turn, would grant a voter verifiability because they could use the well-documented system to ensure that their vote was recorded. Finally, it would improve their privacy because the voter would no longer have to trust a state, just the trustless system.
The power of e-voting systems built on SSI infrastructure will only increase in the future, as those ecosystems become filled with smart contracts and enhanced personal agents. The possibilities of user agency multiply: a voter could use smart contracts to agree to make certain board-room votes based on corporate results, or they could use a personal agent to ensure that they were voting in a way that synchronized with their personal interests. And it all starts when a voting organization recognizes DIDs and verifiable credentials for e-voting.
For decades, we’ve been searching for ways to improve voting accessibility, with postal voting and now e-voting being the first steps along that route. And certainly, e-voting can revolutionize voting, creating a truly open democracy. But even there, we’re not looking at larger possibilities. With SSI, we can change voters from simple inputs to integral members of the democratic process. We can give them agency in a way they’ve never had before and, in doing so, make democracy truly ours, perhaps for the first time.
21.5.1 SSI Scorecard for voting
The SSI Scorecard is color-coded as follows:
For voting, we evaluate that SSI will be the most transformative for user experience and convenience and regulatory compliance, but it will also have clear positive effects on the business-oriented bottom line and business efficiencies (table 21.1).
Table 21.1 SSI Scorecard: voting
References
1. Doubek, James. 2020. “Louisiana Postpones Presidential Primary Over Coronavirus Fears.” NPR. https://www.npr.org/2020/03/13/815464629/louisiana-postpones-presidential-primary-over -coronavirus-fears.
2. Proctor, Kate. 2020. “Local Elections and London Mayoral Race Postponed for a Year.” The Guardian. https://www.theguardian.com/world/2020/mar/13/local-london-mayoral-elections -postponed-year-coronavirus-uk.
3. National Conference of State Legislatures (NCSL). 2020. “Voting Outside the Polling Place: Absentee, All-Mail, and Other Voting at Home Options.” http://www.ncsl.org/research/ elections-and-campaigns/absentee-and-early-voting.aspx.
4. File, Thom. 2018. “Characteristics of Voters in the Presidential Election of 2016.” US Census Bureau. https://www.census.gov/content/dam/Census/library/publications/2018/demo/P20 -582.pdf.
5. Parliament of the United Kingdom. 2000. “Representation of the People Act 2000.” The National Archives. http://www.legislation.gov.uk/ukpga/2000/2/contents.
6. Electoral Commission. 2017. “The Administration of the June 2017 UK General Election.” https://www.electoralcommission.org.uk/sites/default/files/pdf_file/The-administration-of-the -June-2017-UK-general-election.pdf.
7. Richey, Warren. 2017. “Voting by Mail Grows in Popularity—But It is Reliable?” The Christian Science Monitor. https://www.csmonitor.com/USA/Politics/2017/1221/Voting-by-mail-grows-in -popularity-but-is-it-reliable.
8. White, Isobel. 2012. “Postal Voting and Electoral Fraud 2001-09.” House of Commons Library. https://commonslibrary.parliament.uk/research-briefings/sn03667.
9. Blinder, Alan. 2019. “Inside a Fly-by-Night Operation to Harvest Ballots in North Carolina.” New York Times. https://www.nytimes.com/2019/02/20/us/north-carolina-voter-fraud.html.
10. Gardella, Rich and Leigh Ann Caldwell. 2018. “Investigation into N.C. Election Fraud Focused on Unreturned Absentee Ballots.” NBC News. https://www.nbcnews.com/politics/elections/investigation-n-c-election-fraud-focused-unreturned-absentee-ballots-n948241.
11. Zheng, Haizhong, et al. 2017. “Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks.” NDSS Symposium 2018. https://arxiv.org/pdf/1709.06916.pdf.
12. Kailath, Ryan. 2018. “Some Amazon Reviews Are Too Good to Be Believed. They’re Paid For.” All Things Considered. https://www.npr.org/2018/07/30/629800775/some-amazon-reviews -are-too-good-to-be-believed-theyre-paid-for.
13. RT Staff. 2019. “Hello, We’re Making Some Changes.” Rotten Tomatoes. https://editorial .rottentomatoes.com/article/making-some-changes.
14. Robertson, Adi. 2019. “How Movie Sites Are Dealing with Review-Bombing Trolls.” The Verge. https://www.theverge.com/2019/3/7/18254548/film-review-sites-captain-marvel-bombing-chan ges-rotten-tomatoes-letterboxd.
15. Verified Voting Staff. 2019. “Internet Voting Outside the United States.” https://web .archive.org/web/20200803084143/https://www.verifiedvoting.org/resources/internet-voting/internet-voting-outside-the-united-states.
16. Koh, Elizabeth. 2018. “Hurricane-Ravaged Florida County Allowed Some ‘Displaced’ People to Vote by Email.” Tampa Bay Times. https://www.tampabay.com/florida-politics/buzz/2018/11/12/hurricane-ravaged-florida-county-allowed-150-displaced-persons-to-vote-by-email.
17. Mardiste, David. 2007. “Estonia Set for World’s First Internet Election.” Reuters. https://www .reuters.com/article/us-estonia-election-web/estonia-set-for-world-first-internet-election-idUSL 213415120070221.
18. Halderman, J. Alex, et al. 2014. “Independent Report on E-Voting in Estonia.” University of Michigan. https://estoniaevoting.org.
19. Ojasild, Heiki. 2013. “Open Letter on Freedom and Internet Voting to Estonia's National Electoral Committee.” FSFE. https://fsfe.org/news/2013/news-20130730-01.en.html.
20. Tapper, Jake and Avery Miller. 2004. “Conspiracy Theories Abound After Bush Victory.” ABC News. https://abcnews.go.com/WNT/story?id=239735.
21. Addley, Esther. 2014. “Scottish Referendum Vote-rigging Claims Spark Call for Recount.” The Guardian. https://www.theguardian.com/politics/2014/sep/22/scottish-referendum-vote -rigging-claims-recount-petitions.
22. Vabariigi. n.d. “Statistics about Internet Voting in Estonia.” https://web.archive.org/web/20120325012644/http://www.vvk.ee/voting-methods-in-estonia/engindex/statistics.