Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Disclaimer: The Parliamentary Library does not warrant or accept liability for the accuracy or usefulness of the transcripts. These are copied directly from the broadcaster's website.
Encrypted elecronic voting -

View in ParlViewView other Segments

Elections in some parts of the world produce curious results. So how to have secure electronic
voting? James Heather has produced a secure ballot form which allows a machine to read a ballot,
which is marked in the normal way with a pencil, but which cannot be read by others.

Show Transcript |

Hide Transcript


Robyn Williams:He mentioned democracy just now, and I wonder how many still take it seriously these
days. Anyway, there were two by-elections last weekend, one with a gigantic voting paper containing
20-odd candidates. We have an election in South Australia coming up in March and a federal election
next year some time, all of which makes one ask is there a better way of doing it using the new
technology, and one which minimises corruption, as seen in too many places these days. Here's James

James Heather: On a personal level I've had a growing awareness of that through reports in the
media or of elections in Iran, Russia, Zimbabwe, all kinds of things where you see fairly obvious
fraud and it makes you wonder how often there's unobvious fraud as well. At the very basic level
somebody might pay you to vote in a particular way. So if I can vote and then I can prove
afterwards to you how I voted, you might well offer me some money or you might threaten to break my
kneecaps if I don't vote in a particular way. So yes, coercion and vote selling, it's hard to know
how much it happens in practice, but you only have to look at Zimbabwe to know that it happens.

Robyn Williams: Afghanistan has been quite interesting as well. I'm looking at your ballot, and it
looks fairly normal but on the left you're kind of ticking a box and you're actually voting for
something, on the right you've got the Xs where you actually put something in but you've also got a
kind of barcode.

James Heather: We're happy to call it a barcode. What that does is to encode an encrypted version
of the candidate names down the left-hand side. So you'll see that they are in a random order,
they're not in the same order on two ballot papers, and what's in the barcode is an encrypted
version of the ordering of the candidate names. So the system as a whole can recover that ordering
and find out how you voted, but no individual component of the system can.

Robyn Williams: Okay, so let's take it stage by stage. You take this sheet, which is almost like
the sort of thing you get in Australia where you're voting for a candidate. You can see on the
left-hand side what you're supposed to be voting for, and on the right-hand side you put your X,
then you tear it apart. Go on, tear it apart for me.

James Heather: Okay, so I'm going to tear the ballot form down the middle, and detach the candidate
list from the right-hand side where I've put my X, and because the candidate list was in a random
order, you can now see that I put my X in the second position but you don't know who that was a
vote for. It's only with both halves of the ballot paper where you can see the candidate order and
you can see the X that you can see who I voted for.

Robyn Williams: So you chuck the left-hand one away?

James Heather: Yes, shred it so that it will never be read again, and the right-hand one knows what
the kind of mix should be so that you get the right person voted for, otherwise the whole thing is

James Heather: That's absolutely right, yes. So the system as a whole can understand the right-hand
side and can recover the candidate list, but no individual part of the system can. So if we were
running this in a general election we would have one machine in each of the major party
headquarters and then one in the United Nations, something like that, so that in order for the
system as a whole to decrypt your vote and find out who you voted for, all of them would need to

Robyn Williams: So all of these big headquarters machines would have to have the same result, they
would have to tally, otherwise they'd know that something was going wrong.

James Heather: They are all cooperating on one single tally, so they all need to work together to
decrypt your vote bit by bit and recover what the vote was, and in the process of doing that your
vote gets mixed up with everybody else's vote. So in the end your vote will pop out in a decrypted
form, but by that point nobody will know that it was your vote.

Robyn Williams: In the meantime, let's say you or your granny...she, like me, is very confused, but
she has got the right-hand side with the barcode on it and she simply does...what? She sticks it in
a slot?

James Heather: That's right, yes. I use my granny quite a lot when I'm talking about electronic
voting. She is my mark of how accessible and how useable a system needs to be in order to be
accessible to the general public. So yes, she votes in exactly the same way that she used to. The
only difference is that she has to tear down the centre and then rather than putting it in a box
she's putting it into a scanner. She feeds the right-hand half into a scanner.

Robyn Williams: Okay, so as a voter it's a straightforward thing, and presumably you get the
results rather more quickly, almost instantaneously, is that right?

James Heather: Yes, so it will depend on how much you invest in the hardware to do the cryptography
because you do need to do some communication and cooperation between those machines to do the
adding up of the votes, but yes, it is much quicker. We're hoping that in a few years time this
will see production. By then computers will be even faster and we're hoping that this will be a
fairly trivial process of doing the adding up. It's not instantaneous because you do have to make
sure that all of the machines are cooperating together to do the decryption. If it was easy to do
then one machine could do it very quickly and you'd lose the protection of having to distribute
that trust around lots of machines.

Robyn Williams: Why is this not called 'electronic voting'?

James Heather: This is electronic voting but this is not voting by internet, and lots of people
when they use the term 'electronic voting' what they mean is 'I want to sit in my pyjamas at my
computer in my bedroom and vote', and that is something that we are not keen to encourage because
there's no protection against coercion, there's no protection again vote selling. There's no
guarantee when a vote comes in over the internet from an unsupervised location that somebody wasn't
standing behind the voter with a baseball bat insisting on them voting in a particular way. So our
effort is concentrated on supervised voting in a polling station, electronic but in a polling
station in a supervised environment.

We do understand that there is a need for postal voting, some people will be abroad, some people
will be unable to leave the house, so that is something that we can cover, but you can't ever in
any system have the same security guarantees for that remote voting as you can for supervised
voting because the coercion problem just can't be solved unless you're voting in a supervised

Robyn Williams: And of course the internet is intrinsically open to abuse, it's not secure.

James Heather: We hope that is not too much of a problem because the encryption of the data flow as
it passes down the wires is what protects you against that. So when you vote in the polling station
it will then go over the internet to the central database of votes, and it's the fact that it's
encrypted in transit that will protect against that kind of hacking. The problem when you're at
home is more the fact that you're in an unsupervised location.

Robyn Williams: When will your system be applied, do you think, what stage is it at?

James Heather: We're at the start of a four-year project. We have a prototype that's up and
running, and over the next four years we're planning to improve the theory, improve the
implementation, and construct some formal proofs that this thing is as secure as we're claiming. So
we're hoping that by the end of the project in four years time we'll have something where we can
say this is ready to roll. We're hoping that at that point we'll be able to approach governmental
organisations and say we're ready to do a trial in a constituency election.

Robyn Williams: James Heather is a lecturer in computer science at the University of Surry,
cleaning up voting.


James Heather

Lecturer in Computer Science University of Surrey Surrey UK


Robyn Williams


David Fisher