Online voting continues to be a very bad idea in 2025 and beyond

I have long been vocal in my opposition to online voting since 2013, when the spectre was first raised by our local government agency, LGNZ, in 2013. See here, here, here, and here. I think it's a very bad idea for democracy and engagement.

I've been on record saying that there are only three categories of people who like online voting:

1. those who hate popular democracy (e.g. Atlas Network affiliates, fascists),
2. those who don't understand the democratic process and the secret ballot, and
3. those with an online voting system to sell.

My main arguments against online voting are:

1. Online voting doesn't fix the problems people hope it will

Online voting won't address any of the problems it's being touted as addressing (e.g. low turnout, engaging young voters, reducing costs) based on actual stats from where it's been used around the world. Only valid use case argument is for younger folk with disabilities. But telephone voting is equally good for them (and for older, typically less tech-savvy disabled voters). It will certainly only increase costs for at least a generation (until the older gen who don't have home or smart-phone connectivity no longer require hand-marked paper ballot voting). Unscrupulous online voting system vendors have pushed their online voting systems on to desperate (but deeply under-informed) fans for democracy in positions of influence in governments. But it's just a tantalising mirage. Here's an excellent explanation of this from the Aotearoa New Zealand perspective.

2. Online voting will add cost, not lower it

Unless government is willing to mandate that everyone has a computing device - I can imagine having to enforce that at retirement communities and nursing homes around the motu - if online voting is ever adopted, it will have to run alongside current forms of voting like paper ballots at polling stations and postal voting (note: I'm not advocating for postal voting either). As such it will only add cost and complexity to elections, not reduce costs.

3. Securing a 'secret ballot' is nearly impossible

Ensuring a secret ballot (core to our local & national democratic process) - is directly opposed to the other security/mapping vote-to-voter requirements, making the process very non-trivial. Most people who assert "well, I bank on my phone, why can't I vote with it?!" don't understand this requirement at all. Yes, there are some cryptographically intensive ways this could be done, if it's correctly implemented... but if that's the approach taken, the number of people in the world capable of debugging it will be vanishingly small (and probably easily co-opted by vested interests). If you want to improve your understanding of why we vote the way we do (and why online voting shouldn't even be considered), this is a very useful explanation.

4. Good developers won't touch it

Nearly every online voting implementation currently deployed in the world (including the local Electionz.com one) is abysmal in terms of implementation quality. Basically it comes down to this: competent developers won't touch this problem because they know it won't go well. All current implementations in use have been written by incompetent developers. Here's an excellent talk on the topic (from Kawaiicon in 2019 -"Internet Voting - From bad idea to poor execution") this includes the often proffered example of Estonia, the gung-ho 'Internet-everything' country in eastern Europe, near Russia. Aside from the fact that it hasn't improved voter participation there at all (beyond a minor blip the first time when it was a novelty). Mostly, it changed how existing voters voted, not who voted.

The security concerns about their system are many and well documented by independent auditors, e.g. https://estoniaevoting.org/ and https://mi.engin.umich.edu/stories/researchers-identify-security-risks-i... among others.

5. Inscrutineerable

If, by some weird coincidence, someone did write a technically credible, secure online secret ballot voting system, only a vanishingly small number of tech experts would be able to credibly scrutineer the vote. Almost no tech experts have a sufficient understanding of all the relevant, inherently complex issues like cryptography, identity management, and even basic internet mechanics necessary to identify valid or fraudulent behaviour. At most, there're a handful globally.

That means laypeople cannot scrutineer, which makes gaming elections a much much easier proposition (there's a fairly tiny group of people to buy-off or intimidate). On that basis, the German courts - where there's a bit of historic appreciation of democracy stolen - ruled online voting unconstitutional and rightly so.

6. Derailed on a whim, for tens of dollars

In addition to the known failure modes of traditional 'hand-marked paper ballots in a scrutineered public voting place' (my strong preference for democratic best-practice), online voting creates many new security vulnerabilities that don't exist at all in my preferred voting approach. For example, there're issues like voter stand-over tactics by people in the household and vote-selling (for the record, I'm quite strongly against postal voting, too, as it has the same vulnerabilities) but also network disruptions, like distributed denial of service attacks, which can be launched for tens of dollars from public cloud infrastructure anywhere in the world, effectively untraceable, as well as things like client security breaches (e.g. security compromises of many people's personal computers or mobile devices they might use to vote which could easily and invisibly alter the vote that people think they're casting - most people's devices are already compromised), plus there're a huge number of vulnerabilities at the server side of the voting system which assume that those running the election (or their outsourced private vendors) are at the top of their security game.

It's a few years old now, but nothing's changed to render this excellent explainer video invalid.

7. When trust is gone, it's gone

Given the general ineptitude of government and their lowest-bidding vendors in securing even low-sensitivity online services (I could post a litany of links to such failures just here in NZ in the last year, but that'll have to wait until I have more time), I would not rate their chances of getting something that only happens every few years, and crucially for which you cannot stage a useful practice, because the threats will know that too (they'll study the test, identify vulnerabilities, and sit on them or sell them for the time that the vote is run 'for real'). And, entirely unlike other sorts of online services, there's no 'iterative process' towards success: if the vote, one the rare occasion you run one, goes wrong... the voters' trust will be lost. And once its gone, you can't get it back.

8. The problem is scale

It's also crucial that people understand how these online threat scale compared to physical threats, like, say, taking postal ballots out of mail boxes on a street, or stealing a box of ballots from a polling station after it closes. The physical threats require people to go places, and to expose themselves to witnesses, and likely leave some evidence. Online threats can scale massively, don't require anyone local (or even in the country!) and can be entirely undetectable. Imagine an online voting server in which a bad actor could surreptitiously flip every 10000th (with some randomised variability) vote to the desired candidate or similar. In our traditionally very close elections, that might well be enough to change the election's outcome in a way that would be undetectable. The mere lack of transparency in the process from the layperson's perspective is enough to render the entire voting process 'dodgy' to many people... and they'd be quite right, in my opinion.

And finally, here is a comprehensive report by Julienne Molineaux for The (sadly now defunded) Policy Observatory, Auckland University of Technology. She covers many of the points I make above in far more detail, with far more references. Read it.