Every time an election approaches somewhere in Spain, many people wonder why we are still using paper ballots for elections. The next regional and municipal elections in Spain will be held on Sunday, May 28, 2023. They will be held in municipalities such as Madrid, Barcelona, Valencia, Seville, Zaragoza and Malaga; and many people will ask the same questions about the voting system: «Why do we still use paper ballots to vote?","Why do we continue to call citizens to preside over the tables?","Why don't we use electronic or internet voting to vote in elections?«.
We are a medium specialized in technology, and we have written on numerous topics related to this world in a tangential way. The use of technology has not been avoided in government voting. And very surely, such a voting system has been considered. For this reason, we find ourselves in the position of being able to talk about how having an outdated system for government elections in Spain ironically is what makes it safe.
Table of Contents
Electronic voting will never be secure enough for elections
It should be said that we believe that there is the possibility of electronic voting at certain times, such as the elections for a president of a neighborhood community, or what food is ordered at home. But the importance of elections at the government level, where mayors, community presidents and presidents of the government are at stake, electronic voting will hardly be secure enough. Paper voting is reliable enough to continue to be. Any attempt at fraud cannot escalate very much without being discovered and with it being asked to repeat the vote, as has happened in some polls. Added to this are the added security systems of the Spanish electoral system itself.
To carry out votes with such a level of importance as municipal, regional or general elections, electronic voting suffers from many security problems. Ballots that are pre-printed and counted by humans in physical ballot boxes and watched over by representatives of various parties are by far the best form of voting possible. And although it may seem archaic, the paper voting system is more secure than the electronic system is expected to be at its most secure.
The fragility of electronic voting
With electronic voting a single person can attack the electoral system, and scale to the level you want. That person or organization can choose who will or will not be in power, against the decisions of the citizens called to vote. They have the same effort to change a vote as in all elections, and if they were done online, any person or organization could try to do it from home, and possibly someone will get it. And he wouldn't have to set foot in the country.
It is true that we have control systems such as Cl@ve or use the electronic ID. But therein lie basic problems such as not all Spanish citizens have reliable internet access, with which they cannot access Cl@ve. Not long ago news came out that they were going to supply internet speeds that today can be considered adjusted, to the entire rural territory of Spain. There are 7.538.929 people, according to data from the 2020 census, 15,9% of the population, without going into details of how many of them are of legal age and with Spanish nationality.
The second is that not all Spaniards have an electronic ID reader. And both the internet and the reader are not offered for free. But all the Spaniards called to vote do have a place where they are registered, an identification document issued by the Spanish state such as the National Identity Document, a passport or a driving license; and the possibility of going to the ballot box or a post office in person to vote by mail.
Having to vote in ballot boxes constantly monitored by three people chosen at random is the best way to guarantee that nobody is going to tamper with the ballot boxes during the vote. The proxies of different parties and representatives of the public administration, such as the police, monitor that the envelopes or ballot boxes are not manipulated or that campaigns are carried out after the campaign period. The work of handling a ballot box is enormous, and at most, a few hundred votes would be handled. And in the event that manipulation is detected, the voters of the affected ballot box will be called to vote another day.
With electronic voting, once the system has been tampered with, one vote, thousands, or hundreds of thousands can be tampered with. And quite possibly, you would not even know that the system has been violated.
The important anonymity in the elections, impossible in the electronic vote
Here we are going to cite the videos that Tom Scott made on this subject. Its content has not expired since then. There are two crucial parts to an election: anonymity and trust. The anonymity is to guarantee that no vote is conditioned. in many elections null vote can be considered if a ballot is found that can be identified by the president of the polling station.
Let's say that there is an electronic voting system in which each Spaniard has a vote attached to his ID, either by Cl@ve, electronic ID, PIN... Like it or not, an electronic voting system should have a record of who has access to vote, whether they have voted and what vote they have cast so that all votes can be counted as legitimate. In a social network, it is possible to do a survey, because nothing serious happens. But in elections, there is a lot that is at stake and an electronic voting system over the internet is the target of cybercrime. possible crackers, ransomware that hijacks the computer system, or security breaches to acquire the data of tens of millions of Spaniards.
And these problems are the ones that come up related to the privacy of voters. But there is still another: trust in the system.
The physical vote works because it is based on distrust
«Don't even trust your father, it's me"My grandfather used to tell his children. That is the basis of the success of the Spanish voting system. Anyone who tries to dismiss how elections work in Spain is either misguided out of ignorance or spreading misinformation out of malice.
In the elections, there are controllers and proxies of the parties, who must supervise the entire process. From the opening of the polls until the arrival of the minutes and ballots to the electoral board. The basis is that no one trusts anyone, and everyone must agree that the vows have been carried out correctly. For them, they all monitor the voting and ask for copies of the electoral records of each ballot box with the results. It is very similar to Proof of Stake to mine Ethereum and other cryptocurrencies. But there is no one handling a code that could falsify the result from the code itself.
Would you trust software you don't know and on which entire countries depend?
Any software use case for electronic voting will not be reliable enough. What if reading codes, what if counting stored votes... Someone has to make that electronic voting code, however simple it may be. Even if it is done in BASIC, Python, C #, Javascript... The code will be done by a person or organization that will have their interests. Even your audit will be overseen by people who could manipulate the code. And if it does, it's hard for people to understand or trust it, no matter how much you give them the open source.
And even if it is safe by those who have done it, at some point or in some way, malware can be tried to be introduced that goes undetected. The voting machines that many propose would all be the same, so that only a single vulnerability would be needed to affect all the systems.
Then there is the assumption that the development of such a system will be the target of crackers and ransomware. As soon as some communication with state computers is needed, it would not be unreasonable to think that the attack could be carried out by tracking network nodes using malware introduced into a library computer. The development of electronic voting machines would have to be done in a bunker without communication with external networks and with all the people involved being registered so as not to introduce anything from the outside and that the system be deposited in strictly secured booths.
In short, that the participants of numerous parties with the same desire to win and who do not want others to win, and the citizens called to the polls, are the perfect mistrust for everyone to validate results that are easy to count. And if someone else doesn't trust the votes to be counted honestly, any citizen can stay to count the votes if you are at the polling station before they close and agree to watch and not intervene.
Why isn't blockchain technology used for electronic voting?
It is a suggestion that has been given to give electronic voting a new opportunity, especially with the rise of cryptocurrencies. Because not everything related to them is investment, but the technology behind it. In theory, it sounds good, that numerous nodes control the system to make it work and be legitimate.
But back to the software problem: someone has to do it and it has to be audited, and people should be able to understand how it works. But software for electronic voting, regardless of what is done, for millions of people, It will be a black box in which you put who you vote for, and at the end of the day it takes out some data that it claims to be true. We say that it is a black box because only the software has reviewed them and ensures that it is legitimate and has not been tampered with. But it is the word only of the software.
You could generate a copy with logs that could be checked and audited. But this way the anonymity is eliminated, and the same software of logs and registers could be manipulated. Because let's remember, electronic voting transfers the problem of storing votes and counting them to software.
This is how the elections are in Spain, and why it is safe for them to be done on paper
About two or three weeks before the elections, either, a lottery is held in the district or municipal councils to choose at least three people at random with the minimum studies. Many people tend to use the following excuse, to which we are going to dedicate a space:
"Why don't they call the unemployed to the polling station? They need the money"
The reason this is not done is due to the ethical dilemma of expressly summoning the unemployed, job seekers, or people in need. Above all, because it goes against his will and people would be discriminated against for not having a job, or for having it, but not being a job registered with Social Security. If it happens that it is done, would know of this discrimination, and there are many effects behind it. First of all, it would stigmatize the unemployed, and everyone would know that whoever is at the polling station is unemployed and needs money. This is information that can be important and valuable to people who want to take advantage of people in that situation. Then you could manipulate people and focus the campaign on improving the lives of people in that situation in a discriminatory way, which would encourage rigging the ballot box.
Finally, what the members of the polling station receive are 65 euros in subsistence allowances. It's a considerable amount of money for someone in need, but that doesn't eliminate your root problems. It is added that it is not passed on as days quoted in Labor Life or social security. If they were a salary, the 65 euros barely reach the two days of Minimum Interprofessional Wage. In short, it is to let the whole world know that you are unemployed and in need for the money of two days of unpaid work. And they are not helped to get out of their situation of need.
The fact that those summoned are all random people is a way of adding layers of mistrust. It is possible that there are people affiliated with parties, but the probability that someone is willing to tamper with an urn is extremely low. It sounds unfair, but being part of a polling station when called is one of the duties of the citizen to be part of the democratic system.
Technology is used during elections, but electronic voting is not
Throughout the electoral day, the votes are introduced in ballot boxes. The presidents and board members must keep a count of the people summoned who have gone to vote. Regularly, a person in charge of the administration asks for the number of voters at a certain time, and they enter that data that is sent to Indra. The data that Indra handles is provisional data for the media, never the final vows.
When counting the votes, software is used on devices such as smartphones and tablets to verify that the vote count for each ballot box is correct. But the counting of votes is done by the members of the polling station, with possible physical help from the proxies. Everyone can monitor on their own that the data entered is that of the count. Once the result is seen to be valid, the counting of the ballot box is closed. There is a widespread hoax here and it is that Indra counts the votes, when this is not the case. Indra is in charge of providing support software to send provisional data to the media. The final vote count is done several days later.
Once the vote count is closed, each party that has sent proxies will request minutes of each ballot box, which will be taken to the party. With them, each party will be able to verify that the vote count is correct and corresponds to the final results. It also helps them to see which areas have many of their votes, or not, or are zero from people who have made the effort to vote to show their discontent. Once the ballot box vote count is closed on election day, final acts are generated to take to the courts, and give to Correos. Several days later, the ballot boxes and tally sheets are counted in an act of the Electoral Board together with the votes collected from abroad, not the vote by mail, watched over by all the members of the political parties supported by the ballot tally sheets.
Electronic voting will always be much more insecure than paper voting, so it is better not to use it in elections in Spain.
No matter what idea you want to give to put electronic voting, it is almost impossible for an electronic voting system to be more secure than paper votingAny idea of electronic voting could be reduced to "a black box into which data is entered and results come out". And as long as it is, it will be insecure. It doesn't take a genius to know that the software can be manipulated even from its development: Dilbert's animated series in the year 2000 already satirized the possibility of manipulating the intention of votes through electronic voting software. Fraud through electronic voting software It's not a new concern, not even.
We understand that the voting system in Spain is almost antiquated. It is a nuisance for people to spend a few hours on a Sunday going to vote when there is no idea of voting online. We know that being summoned to the polling station is most inconvenient and is "a brown» for thousands of people. But this guarantees that several people will be watching almost a thousand votes and counting them while being watched by other people hoping that other people will lose.
Indeed, the vote on paper it is almost the Proof of Stake of a blockchain. And very surely, or accidentally; the Proof of Stake has been based on the fact that everyone is suspicious and risk their position and benefits for the transaction to be correct. Being in this case the minutes and the vote count in exchange for having seats. But anyone can understand how the system works and see its reliability, without having to understand software code or blockchains.
