E-Voting Device 'Ready For 2020'

Future general elections could be decided by voters casting their ballots online using a pocket-sized device, according to university researchers.

A team from the University of Birmingham is developing a secure technique which they claim could be ready to use by the 2020 or 2025 general elections.

They have written a paper looking at the use of a credit card-sized device, like those issued to many online banking customers, in conjunction with a voter's computer.

Professor Mark Ryan, who led the research team, said: "It is called Du-Vote, and we have been developing it over the past two years.

"From the voter's perspective, it's straightforward: you receive a code on the device and type it back into the computer.''

By having a separate piece of hardware, researchers believe it goes a long way to answering concerns over the security and privacy of online or e-voting.

Prof Ryan added: ``The main advantage of this system is that it splits the security between the independent security device and a voter's computer or mobile device.

"A computer is a hugely powerful, all-purpose machine running billions of lines of code that no one really understands, whereas the independent security device has a much, much smaller code base and is not susceptible to viruses.''

The university believes the technique it is developing has "even greater security than those used by banks'', because it can detect electoral fraud even if the device's own infrastructure has been built or compromised by a malicious adversary, such as a foreign government, criminal gangs, or fraudsters.

It can also tackle the problem of computer malware, which infects an estimated 20-40% of all PC hard drives globally, according to the system's developers.

Gurchetan Grewal, one of the team's researchers who recently completed a PhD in online voting at Birmingham, said: "This is currently the only piece of work that addresses a core problem of e-voting - namely, that someone may have viruses or other malware on their computer.

"For example, the system in Estonia, where they have already introduced online voting, does not deal with this potentially undetectable source of vote manipulation or breach of voter privacy.''

The university research team's findings will be included in a paper, entitled Du-Vote: Remote Electronic Voting With Untrusted Computers, being presented at the IEEE Computer Security Foundations Symposium in Italy in July.