Podcast 🎧 & blog: Securing the Vote: Building Trust in Election Results
“2024 is the biggest election year in human history. Half of the world’s population – some 3.7 billion people – have the opportunity to vote this year across 72 countries.” So notes Merle Maigre, Head of Cybersecurity at e-Governance Academy, on host duties for this podcast episode on securing elections or building trust in election results.“Voting is at the very heart of democracy, making it vital that we safeguard the integrity of elections.” October, being Cybersecurity Awareness Month, provides the perfect backdrop to discuss these issues. Maigre is joined in the conversation by Priit Vinkel, Senior Expert at e-Governance Academy and former head of the State Electoral Office, and Tõnu Tammer, former head of Estonia’s CERT and Associated Expert of e-Governance Academy. Elections are no longer solely about paper ballots and polling stations with sliding curtains. So what to look out for to safeguard them in the digital era and build trust in election results?
Technology both enables and threatens election security
One of the key challenges in election security today is the misconception that elections remain largely paper-based. “The truth is that almost all elections now involve some kind of technological element,” Vinkel explains. This isn’t limited to electronic voting systems but extends across various phases of the election process – voter registration, candidate management, all the way to the actual tallying and reporting of results. “Even if voting takes place using paper ballots, the counting process is often digital,” he adds. It all highlights the reliance on technology even in systems perceived to be traditional.
However, this introduces risks. The evolving threats that modern election systems face, particularly disinformation campaigns and cyberattacks, target not just the systems themselves but also the minds of voters. “Disinformation is no longer a future threat; it is today’s reality,” Vinkel says, pointing to examples where election results have been called into question due to false narratives circulated online. “These hybrid attacks can severely undermine trust in the process, even when the technology itself remains uncompromised.”
A proactive cybersecurity approach to elections
Given the risks, securing the technological infrastructure supporting elections is paramount. For example, one of the most common forms of threat is the Distributed Denial of Service (DDoS) attack, where servers are overwhelmed with traffic in an attempt to disrupt services. “We’ve seen many instances where election-related websites, such as those for result publication or voter information, have been targeted,” Tammer explains. The solution lies in robust cybersecurity measures that anticipate and avert such attacks.
However, cybersecurity has to be about more than just responding to attacks. It requires thorough preparation long before election day. “Elections cannot be postponed,” Vinkel notes. “If new technology is introduced, it needs to be tested, verified, and secured well ahead of time.” This preparation involves cybersecurity testing, like penetration tests. But also ensure that everyone involved, from central election authorities to local polling station workers, is properly trained. The importance of human capital can’t be overstated. “Technology is only as strong as the people who use it,” Vinkel remarks. There’s a need for ongoing education and capacity building to ensure election systems are used securely.
Collaboration truly is key – all actors involved
Another critical factor in securing elections is cooperation between various stakeholders. No single entity can bear the responsibility for election security alone. “The central election commission is responsible for organizing the elections, but they must work closely with other agencies,” Tammer says. This includes entities like national CERTs (Computer Emergency Response Teams) that monitor cyber threats, as well as law enforcement agencies tasked with maintaining order. “There’s a need for collaboration across the board – everyone has their part to play.”
International collaboration is also vital, particularly when it comes to protecting against highly sophisticated cyberattacks that might involve state-sponsored actors. “Small countries, in particular, cannot develop all the necessary technologies on their own,” Tammer warns. Working with international partners, such as technology providers or cybersecurity organizations, can provide critical tools and expertise that would otherwise be inaccessible. “Some big tech companies, for instance, offer programs to help safeguard elections on a pro bono basis as part of their corporate responsibility,” and that’s just one case.
As Priit Vinkel says, sharing best practices internationally is another essential aspect of improving election security. “Countries need to learn from each other.” Estonia, for example, has long been a leader in digital governance and has developed a task force model that brings together expertise from various sectors to the electoral process. “By pooling resources and sharing knowledge, we can ensure that elections are conducted securely and transparently.”
It is all about building and maintaining trust
We are not forgetting, of course, that ensuring a trustworthy election process requires more than just strong cybersecurity defenses. Transparency, especially in how election results are communicated, is key to building trust. “Even when elections are secure, poor communication of results can lead to mistrust,” Vinkel points out. Election results must be conveyed clearly and accurately to avoid speculation or doubts about their legitimacy.
Tõnu Tammer agrees to join in on this. “Transparency doesn’t just mean making sure the results are visible. It also means being clear about how those results were obtained and the safeguards in place to protect them,” he explains. Open channels of communication between election authorities, the public, and the media must be in place. And ensuring that observers, both national and international, have access to the election process. “Technology can enhance transparency, but it must be accompanied by public communication efforts.”
As the challenge of securing elections grows more complex, both Vinkel and Tammer believe that a multi-faceted approach is necessary. One that combines strong cybersecurity practices with capacity building, national and international cooperation, and transparent communication.
“Election security is not just about preventing attacks. It’s about safeguarding democracy itself,” Vinkel fittingly concludes. “We have the tools to make elections both secure and trusted. It’s up to us to use them wisely and ensure that the democratic process remains resilient against the threats of the future,” Tammer outlines as we sign out.
The talk was recorded within the Western Balkan Rapid Assistance 2.0 project supported by the European Union.