“There are some exciting conflicts surrounding this topic,” explains the researcher. “Firstly, the right to vote must be upheld. This means that only votes cast by people who are entitled to vote may be counted. Secondly, the secrecy of the ballot must be guaranteed: Nobody must know which party I voted for.” Ensuring both at the same time is not in the nature of the internet. “It wasn’t designed with privacy in mind, but to connect people. Anonymity was built in afterwards,” says Karola Marky. “To make an internet choice secure, you have to use the whole toolbox of cryptography and privacy technology.”

Combining the advantages of the Internet and paper

A well-implemented online election offers a number of advantages: For example, you can vote from home, it requires less paper and fewer polling staff, and counting is quicker. One advantage of a paper ballot, on the other hand, is archiving. Ballot papers, protocols and accompanying documents are archived and are difficult to forge at a later date. This also allows for a recount if necessary.

Can the best of both worlds be combined? “We wanted to know whether trust in paper documentation could be integrated into an online election,” says Karola Marky. The Bochum-based group therefore came up with a hybrid voting procedure: The person entitled to vote fills in their ballot paper online from home. When they reach the voting point, they are redirected to a live video. Here they can watch as a printer prints out the vote they have just cast. Not in plain text, of course. What comes out of the printer is a QR code that contains an encryption of the chosen party, as well as a numerical code that represents a kind of tracking ID that only the person voting knows.

“When I watch the livestream, I can only see that a vote has been cast, but not for which party or who has just voted,” explains Karola Marky. In this way, the livestream could be made publicly accessible and allow maximum transparency, while at the same time preserving the secrecy of the vote.

Counting via QR code

In simple terms, the count would be as follows: Polling staff would separate the QR code from the tracking ID. The QR codes would be scanned and the votes counted, while the IDs would be collected separately. In this way, both the information on how many people took part in the election and the number of votes for the various parties would be archived in paper form.

Different methods in comparison

In a study, the researchers from Bochum asked 150 people to take part in a simulated online election. 50 of them cast their vote and at the end of the process only saw a confirmation page that their vote had been counted. Another 50 were redirected to a livestream and were able to follow the printing of the QR code of their vote. The last 50 also saw a livestream, but with a 3D printing process that 3D printed the same information as the QR code described above. The participants then rated, for example, how trustworthy, how secure and how easy to use they found the process.

Participants felt that the system with live printout of the QR code was significantly more trustworthy than the standard system without livestream. In contrast, they rated the procedure without the livestream as marginally easier to use. “Because that reflects the familiar process,” suspects Karola Marky. “Basically, we see in our studies that around 60 to 80 percent of participants want to vote online, regardless of what the voting program looks like. Because we don’t have this in Germany, our test subjects are generally not aware of any alternatives.”

Karola Marky emphasizes that there are still a few challenges to overcome for the system she and her team have devised: Where would the QR codes be printed? What happens if the power goes out? How will problems be reported? “This system is still far too immature, and it will probably never be used in exactly the same way in a major election,” says the computer scientist. “We wanted to find out whether our trust in paper can be integrated into an online election and how people would react to such a hybrid system.”

Insight into the server ballot box

Another important step is end-to-end verifiability. “Anyone who casts their vote must be able to check whether it has arrived in the server ballot box with the correct content,” says Karola Marky. In Estonia, for example, this is guaranteed. Here you receive a QR code after voting, which you can scan with a second device, such as a smartphone, to check that your vote corresponds to the party you voted for. “However, only around four percent of Estonians have used this option in the past,” says Marky. “That’s relatively low.”

The Bochum team is therefore working on a mathematical method that would allow not only individuals but also organizations to check whether encrypted votes on the election servers have the correct content – without violating the secrecy of the ballot. “With our method, anyone could check for me whether I really voted for party XY without knowing that I voted for party XY – that’s the magic of the cryptographic methods we have today,” says Marky.

The researcher does not know whether any of these processes will one day be used in Germany. In her opinion, there first needs to be more awareness in politics of the importance of security in software development. “Even though I am passionate about researching this fascinating topic, I am not currently in favor of voting online in political elections in Germany,” says Karola Marky.