There are around 60 million eligible voters in Germany. Around 47 percent of them used postal vote in the 2021 Bundestag elections – which creates a lot of additional work.

Computer Engineering Electronic Ballot That You Feel You Can Trust

Is it possible to benefit from the convenience of online voting and the security of a paper ballot in one comprehensive package? IT security researchers explored this question.

Voting invitations, postal ballots, paper ballots: A German Bundestag election consumes tons of paper. So much that in November 2024 debates erupted in Germany about how quickly an early general election could be organized after the collapse of the current coalition government. Debates such as these are not part of the public discourse in some other countries. In Estonia, for example, online voting was introduced in 2005. “Online elections can only be held if people trust the technology infrastructure,” points out Professor Karola Marky. As head of the Digital Sovereignty Lab at Ruhr University Bochum, Germany, and member of the CASA Cluster of Excellence, which researches cyber security in the age of large-scale adversaries, she’s been exploring the many aspects of online elections for over ten years.

“There are some challenging ‘conflicts’ surrounding this issue,” explains the researcher. “Of course, we have to follow the electoral laws and jurisdictions. This means that only votes by eligible voters must be counted. On the other hand, the secrecy of the ballot has to be ensured: Nobody is allowed to know which party I voted for.” It is not in the nature of the internet to ensure both at the same time. “The internet wasn’t designed with privacy in mind, but to connect people. Anonymity tools were built in later on,” says Karola Marky. “To make an online election secure, we have to use the whole toolbox of cryptography and privacy enhancing technologies.”

Combining the advantages of online and paper ballots

A successfully implemented online voting system offers a number of advantages, such as: People can vote from home, it requires less paper and fewer polling staff, votes can be tallied more quickly. By contrast, one advantage of paper ballots is archiving. Paper ballots, protocols and any relevant documents are archived and are difficult to forge at a later date. This also allows for a recount if necessary.

A conventional election consumes tons of paper.

Can we combine the best of both worlds? “We asked ourselves whether the trust we place in analogue documentation could be transferred to an online election,” says Karola Marky. The Bochum-based group therefore came up with a hybrid voting system: The eligible voters mark their ballots online from home. When it is their turn to cast a vote, they are redirected to a livestream, where they can watch as a printer prints out the vote they have just cast. Not in plain text, of course. The printer produces a QR code that contains an encryption code for the party they voted for, as well as a numerical code that represents a tracking ID known only to the voter.

“When I watch the livestream, all I can see is that a vote has been cast, but not for which party or by whom,” explains Karola Marky. This would mean that the livestream could be made publicly viewable and enable maximum transparency, while at the same time preserving the secrecy of the ballot.

Counting votes by QR code

In simple terms, this is how counting works: Polling staff would detach the QR code from the tracking ID. The QR codes would be scanned and the votes tallied, while the IDs would be collected separately. This means that both the information on how many people took part in the election and the number of votes for the individual parties would be archived in paper form.

Different methods put to the test

In one study, the Bochum researchers asked 150 people to take part in a simulated online election. Of these, 50 only got to see a confirmation page that their vote had been counted after casting their vote. Another 50 were redirected to a livestream and watched as the QR code of their vote was printed. The remaining 50 also saw a livestream, but this time featuring a 3D printing process that 3D printed the same information as the QR code described above. The participants then rated, for example, how trustworthy, how secure and how easy to use they found the process.

Participants felt that the system with live printout of the QR code was significantly more trustworthy than the standard system without a livestream. In contrast, they rated the option without the livestream as marginally easier to use. “This is because it mirrors a process they are used to,” speculates Karola Marky. “Basically, we see in our studies that around 60 to 80 percent of participants would like to vote online, regardless of what exactly the voting system looks like. Since we don’t have this in Germany, our test subjects are generally not aware of any alternatives.”

“I started researching online voting even before I completed my Master’s degree,” says Karola Marky. “This topic inspired me to do a doctorate.”

Karola Marky points out that the system she and her team have proposed still has a few challenges to overcome: Where would the QR codes be printed? What happens if there’s a power cut? How will any issues be reported? “Our system is still way too underdeveloped, and it will probably never be used in exactly the same way in a major election,” says the computer scientist. “We wanted to see whether our trust in paper could be integrated into an online election and how people would react to such a hybrid system.”

A glimpse into the server ballot box

Another crucial aspect is end-to-end verifiability. “Anyone who casts their vote must be able to check whether it’s reached the server ballot box with the correct content,” says Karola Marky. In Estonia, for example, this is guaranteed. Here, people receive a QR code after casting their vote, which they can scan with a second device, such as a smartphone, to check that their ballot reflects the party they voted for. “However, only around four percent of Estonians have used this option in the past,” says Marky. “That’s a relatively low number.”

The Bochum-based team is therefore working on a mathematical method that would allow not only individuals but also organizations to check whether encrypted votes on the election servers have the correct content – without violating the secrecy of the ballot. “Our method would allow anyone to check for me whether I really did cast my vote for party XY without knowing that I voted for party XY – that’s the magic of the cryptographic methods we have today,” stresses Marky.

I’m not currently in favor of voting online in political elections in Germany.

— Karola Marky

The researcher is not sure whether any of these methods will one day be implemented in Germany. In her opinion, what is needed first is a greater awareness among politicians of the importance of security in software development. “Even though I am passionate about researching this fascinating topic, I’m not currently in favor of voting online in political elections in Germany,” concludes Karola Marky.

“We shouldn't be afraid of open source software in Germany,” says Karola Marky. The computer scientist explains her opinion in a viewpoint article.

Download high-resolution images

The selected images are downloaded as a ZIP file. The captions and image credits are available in the HTML file after unzipping.

Conditions of use

The images are free to use for members of the press, provided the relevant copyright notice is included. The images may be used solely for press coverage of Ruhr-Universität Bochum that relates solely to the contents of the article that includes the link for the image download. By downloading the images, you receive a simple right of use for one-time reporting. Saving the images for other purposes or further processing of the images that goes beyond adapting them to the respective layout requires an extended right of use. Should you therefore wish to use the photos in any other way, please contact redaktion@ruhr-uni-bochum.de

I accept the conditions of use.