Facial Recognition and Elections – Are We Ready For It?

Priit Vinkel

Researcher

Estonia has employed internet voting (i.e., remote voting in an online environment) for more than 16 years, since 2005. It has complemented the voting process in 12 elections and is used in parallel to traditional paper-based voting in polling stations. In the latest elections, more than 45% of all votes are cast using this online solution, the rest in polling stations. Voters are identified based on universal state-issued eID documents which are also used for all other governmental e-services.

Because of the uncontrolled nature of the voting environment (which is identical to the situation voters are in when using postal voting in other countries), the state is unable to fully guarantee a coercion-free surrounding for the procedure. Therefore, all voters have the right to vote multiple times electronically. This allows people to move to another computer or setting where they are not influenced, meaning the electronic vote that counts is the last vote cast. It is also possible to cast a paper ballot in a polling station that overturns any possible electronic votes.

However, this very nature of voting in an environment not under the immediate control of the election organiser or the state curbs the discussion whether additional measures and identity verification is needed to fully be confident of the voter’s identity during the voting procedure (currently single eID based identification is used in all public e-services). Therefore, to assess the current situation and contemporary possibilities, the Information System Authority ordered a technical report on the applicability of biometric solutions (face recognition) to complement the identification process in remote electronic voting in Estonia.

Using biometric recognition in elections – are we there yet?

Biometric (facial) remote identification is technically a viable alternative in the online environment to perform distant recognition, especially in situations where there are no alternatives (namely secure state-guaranteed remote eID solutions). Facial recognition as a tool in identity verification procedures is actively offered by numerous companies and the field is progressing rapidly. In Estonia, similarly, identity verification by facial recognition has been used as a complementary feature to eIDs for example in electronic notary procedures and for academic examinations.

Therefore, a valid question arises: could remote facial verification also be used to accompany the remote voting process?

The report identified several issues and unresolved questions from the technical side:
• In the Estonian voting protocol, the voter is verified at the start and while signing the vote to be cast. The voting process is not a short operation and could take several minutes which would make perpetual identification of the voter unfeasible.
• One could consider following the voter during the voting process by video-feed which unfortunately raises more issues than it solves (need for a practically inoperable infrastructure or copious amount of personnel on the state-side, universal high-to-ultra-speed internet connections at home, not to mention the potential infringement on the voters’ privacy in the process)
• The rate of unsuccessful or false positive/negative facial recognition cases could be significant (with up to 3% of false-positive cases, depending on the low-quality of used equipment or lighting situation at home)
• Complications with equal access to or proficiency in using the needed (high quality) technical equipment could pose an infringement to the fundamental principle of universality of elections

What about privacy?

In addition to the technical aspects, the legal implications were analysed in the report. The legal discourse calls for an analysis of possible infringement of the rights of the voter. Would the benefits from the addition of such an identification method outweigh the risks and recognised problems? Unfortunately, today it is not yet the case.

Issues with potential infringement of voters’ privacy (risk of leaking of delicate personal data during the visual verification), inability to fully guarantee universality of the process (especially due to the potential rate of false positive or negative results), and increasing technical and procedural complexity (which amounts to potential added vulnerabilities) make it difficult to accept the disproportional risks.

In addition, using facial recognition in public e-services is not regulated in detail in the Estonian legal framework (or in the EU), the prevalent use-cases of such technological features have been very limited (e.g., border crossing, criminal procedure, or issuance of personal documents). Therefore, widespread use of such a method (more than 250 000 voters used internet Voting last time) needs thorough testing and piloting. Elections are by far one of the worst test grounds for any unrefined technology.

Therefore, yes, the technology could already bring us quite far but using this technology in the electoral context and remote voting setting would still pose serious challenges and disproportional risks.