E-voting review: 3 design takeaways for developers

Technology has influenced virtually every aspect of our lives — and voting is no exception. From scanning ballots to processing data, electronic voting (e-voting) encompasses the many ways that computing technologies support different stages in the voting process.

E-voting systems come in various shapes and sizes. Despite their variety, they all share one truth: The stakes are undoubtedly high, as a single design flaw can compromise a process that determines the direction of a democracy. Therefore voting systems require excruciatingly careful attention to design. 

Among other requirements, e-voting systems must be available, secure, and scalable. They make excellent system design case studies.

Today, I'll share 3 takeaways that any developer can learn from the state of electronic online voting — and how you can build the skills required to shape the future of e-voting.

1. With simplification comes complication#

There are many ways in which e-voting has transformed the entire process of voting as it had been done for hundreds of years. 

In the US, we see the use of technologies such as Direct Recording Electronic (DRE) voting machines and optical scanners. DRE voting systems allow users to input entries directly into computer memory through interfaces such as touchscreens, pushbuttons, or dials. Even more widely used are optical scanners, which scan ballots and record selections based on their detection of filled-in ovals, arrows, and so forth. 

The map below depicts how the majority of US counties moved from relying on hand-counted ballots to technologies. Over the course of 32 years — from 1988 to 2020 — the number of counties using optical scanners and DREs grew from 9% to 97%.¹

As technology advances and becomes more accessible, we may see a global trend shifting us more toward electronic voting and even remote e-voting (i.e. internet voting or i-voting).

Perhaps the most famous i-voting success story is that of Estonia. In 2005, Estonia became the first country to offer online voting for nationwide elections. Online voting in Estonia has only increased by each election, with more than 50% of votes cast online in their 2023 parliamentary elections.² The digital society of Estonia estimates that i-voting has saved 11,000 working days of time for each election year.³

The figure below depicts the general architecture and main components of Estonia's i-voting system. On the front-end are the Voter Application and Vote Forwarding Server, while the Vote Storing Server and Vote Counting Application are on the back-end.⁴

Here's a high-level summary of the process:

• Voters submit their votes through the Voter Application

• Votes are encrypted using the system's public key, and are digitally signed by the voters before they are submitted to the Vote Forwarding Server

• The Vote Forwarding Server authenticates the voters and transfers the votes to the Vote Storing Server

• At the end of the voting period, the Vote Storing Server removes the signatures of the voters to anonymize the votes

• The votes are transferred to the offline Vote Counting Application

• The Vote Counting Application counts the votes after decrypting them with the private key

While it is the most notable, Estonia is not the only country that has offered online voting. Various countries have experimented with their own implementations of online voting, including the US, France, and Australia. That said, it's not yet a widespread practice because there remain many obstacles to moving voting online. 

E-voting can have undeniable benefits if implemented well. Firstly, automations streamline election processes. In the US (which has the longest ballots among democracies) automations save weeks to months of time in counting and casting votes.⁵ In addition, e-voting can reduce the chance for human error, and has the potential to make voting more accessible to people who need language accommodations for people with disabilities. 

But for all the benefits it offers, e-voting also comes with complications. There are various challenges that require special attention.

One of the most obvious concerns is how these systems would favor those on the more privileged side of the digital divide. Not everybody has equal access to the internet, computers, or public infrastructure through which they can access either. Recent numbers show that only about 65% of the world's population is online. 

Another major concern for voters and cybersecurity experts alike is security. The use of outdated or discontinued electronic voting systems increases the risk of security breaches. If voting systems and their databases are running on unsupported software lacking security patches, they'll be more vulnerable to cyberattacks. Internet voting systems can be especially susceptible to bad actors intercepting or manipulating data during transmission.

A system failure is yet another catastrophic possibility for e-voting systems. Even a short downtime in the voting system would block voting opportunities and could result in data loss, miscounts, and loss of voter trust.

Due to the extreme sensitivity and importance of elections, voting systems must reliably satisfy several requirements to ensure scalable and reliable elections.

Verifiability and auditability in e-voting review for developers#

One of the core criteria in any e-voting review for developers is end-to-end verifiability: voters and auditors should be able to verify that votes were cast, recorded, and tallied correctly. Key techniques:

• Cryptographic receipts / commitments: voters get a receipt that corresponds to an encrypted vote, without revealing their choice.

• Mix-nets or shuffle proofs: randomizing the order of encrypted votes to unlink ballots from identities.

• Homomorphic tallying: aggregate ciphertexts so that the tally can be computed without decryption of individual votes.

• Zero-Knowledge proofs: prove correctness of decryption/shuffle without revealing secrets.

• Public bulletin board: all encrypted votes, proofs, and audits are posted publicly for openness.

When doing an e-voting review for developers, you must evaluate whether the system supports these cryptographic guarantees and whether third parties can audit without breaking voter privacy.

2. Meticulous design is key#

Electronic voting systems must be carefully designed to protect against downfalls and vulnerabilities.

To varying degrees, these systems rely on having components housed in various different devices. As such, the design and implementation of electronic voting systems should take into account the components of system design to prevent vulnerabilities and ensure the integrity of the election process. 

We have to consider these requirements in an e-voting system: 

• High availability: To ensure continuous service in the event of system failures, heavy load, or DDoS (denial of service) attacks

  • Practices that can be implemented include fault tolerance, load balancing, network segmentation, data replication, and failover mechanisms

• Scalability: To handle a growing number of voters and heavy user load

  • Practices that can be implemented include horizontal scaling, performance monitoring, and dynamic resource allocation in the cloud

• Security: To ensure votes are confidential and not tampered with

  • Practices that can be implemented include data encryption, authentication mechanisms, and security audits 

• Accessibility: To ensure all voters are able to submit their votes

  • Practices that can be implemented include language options and accommodations for individuals with disabilities

Despite these shared requirements, no two e-voting systems would look the same.

Each democracy has unique factors that inform the design of their real-world system, from budget restrictions to hardware constraints. Every design choice will have to be evaluated for its trade-offs along the way. For instance, should a country choose to achieve authentication using fingerprint scanners, the trade-off is that the system would need increased memory to store biometric data – and thus, it will be more costly. 

Usability and human-factors in e-voting review for developers#

Even the most secure system fails if real users make errors or lose trust. A good e-voting review for developers examines the following:

• Clear feedback and error handling: if a voter makes a mistake, UI should let them cancel or correct without fear.

• Confirmation screens and ballot review steps: before final submission, the voter should see exactly what will be cast.

• Accessibility: screen readers, font sizes, language support, alternative input devices for disabled users.

• Voter reassurance: display progress indicators, cryptographic receipts, or cross-check summaries to build confidence.

• Human audit pathways: allow for paper backups or hand audits to detect systemic failures.

Designers must balance simplicity with safeguards: too many warnings or complexity may deter voters; too little may open attack surfaces. That tension is central to any e-voting review for developers.

3. Change is inevitable, but so are some constants#

We can never be too certain when it comes to the future of technology. Considering how much has changed in the last few decades, there's no knowing how technology will continue to shape the democratic process.

That said, there remain many challenges such as security, transparency, and scalability. As we wrangle with these, the adoption and growth of e-voting technologies may move ahead at a slower pace than it has in the past. But e-voting won't go away anytime soon.

There are currently researchers exploring whether we can utilize blockchain technology to address challenges such as transparency and voter confidence. Researchers are also exploring the possibility of voter authentication using computer vision or biometrics such as fingerprints.

The direction of technology can always surprise us, but for the foreseeable future, it's highly likely that building secure and effective voting systems will continue to rely on the practices of distributed systems and cybersecurity.

Threat modeling for e-voting review for developers#

Any serious e-voting review for developers must begin with threat modeling. Ask: who are the adversaries, what capabilities they have, and what parts of the system they may attack? For e-voting, typical threats include:

• Network-level attackers intercepting or altering messages between voter and servers

• Malicious insiders or compromised servers, altering vote storage or count

• Client compromise: voters’ devices may be infected or subverted

• Coercion/resale threats: ensuring the voter cannot prove how they voted

• Denial-of-service (DoS) attacks especially during critical windows

Using tools like DREAD or STRIDE, map each component (voter app, forwarding server, storage, counting) and assign risk levels. This reveals where defenses—encryption, redundancy, audits—must be strongest. Embedding threat modeling into design is a hallmark of serious e-voting review for developers.

Key management, trust models and failure recovery#

In an e-voting review for developers, you must scrutinize how secrets and keys are handled:

• Use threshold cryptography so no single party holds full decryption power.

• Plan a key ceremony with multi-party generation and audits to avoid single points of compromise.

• Establish key rotation and compromise protocols: how to recover if keys leak.

• Design failsafe modes: what happens if signature servers fail, or counting nodes disagree?

• Include disaster recovery—backups, cold storage, and fallback plans for hardware failures.

Without robust key and trust architecture, even a perfect UI or algorithm can be undermined.

Final words#

For developers, this means there are various skills you could be learning — regardless of whether you're planning to work on the next generation of voting software, or are simply interested in building scalable and secure systems.

You can get hands-on with all of these real-world skills with Educative's catalog of 1,000+ courses, projects, and assessments. Our platform is centered around hands-on learning, ensuring you internalize your new skills by applying them straight away with a built-in coding environment.

Our comprehensive Skill Paths are modular curriculum that teach you foundational knowledge and actionable skills:

• Scalability and System Design for Developers

• Cyber Security Fundamentals

Our growing library of 170+ Projects will get you building applications to both apply your skills and boost your portfolio:

• Face Detection Using Dlib and DNN in OpenCV

• Secure Document Storage System Using Blockchain

Projects are structured walkthroughs that let you build with various technologies — without the need for setup, downloads or configurations — through an in-browser development environment.

For a limited time, we've made our Premium subscription available with a free trial. In addition to the courses and Skill Paths in our Standard subscription, Premium adds Projects and Personalized Learning Paths through which you can generate your own custom curriculum. 

Try Premium for free today!