“You have to advance toward i-voting over the long-term”

As the interim government gears for the elections, while discourse on absentee voting intensifies, various potential modalities to enable absentee voting are being floated. Amongst them is internet based voting (i-voting), considered most suitable given Nepal’s internal and external migration patterns, and logistical complexities of physical voting.

In this context, the_farsight sits down with Samar Acharya, Co-Founder and CTO of CarePilot, an artificial intelligence-based healthcare enterprise and Founder/CEO of Techgaun Nepal, a private tech firm . 

Samar has expertise in fraud prevention, document validation, and healthcare tech, leading projects that integrate security, efficiency, and user-focused design. Presently, he is collaborating with various diaspora and civil society groups advocating at the Election Commission and other relevant government bodies for the pragmatic rollout of i-voting ahead of the March 2025 elections.

Can you please tell us a bit about yourself, your current work and the firm you built, Techgaun?

We started Techgaun in 2014. Back then, we were working locally, unfortunately, bidding for contracts that were largely pre-determined. While trying to work with local municipalities in building their fully functional websites, we were required to engage with several intermediaries. For a 22/23 year old back then, it was an extremely demotivating experience. We instead pivoted to prioritising contracts from other parts of the world. Eventually, I moved to the US and continued work from here. 

Sometime down the line, I felt the need to revive our brain child back home. Today, Techgaun has around 10 full-time and 4 to 5 contract based workers in Nepal. We work on building products for social media influencers, small/medium businesses and educational institutions. The idea is to build in Nepal for global markets.

Why absentee voting? Moreover, why is i-voting a solution for Nepal’s absentee voters?

Large numbers of Nepalis contribute significantly to the economy from outside, mainly migrant workers. There’s another group such as students and professionals who also have the right to vote but are not able to. Estimates say around six to seven million Nepalis are residing out of the country, perhaps even more.

Recommended

Elections in a turbulent political landscape

Additionally, there is a substantial internal migration within the country. Many cannot afford to bear the costs to go back to their registered places to vote. If I were one of them, I would be inclined to vote if the option for voting from my district of residence existed.

In the long term, I am also passionate about enabling differently able voters who have a tough time getting to the polling stations. 

There are other ways to enable absentee voting such as postal or in-person voting mechanisms. Why should Nepal focus on the use of technology and i–voting?

The future is set to be tech oriented. In Nepal’s case, concepts of digital national IDs and passports are already gaining prominence. These documentations will be factors of authentication. The other would be liveness detection/test. For instance, one person can turn their camera on, asked to and the interactions can be detected via technology to verify. This has already been used in different fraud prevention and identity verification systems globally. We can use similar services for voter identity verification in elections in Nepal.

What is liveness detection? Liveness detection is a security technique designed to confirm that a biometric input, such as a fingerprint or facial image, is being provided by a genuine living person rather than a spoofed source like a picture, mask, or deepfake. A person may be asked to take a live selfie, short video, or perform simple actions, like blinking or turning their head.

You mentioned using NID and e-passports for verification and subsequent processes. What about people who don’t have digital identifications? How do you integrate them in the process?

Recommended

How millions of Nepalis are exiled from voting

True, not everyone has NID or e-passports. It will probably take another decade or more for that. Furthermore, there is a huge digital divide and major gaps in digital literacy. But you have to take progressive steps toward enabling full access to digital and i-voting over the long term. This election is a massive opportunity to lay the groundwork and piloting. We have to accept the reality that not everyone can be integrated into i-voting systems for this upcoming election. Even if you put the technology aside, there are various socio-economic-cultural challenges and you need a dedicated action plan which includes experts from diverse domains to expand access to i-voting systems down the line. 

Can you elaborate further on the piloting approach.

We only have around 3 months until the election. Technically, building a large system testing, scaling and operationalising is not pragmatic for the upcoming elections. I think we should do a pilot for now. We can deliberate on the size, reach and target groups for this pilot and proceed. 

What number of absentee Nepalis can realistically be incorporated for this?

Off the top of my head, I would say at least one million absentee voters, or even more depending on the amount of resources available. Verifying one million identities in itself will be quite a challenge. For this, we can use a mixed method to verify a voter's identity, both through automation and human intervention, which will be needed to clarify some machine ‘flagged’ identities that can also be enabled at the back end. 

There are several third party vendors globally who specialise in i-voting systems: Smartmatic, Scytl and Sequent Tech. They have successfully conducted large scale elections across the world. What are your thoughts on resorting to these vendors to bring in a system and make it work for us?

Yes, there are multiple developers who specialise in i-voting systems. To ensure 100% security or close to 100%, we will have to study their methods and engage protractedly with them to ensure all bases are covered. 

There are also independent third party auditors who audit their work for reliability. We should engage them and also do audits of our own. A major issue will probably be Nepal’s legal process and compliance standards. Procurement can be an elongated process in Nepal. Given we should aim only for a pilot for this time, I think both developing our own or procuring external services will require relatively equal energy and effort - in slightly different ways, of course. 

If we start today, we have exactly 95 days to build a pilot i-voting system for Nepalis. How would these 95 days actually look?

Some tasks can run in parallel, some absolutely cannot. Technically, we can accelerate certain parts by using open-source components that the global community has already tested. That helps us secure the core principles we want: privacy-first, transparency, and secure-by-design. But technology alone isn’t enough. We also need to start working on voter education and administrator training right away, like tutorials, videos and guides.

How do we design with our diverse demography, digital capabilities and behaviours in mind?

We have to design the UI targeted to specific demographies plus try to address generally low literacy levels. Full Nepali language support is non-negotiable. And the interface must rely heavily on visual cues: icons, indicators, step guides. 

On top of that, Nepal is overwhelmingly mobile-first. More people use smartphones than laptops by far. So the app should be mobile-first, visually clean, and not stuffed with information on a single page.

Iterations matter too. A/B testing lets us study how people interact, where they tap, where they get stuck, how long they stay on a screen. We can even refine UI based on demographics like region and age. Different groups can get small design tweaks if it improves clarity. The most important thing is to prioritise the most digitally marginalised group. If we design with them at the center, everyone else benefits. It’s a “design for the hardest case” philosophy.

Now, back to the 95–day timeline, can you walk us through what happens during the development of this system?

Weeks 1-3 (the foundation)

The first two to three weeks are about laying the foundation. We sit down with technical and legal experts, and possibly local communities to finalise the system requirements. At the same time, we examine the legal basis, what laws or regulations enable absentee or electronic participation. 

Weeks 3-6/7 (threat modeling and high level architecture development)

We then move into threat modeling. That means identifying all possible risks such as hacking attempts, data leaks, vote secrecy issues. Next would be figuring out how to reduce those threats as close to zero. Once we understand the threats, we sketch the high-level architecture: which technologies do what, how different modules talk to each other, and what the overall system should look like.

What about identity verification? Do we build that module ourselves?

For this election, I don't think we should! Identity verification is a domain that takes years of research, and global companies have already mastered it. It makes no sense to reinvent the wheel. So procurement is necessary. Provisions for those should also be managed accordingly in the first couple of weeks. Meanwhile, the token issuance, the digital equivalent of the “chit” given at a polling station, can work across all devices, including mobile. This can later be used by an individual to track the validity of their vote if needed.

Weeks 8-9 (user interfaces, flow and connections)

At this point, we start the actual build. That means designing the user interface voters will see, constructing the identity verification integration, setting up token issuance, and building the vote-casting flow. 

At the same time, another team works on tallying and audit tools. Then everything begins to connect. We integrate across all the modules. If we can access the voter list through government data, we integrate that for pre-verification. If not, we design a fallback where only flagged cases are manually reviewed.

Weeks 9–12 (testing, refinement, education)

The internal testing wave starts. That includes quality assurance, data integrity validation, and especially scalability testing. We need to ensure the system doesn’t crash under pressure. 

Alongside this, voter education materials have to go out in the form of clear videos, instructions, maybe even walkthroughs by well-known personalities. We also conduct A/B testing on a statistically chosen sample. Their interactions help us refine the interface across different demographics.

Week 13 (mock election, independent review, security check)

By around Day 84, we shift into a mock election. Then we invite a completely independent third party, preferably someone not involved in the build at all, to review the entire system. 

After that comes full-scale security testing. We check that no unauthorised person can see data, that identities cannot be linked to votes, that encryption works both when data is stored and when it moves, and that the ledger is tamper-proof. We test every layer. Security is something we monitor the whole time, but this is the final, complete sweep.

Before you continue, encryption is a word that gets used a lot. Can you explain in layman terms?

Simply put, it's turning readable information into unreadable text so that outsiders, including people who operate the system, can’t understand it. Only the system with the correct keys can make sense of it.

Week 14 (rollout, limited pilot)

The final week is about operational readiness. We assemble an operational team and run a limited-scope pilot with the demographic we prioritised the most. Ideally, this would be the most marginalised group. If it works for them, it will work for everyone. The other approach would be to start from a digitally literate mass but I think the most marginalised should be at the center, even for this pilot.

Summary

Is the state technically equipped and capable for this within such a limited time?

In recent years, Nepal has addressed issues of digitisation and data privacy on paper. Operationally it is still lagging behind. For instance, we lack verified digital data on absentee Nepalis.

There are skilled professionals within the government, but they need more training. Our servers frequently face ransomware, malware, and hacks including routine website defacement, which highlights clear gaps in digital infrastructure. This isn’t unique to Nepal. Even developed countries face such issues. No system is ever completely secure. What matters is strong controls and quick response mechanisms.

For the immediate term, I think Nepal’s server-side capacity and security is still questionable. If we were to start right now, I would recommend using AWS would probably be the better choice.

And I feel Nepal should now start adopting cloud infrastructure, especially for things like data replication. We could move toward multi-cloud or cloud setups that are already multi-region and geographically distributed. That makes data replication much easier. For this, something needs to be figured out at the policy level.

Models like AWS GovCloud, used by the U.S. government, show how segregated, secure environments can be built. Even with AWS’s general offerings, if we design our network properly, we can create that level of segregation. And maybe we could even allow these large cloud companies to set up data centers in Nepal. 

If we can introduce such policies, it would really benefit Nepal, for this purpose and beyond.

What about ensuring data sovereignty in this whole process?

Ultimately, the people who protect our data and our systems, we want them to be Nepalis. Even if we use external service providers for parts or in full, deals must be negotiated with high priority to data sovereignty.

But data leaks do happen even in advanced systems. In the US for instance, there are constant data leaks in companies, and sometimes it seems like there’s a bit of irresponsibility around data management. That’s just human nature. And because human nature is what it is, we need to compensate for it by building strong system controls to prevent mistakes or misuse.

One challenge in internet/digital voting is verification of vote ledgers. In Nepal, folks sit down together and count the number of votes. So how do we use tech to transpire the same process in a digital medium while ensuring voter confidentiality? There are multiple mechanisms to ensure this, one prominent example being ‘Zero Knowledge Proof’. In layman terms, application of this concept allows us to conceal voter identity while ensuring its authenticity. The integrity of the process/vote is intact.