Table of Contents
Fetching ...

Recommender Systems for Democracy: Toward Adversarial Robustness in Voting Advice Applications

Frédéric Berdoz, Dustin Brunner, Yann Vonlanthen, Roger Wattenhofer

TL;DR

This work uncovers substantial adversarial vulnerabilities in voting advice applications (VAAs) by analyzing two Swiss Smartvote datasets (2019, 2023) and quantifying how manipulation can boost visibility for candidates, parties, or lists. It formalizes a three-part robustness framework addressing adversaries among candidates, platform operators, and question designers, and evaluates nine robustness metrics across common distance functions to compare methods. The study identifies 11 concrete vulnerabilities (AO, AC, DIV, MM, WS, SS, QF, QC, LC, TB, QO, etc.) and demonstrates that seemingly small design choices can dramatically alter recommendations, prompting proposed mitigations such as moving to $L_1$ or Angular distances, reducing expressivity, and enforcing deal-breaker filtering. The practical impact is a roadmap for building more secure, transparent, and trustworthy VAAs that preserve democratic integrity while accommodating AI-enabled, near-future deployments. The findings highlight the need for standardized robustness metrics and mitigation strategies as VAAs scale and influence voter behavior across diverse electoral contexts.

Abstract

Voting advice applications (VAAs) help millions of voters understand which political parties or candidates best align with their views. This paper explores the potential risks these applications pose to the democratic process when targeted by adversarial entities. In particular, we expose 11 manipulation strategies and measure their impact using data from Switzerland's primary VAA, Smartvote, collected during the last two national elections. We find that altering application parameters, such as the matching method, can shift a party's recommendation frequency by up to 105%. Cherry-picking questionnaire items can increase party recommendation frequency by over 261%, while subtle changes to parties' or candidates' responses can lead to a 248% increase. To address these vulnerabilities, we propose adversarial robustness properties VAAs should satisfy, introduce empirical metrics for assessing the resilience of various matching methods, and suggest possible avenues for research toward mitigating the effect of manipulation. Our framework is key to ensuring secure and reliable AI-based VAAs poised to emerge in the near future.

Recommender Systems for Democracy: Toward Adversarial Robustness in Voting Advice Applications

TL;DR

This work uncovers substantial adversarial vulnerabilities in voting advice applications (VAAs) by analyzing two Swiss Smartvote datasets (2019, 2023) and quantifying how manipulation can boost visibility for candidates, parties, or lists. It formalizes a three-part robustness framework addressing adversaries among candidates, platform operators, and question designers, and evaluates nine robustness metrics across common distance functions to compare methods. The study identifies 11 concrete vulnerabilities (AO, AC, DIV, MM, WS, SS, QF, QC, LC, TB, QO, etc.) and demonstrates that seemingly small design choices can dramatically alter recommendations, prompting proposed mitigations such as moving to or Angular distances, reducing expressivity, and enforcing deal-breaker filtering. The practical impact is a roadmap for building more secure, transparent, and trustworthy VAAs that preserve democratic integrity while accommodating AI-enabled, near-future deployments. The findings highlight the need for standardized robustness metrics and mitigation strategies as VAAs scale and influence voter behavior across diverse electoral contexts.

Abstract

Voting advice applications (VAAs) help millions of voters understand which political parties or candidates best align with their views. This paper explores the potential risks these applications pose to the democratic process when targeted by adversarial entities. In particular, we expose 11 manipulation strategies and measure their impact using data from Switzerland's primary VAA, Smartvote, collected during the last two national elections. We find that altering application parameters, such as the matching method, can shift a party's recommendation frequency by up to 105%. Cherry-picking questionnaire items can increase party recommendation frequency by over 261%, while subtle changes to parties' or candidates' responses can lead to a 248% increase. To address these vulnerabilities, we propose adversarial robustness properties VAAs should satisfy, introduce empirical metrics for assessing the resilience of various matching methods, and suggest possible avenues for research toward mitigating the effect of manipulation. Our framework is key to ensuring secure and reliable AI-based VAAs poised to emerge in the near future.
Paper Structure (66 sections, 13 equations, 20 figures, 10 tables)

This paper contains 66 sections, 13 equations, 20 figures, 10 tables.

Figures (20)

  • Figure 1: Visibility of crafted candidates (red) compared to all other candidates (blue) in the states of Zurich ($k=36$), Bern ($k=24$), and St. Gallen ($k=12$). The larger dots highlight the crafted and actual most visible candidates.
  • Figure 2: Relationship between the answer strength of candidates, as defined in Eq. \ref{['eq:answer_strength']}, and their visibility in the state of Zurich ($k=36$). Each dot shows a candidate and the black line represents an ordinary least squares trend line.
  • Figure 3: Comparison of actual and calibrated party visibility using the L1 and L2 distance metrics. To simulate this scenario, the answer profiles of all candidates in the party were adjusted to weaken their responses (e.g., changing all “Yes” to “Rather yes”), and the recommendations were recalculated using the L1 and L2 distance metrics.
  • Figure 4: Relationship between the number of candidates per percent of vote share and the ratio of visibility to vote share for parties in the state of Zurich. The size of each dot represents the vote share of the corresponding party. Vote shares are calculated based on the votes received by candidates participating in Smartvote for the 2023 National Council election. Exact values can be found in the column Vote Share (adjusted) of Table \ref{['tab:parties']} in the Appendix.
  • Figure 5: Relative visibility change of all parties if the available question weights are set to ${W_t=\{0,\frac{1}{10}, 1, 10\}}$ (strong) or ${W_t=\{0, \frac{9}{10},1, \frac{10}{9}\}}$ (weak). The visibility of each party is computed using only the voters that have weighted at least one question. Parties are listed according to their parliamentary seating arrangement, with traditional larger coalitions (left, center, right) shown at the top. As observed, the actual numerical value of the weights can significantly favor certain coalitions, with center parties benefiting from weak weights and left- and right-wing parties from strong weights.
  • ...and 15 more figures