Citizen engagement and compliance with the legal, technical and operational measures in ivoting

Similar documents
Uncovering the veil on Geneva s internet voting solution

EVOTING BY INTRODUCTION THE SWISS POLITICAL CONTEXT

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Estonian National Electoral Committee. E-Voting System. General Overview

Addressing the Challenges of e-voting Through Crypto Design

Key Considerations for Implementing Bodies and Oversight Actors

SEMINAR WORK: E- ELECTIONS AND E- VOTING - THE CASE OF SWITZERLAND AND FRANCE

Electronic Voting in Belgium Past, Today and Future

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Statement on Security & Auditability

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

CHAPTER 2 LITERATURE REVIEW

Swiss E-Voting Workshop 2010

Privacy of E-Voting (Internet Voting) Erman Ayday

Secure Electronic Voting

Key Considerations for Oversight Actors

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Yes, my name's Priit, head of the Estonian State Election Office. Right. So how secure is Estonia's online voting system?

TO: Chair and Members REPORT NO. CS Committee of the Whole Operations & Administration

Submission for Roger Wilkins AO and the NSW Electoral Commission. Review of the NSW ivote internet and telephone voting system

Scytl Secure Electronic Voting

E-Voting: Switzerland's Projects and their Legal Framework in a European Context

Your evoting Election Service Provider Intelivote: Canada s Leader

Technology & Elections Policy Brief Series. The Swiss Experience with Internet Voting Dr. Uwe Serdült

Electronic Voting For Ghana, the Way Forward. (A Case Study in Ghana)

E-voting at Expatriates MPs Elections in France

Internet Voting the Estonian Experience

Should We Vote Online? Martyn Thomas CBE FREng Livery Company Professor of Information Technology Gresham College

The California Voter s Choice Act: Managing Transformational Change with Voting System Technology

OASIS ELECTION AND VOTER SERVICES TECHNICAL COMMITTEE. ELECTION MARK-UP LANGUAGE (EML): e-voting PROCESS AND DATA REQUIREMENTS 1/5757

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Internet Voting: Experiences From Five Elections in Estonia

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

M-Vote (Online Voting System)

TOWNSHIP OF CLEARVIEW. TELEPHONE/INTERNET VOTING POLICIES and PROCEDURES for the 2018 ONTARIO MUNICIPAL ELECTIONS

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Response to the Scottish Government s Consultation on Electoral Reform

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

Response to questions from the Speakers Commission on Digital Democracy regarding electronic voting

The Corporation of the Municipality of Trent Hills. Telephone/Internet Voting Election Policies and Procedures for the 2018 Ontario Municipal Election

Chapter 2.2: Building the System for E-voting or E- counting

Municipal Election Policies and Procedures Governing the Provision of Election Information and Services to Persons with Disabilities

Additional Case study UK electoral system

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

The Impact of Technology on Election Observation

Speaker s Commission on Digital Democracy Inquiry into Electronic Voting

If your answer to Question 1 is No, please skip to Question 6 below.

If your answer to Question 1 is No, please skip to Question 6 below.

Telephone/Internet Voting Election Policies and Procedures SOUTH FRONTENAC

Every electronic device used in elections operates and interacts

User Guide for the electronic voting system

Act means the Municipal Elections Act, 1996, c. 32 as amended;

Electronic Voting Systems

Procedures for the Use of Optical Scan Vote Tabulators

2018 Municipal Election Accessibility Plan

Blind Signatures in Electronic Voting Systems

Netvote: A Blockchain Voting Protocol

The UK General Election 2017

Secure and Reliable Electronic Voting. Dimitris Gritzalis

E-Voting, a technical perspective

Municipality of Chatham-Kent. Legislative Services. Municipal Governance

Internet Voting Process for The City of Greater Sudbury 2018 Municipal Election

Procedures Governing the Provision of Election Information and Services to Persons with Disabilities

OASIS ELECTION AND VOTER SERVICES TECHNICAL COMMITTEE. ELECTION MARK-UP LANGUAGE (EML): e-voting PROCESS AND DATA REQUIREMENTS

Curriculum. Introduction into elections for students aged 12 to 16 years

Utilization of Information Technology for Electoral Management. Mr.Cholaraj Phewban Inspector General, Office of The Election Commission of Thailand

Ballot Reconciliation Procedure Guide

Section 1 - General Electoral Knowledge

Colorado Secretary of State Election Rules [8 CCR ]

Selectio Helvetica: A Verifiable Internet Voting System

Voting Protocol. Bekir Arslan November 15, 2008

E- Voting System [2016]

Enhancing women s participation in electoral processes in post-conflict countries

Study Background. Part I. Voter Experience with Ballots, Precincts, and Poll Workers

Act means the Municipal Elections Act, 1996, S.O. 1996, c.32 as amended. All references to sections in this procedure are references to the Act.

SECURE REMOTE VOTER REGISTRATION

Considerations for (A)ROs administering a UK Parliamentary election in cross-boundary constituencies

Experiments with e-voting technology experiences and lessons

Office for Democratic Institutions and Human Rights REPUBLIC OF ESTONIA. PARLIAMENTARY ELECTIONS 4 March 2007

Analysis of AMS Elections 2010 Voting System

Prof. Dr. G. Vermeulen Montrasec International Experts Meeting JLS/2007/ISEC/514 - Brussels, 1 October 2009

Electronic Voting and Civil Referendums in Hong Kong

Electoral pilot scheme evaluation

Distributed Protocols at the Rescue for Trustworthy Online Voting

FINAL REPORT. Finnish Presidential Election 28th January 2018

Public awareness for the Scottish Independence Referendum

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

Voting in New South Wales Australia Bicameral Parliament hence two contests per election held every 4 years Lower House single candidate per

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

MUNICIPALITY OF NORTH MIDDLESEX. ELECTION POLICIES and PROCEDURES (including Telephone/Internet voting) for the 2018 ONTARIO MUNICIPAL ELECTION

THE MUNICIPALITY OF SOUTHWEST MIDDLESEX BY-LAW NO. 2017/

The Corporation of the Town of Fort Frances TELEPHONE/INTERNET VOTING PROCEDURES BOARD ELECTIONS

Telephone/Internet Voting Election Policies and Procedures. for the Municipal Elections October 22, 2018

L9. Electronic Voting

Colorado Secretary of State Election Rules [8 CCR ]

MUNICIPALITY OF MIDDLESEX CENTRE. TELEPHONE/INTERNET VOTING ELECTION POLICIES and PROCEDURES for the 2018 ONTARIO MUNICIPAL ELECTION

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Transcription:

Citizen engagement and compliance with the legal, technical and operational measures in ivoting Michel Chevallier Geneva State Chancellery

Setting the stage Turnout is low in many modern democracies Does easy voting mean more voting? Postal vote (introduced 1995) increased turnout by 20 percentage points After 5 years of postal voting, 95% of votes come in by post Yet, 40%-45% of citizens still do not vote Can we reach for them through a new delivery channel? To see it for ourselves, we began ivoting in 2003 We run 3 channels: postal vote, ivote and polling station

Our perimeter of compliance As we are handling protected data the voters' register, the votes we must comply with strict rules ivoting must be at least as secure as postal voting: this is the benchmark set by the federal authorities It has legal translations in the federal constitution, in the federal law on political right and its ordinance and in the Geneva cantonal constitution and legislation These texts define our perimeter of compliance

What are the rules? The law states technically neutral yet very specific security rules to be implemented: One citizen, one vote Impossibility to capture or alter a substantial amount of votes All ballots must be counted for the final result No third party must see a vote (protection of the vote secrecy) (protection of the citizens' choice) Ballots must be encrypted in the voter's PC, for the transmission procedure (anonymity of the votes) IT application linked to vote process must be split from all other IT apps. During ballot opening time, interventions on the IT system must be performed jointly by at least two persons and recorded in a log book Before every ballot, authorities must check the hardware, software, organisation and procedures according to the current best practices An independent 3rd party endorsed by the Confederation must confirm that all safety measures are met and that the system works properly

Defining the right perspective Like notes on a score, laws must be interpreted In most people's view, the security of electronic voting is associated with voter ID protection and vote secrecy It boils down to a user-centric approach: "I want to be protected from my neighbour sniffing on me" The correct approach is a society-wide one The society requires trust and certainty, i.e. accurate ballot results that reflect correctly the voters' intent Protecting the community against ivoting misuse means therefore protecting the data integrity

Tales of two worlds Two worlds unite in ivoting, the real one and the virtual one We have to manage both harmoniously

The real world

Physical identity It is tempting to use a token based on the X509 norm to identify the voter This would raise more problems than it would bring solutions The identity control would be delegated to the browser We would not be able to know who is behind the keyboard Therefore, we combine something that the voter owns (the Pin code reproduced on his voting card) with something he knows (his birth date and municipality of origin) The voting card is a numerical ID with time-limited validity

The voting card ivoting Paper-based ballot

The virtual world

Three contexts three features There are three contexts or environments that we must take into account in the virtual world The voter's PC The internet The State's IT system (electoral register and vote processing application) We only control one of these: the State's IT system Our challenge is to ensure data protection in uncontrolled environments

Change of paradigm In our approach to security, we have changed paradigm In the past, we operationalized the legal rules one by one This imposed trade-offs between usability and security This illustrates our old approach We have now adopted a systemic approach We view the system as a platform to be secured including the web and the voters' device The world as it is The voting application is "plugged" into this platform Security is our main business, voting is a side-offer User friendliness Security A simple case: the relationship security/ user friendliness

A word about the procedures Auditing by the Confederation Systematic splitting of crucial data: Anonymisation of the voters' register you are but a number in our files Anonymisation of the vote by splitting the vote from the voter's authentication parameters Permanent electoral commission, created when online voting was introduced in the law as additional watchdog ISO 27001 certification process achieved for budgetary reasons, we will not seek the actual certification ISO 27001 means that all procedures are documented and their implementation can be checked by the electoral commission

The secure channel The SSL protocol is vulnerable on two accounts: Because it is activated by the browser, it can be easily compromised It can be broken by brute force attack The secure channel (a java applet) fulfils a triple function: It provides an second encryption layer on top of the SSL, without having any link to the browser It checks whether the messages we receive from the voters are coherent with a normal voting procedure By doing this, it keeps the malware that might have infected your PC away from our IT system The secure channel encryption key is made of true random numbers generated by a quantum generator

SSL without secure channel SSL only Wahlgang Scrutin Scrutinio Scrutini Poll Wahlgang Scrutin Scrutinio Scrutini Poll Ja Oui Si Gea Yes Ja Oui Si Gea Yes Nein Non No Na No Nein Non No Na No Hacker

SSL with secure channel What you see is unreadable Wahlgang Scrutin Scrutinio Scrutini Poll DEMK3A2#3KKJLJNJ{@ 3*BSÉ1=DEMK3A2#3K KJLJNJ{@3*BSÉ1= Hacker?????

Guaranteed ballot box integrity The coherence control performed by the applet guarantees the integrity of the ballot box's content We know for sure that it is possible to read the ballots We know for sure it does not contain any incoherent result A second control is provided by the test ballot box The electoral commission owns the ballot box's encryption keys in application of the principle of segregation of duties Its members vote in a imaginary constituency and also record their votes on paper Comparing this constituency's electronic ballots with the paper notes provides a confirmation that the system does not introduce a bias

A large controlled perimeter The strength of the polling station resides in the control by the State of the voting and ballot counting premises Postal voting weakens this control The secure channel contributes re-establishing State control over the full voting perimeter The hardening of all IT levels (vote application, OS, hardware and network) also contributes recreating conditions close to the polling station's We are already past our government defined benchmark, postal voting

A large controlled perimeter: illustration Controlled perimeter with secure channel (in this case, port 80 is being used instead of port 443) consoles voters' register citizen browser internet 443 IDS/IPS IDS/IPS firewall web server Controlled perimeter without secure channel application server electronic ballot box Cryptographic factory quantum generator

The control code The control code fulfils two functions: It confirms the voter that she is connected to the State of Geneva voting web site (as we know that hardly anybody ever checks the site's certificate) It allows us to embed the voters' choices in an image, thus adding noise to the message This code is different for each citizen It changes for each ballot You find it on the voting card

The control code (followed)

A few other measures No connection electronic ballot box/voters' register Voters' register only contains voting cards numbers eballot box has a built-in encrypted device to record the number of cast votes This device is off-limits for the database administrator; no vote can be subtracted without us noticing Altering the votes is impossible: the ballot box's encryption key is owned by the electoral commission The ballot box is shaken before being decrypted in order to alter the ballots' reading order Helpdesk calls are screened for feedbacks

The ivote users

Two publics There are two publics for ivoting: The Swiss living abroad The Swiss residents ivoting offers the expatriates an effective way to exercise their political rights (at last) For them, ivoting makes a qualitative difference Between 35% and 50% of all votes cast from abroad are electronic votes Consider in valuating this figure that the border is 5 km away and that "abroad" begins 5 km from here

Residents: ivoting appeals to young voters 100% Weight of the different age groups among active voters with evote Weight of the different age groups among active voters without evote Demographical weight of age groups 18-29 30-39 40-49 50-59 60-69 70-79 With evote, the younger voters cast their ballot according to their demographic weight

No men/women digital divide 100% 18-29 30-39 40-49 50-59 60-69 70-79 Until 50, weight Demographical weight of age groups vote online according to their demographic Their behavior through age is similar to the Online voting behavior by Men Women (parallel lines)

Two voting channels, two styles 60% 50% 52% 40% 44% Postal vote 30% 36% 44% 52% evote 20% 20% 23% 25% 10% 0% 1st ballot Semaine week 1 2nd Semaine ballot 2week 3rd Semaine ballot 3 week

The search for a driver Why do some voters use ivote? Do the ivote users have anything in common? Multifactor analysis shows that socio-demographic and political preference variables have no explanatory value I can't anticipate your voting channel based on your age, gender, income or education I can't anticipate your voting channel based on your political opinion

What evote users have in common Subjectively They assess positively their own IT skills They trust online information, communication and transactions Objectively They use the web on a daily basis They have a broadband access

A broken barrier While 22%-25% of all voters use internet 55.5% of usual abstainers use it 18.7% of regular voters use it Online voting breaks an invisible barrier that keeps many voters away from politics Internet voting reaches further, it touches citizens more distant from politics Internet voting makes a paradigmatic difference, it appeals to one's subjectivity or way of life

The hosting process The conception of our platform allows a great deal of versatility We took advantage of this to propose other Swiss cantons to host their citizens on our system We are currently working with three cantons, hosting their expatriates (some 25'000 citizens altogether) To manage this project and keep these cantons in-line, we have set up a user group The user group is an added security factor because it forces us to rethink and optimise our procedures

Hosting illustrated Hosted canton Ballot type (date, topic, etc). 1 Hosting canton Ballot description Voting material Electoral register Voters id / authentication 2 Print file 4 3 Electoral register of the hosted canton electronic ballot box Voters Voting cards E-voting 5 6 Results Turnout Postal voting recording Publication

A last word ivoting is totally different from any other "e" project It cannot live on without trust How did we achieve it? By a very careful project management approach We went on slowly, never forcing the politicians As we would like to capitalize on our achievements, we licensed two private companies to commercialize our system outside of Switzerland

Thank you for your attention www.ge.ch/evoting michel.chevallier@etat.ge.ch

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback