A Synthesis of Vote Verification Methods in Electronic Voting Systems

A large amount of research has been conducted to improve public verifiability of e-voting systems. One of the challenges is ensuring that different and apparently contradicting requirements are met: anonymity and representation, vote secrecy and verifiability. System robustness from attacks adds further complexity. This chapter summarizes some of the known vote verification techniques and highlights the pros and cons of each technique. Also, it reviews how different verification technologies cover different phases of the voting process and evaluates how these techniques satisfy the e-voting requirements.

Unifying Electronic and Remote Voting

The voting scenario is rich and complex: democratic institutions typically call several kinds of elections, which often have different requirements in terms of costs and needed resources, and are exposed to different security risks. Some electoral events could target relatively small sets of voters, sparsely distributed across the country or even in the world: a typical example is the election for renewing the board of directors of an association or research center. On the other hand, Government or public-office elections typically involve a great number of voters who, in most part, are localized within a country or a regional area. As a consequence, the design, development and deployment of electronic voting systems suitable to accommodate the wide range of conflicting requirements emerging from such different voting scenarios is still a challenging issue. This chapter presents u-Vote, a solution which is able to operate in different deployment settings, so as to accommodate the peculiarities characterizing different voting scenarios, while striving to provide the best possible balance between security measures and convenience for voters.

Electronic Voting in the French Legislative Elections of 2012

This chapter presents an analysis of the unprecedented use of electronic voting by expatriates during the French 2012 legislative elections, when they elected their own representatives (referred to here as ‘deputies'), to the National Assembly in Paris for the first time, in 11 newly created overseas constituencies. The study is presented within the broader perspective of electronic voting in France more generally, and in the historical context of extra-territorial voting by French expatriates. The authors discuss the main issues and controversies that arose during the 2012 elections, and in a final section analyse the results. The authors conclude by drawing attention to recent developments in electronic voting in France since the 2012 elections, which suggest that although there was much criticism expressed by experts of electronic voting as to the security and transparency of the system used, the official discourse that acclaimed the experience as a success, appears to have convinced its target audience.

Software Vulnerabilities in the Brazilian Voting Machine

This chapter presents a security analysis of the Brazilian voting machine software based on the experience of the authors while participating of the 2nd Public Security Tests of the Electronic Voting System organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, vulnerabilities in the software were detected and explored to allow recovery of the ballots in the order they were cast. The authors present scenarios where these vulnerabilities allow electoral fraud and suggestions to restore the security of the affected mechanisms. Additionally, other flaws in the software and its development process are discussed in detail.

Modeling Threats of a Voting Method

In Estonian Parliamentary elections held in 2011, the percentage of Internet voters among all the voters was as high as 24.3%. At the same time a student implemented a proof-of-concept malware which demonstrated the effective disenfranchisement of the voter from the right to vote. The chapter gives an overview of risk assessment and threat modeling of Estonian Internet voting after the events of 2011. The chapter presents a classification of attacks against the voting method, distinguishing between manipulation attacks, revocation attacks and attacks towards public confidence.

The Inherent Difficulties and Complexities of Voting Electronically

Countries worldwide have been conducting trials and holding pilots to evaluate the benefits and detriments of introducing electronic voting; while some have successfully implemented state of the art voting solutions, others have decided to abandon such attempts altogether. Across the field, one can see a multitude of different approaches, revealing the wide diversification of political cultures, legal regulations, social requirements, and contexts, within which this technology must be deployed. The approaches adopted can thus seem to be contradictory or indeed diametrically opposed. The purpose of this chapter is thus twofold. Firstly, it attempts to provide an introduction to the field of electronic voting while reviewing the most recent advances and related literature. Secondly, it attempts to evaluate under a perspicacious vision the level of maturity of the technology.

Analysis of Security and Cryptographic Approaches to Provide Secret and Verifiable Electronic Voting

Electronic voting systems are inextricably bound to security and cryptographic techniques. Over the last decades, countless techniques have been proposed to face the dangers of electronic voting systems with mathematical precision. Certainly, the majority of these works address secrecy and verifiability. In this chapter, security and cryptographic techniques are analyzed with respect to those security properties that can be evaluated on the basis of these techniques: secrecy, fairness, integrity, and verifiability. Furthermore, the chapter discusses their adequacy to ensure further relevant properties like eligibility and uniqueness, and evaluates security and cryptographic techniques with respect to the costs that come along with their real-world application. The authors conclude the chapter with a summary of the evaluation results, which can serve as guideline for decision-makers.

A Holistic Framework for the Evaluation of Internet Voting Systems

The foundations of democratic societies are elections. Due to their central importance to society, elections are bound to high legal standards, which are usually specified as election principles in national constitutions. To date, technological advance has reached elections, and Internet voting is a buzzword in the field of information technology. Many Internet voting systems and schemes have been proposed in research and some have even been used in legally binding elections. However, their underlying requirements are on the one hand often too closely linked to the specific technology and on the other hand mostly tailored to the scheme/system under investigation and therefore not connectable with election principles. This makes it difficult to compare different schemes/systems with each other, and correspondingly, it is difficult for election officials to select one of the proposed Internet voting schemes/systems for their own election setting. This chapter counters this artifact with two contributions, which are captured within an evaluation framework. First, based on the interdisciplinary method KORA, the authors derive constitutionally founded technical requirements. Second, they propose metrics to estimate the fulfillment of these requirements within concrete Internet voting systems. Given these contributions, the framework developed within this chapter supports election officials in making justified decisions about the selection and deployment of a specific Internet voting scheme/system.

From Initial Idea to Piecemeal Implementation

The formal genesis of e-voting in Switzerland can be traced back to a series of motions deposited by parliamentarians in 2000. At the time the Swiss were not alone in trying to roll out e-voting programmes in the early 2000s. Indeed, a large number of European countries were pursuing similar e-voting policy agendas. A decade later very few countries can be said to have implemented e-voting. One of these, Estonia, has fully generalised e-voting as a mode of participation for a range of electoral contests. While much has been written about the Estonian case, less is known about the Helvetic route to implementing e-voting. In this chapter, the authors analyse the piecemeal approach to implementing e-voting in the Swiss case. The fact that the Helvetic route to implementing e-voting involved three competing systems offers a comparative anchor for examining the sustainability of each system. It is in this sense that Switzerland offers a useful political laboratory for analysing the problems of modernising elections in the digital era and provides insights that may be generalisable to other cases.

Voting over the Internet on an Insecure Platform

Voters using their insecure personal devices for casting votes cause a critical but still largely unsolved problem in Internet voting. This chapter addresses this problem by introducing a trusted voting device, which can be used in combination with various cryptographic voting protocols. It's an answer to one of the main assumptions, on which these protocols are based, namely that voters can reliably perform various cryptographic computations. We suggest that all critical cryptographic computations are performed on the voting device, but we restrict its user interface to the simple task of allowing voters to confirm their votes before casting the ballot. The ballots themselves are prepared beforehand on the voter's insecure platform using its rich user interface. To provide privacy even in the presence of strong malware, the voting device receives its information from the voter's insecure platform in form of matrix barcodes. The unidirectionality of such an optical communication channel disallows the insecure platform to learn the voter's actual choice. To verify the correct functioning of the voting device, it can be challenged with test ballots that are indistinguishable from real ones.