Imperatives of Electronic VotingJanuary 23, 2007 at 5:17 pm | Posted in Explanations | 28 Comments
Note: This is where the COMELEC Committee on Overseas Absentee Voting (COAV) is coming from, technology- and security-wise.
Conducting an electronic election that involves ballots in digital form is a complex issue that raises a number of security concerns. The confidence relationships found in traditional elections must be replicated in electronic systems, without losing reliability. Electronic voting must therefore reproduce the practices of traditional voting methods (e.g. secure identification of voters, as well as distribution of trust among the members of an Electoral Board). Additionally, electronic voting faces new requirements (e.g. new privileged actors such as system administrators) and new technical risks (e.g. digital ballot formats that are more easily manipulated than physical ones).
Digital security measures are therefore paramount for electronic voting success. However, conventional computer and network security measures (e.g. firewalls, intrusion detection systems, antivirus software…) fall short of providing a complete solution to electronic voting. These generic security measures, although regularly used to secure e-commerce and e-business transactions, are not enough for e-voting.
Indeed, casting ballots is not an ordinary transaction. When performed electronically, it must address the following requirements and security concerns:
o Authenticity of ballots Reliable means to verify the origin of a ballot (i.e. the identity of the voter who casts it) must be used, to ensure the “one voter, one vote” premise.
o Privacy of voters Despite the previous requirement, it must impossible to correlate the votes to the identities of their respective voters, unless required by law (as it is in some countries).
o Accuracy of election results It must not be possible for anyone to remove or alter the ballots that have been cast by eligible voters or to add invalid ballots (e.g. on behalf of abstaining voters).
o Secrecy of intermediate results To ensure that voters’ choices are unbiased, intermediate results must be secret until the election is completed.
o Ballot verifiability Voters must be able to independently verify that their ballots have been correctly accounted for.
o Uncoercibility The fact that voters can verify their votes must allow some fraudulent practices such as coercion or vote-selling possible
The digital security measures for e-voting must meet the requirements above, detecting and preventing fraudulent practices even when they are performed by privileged actors in electronic voting environments (e.g. electoral authorities or systems administrators).