Informatics Online Voting Opportunities and Risks STOA Workshop at the European Parliament Brussels, 17 March 2011 Prof. Dr. Rüdiger Grimm IT Risk Management Universität Koblenz-Landau
Informatics Grimm 2011: Online Voting 2/20 Agenda How it is today Security concern Trust challenge Solution
Informatics Grimm 2011: Online Voting 3/20 Legally Binding Internet Elections in Europe in 2011 Switzerland –Legally binding internet elections in February 2011 for all cantons –since 2002, pilots in Zürich, Neuenburg and Geneva Norway –legally binding municipal elections in 2011 –Internet voting and paper-ballot voting –voter can recast his/her electronic vote multiple times –terminal voting overrides Internet voting –paper votes override electronic votes –open source system (ErgoGroup & Scytl) –cryptographic protocol integrated into high school maths
Informatics Grimm 2011: Online Voting 4/20 Legally Binding Internet Elections in Europe in 2011 Estonia –legally binding Internet elections since 2005 –Internet voting and paper-ballot voting –voter can recast his/her electronic vote multiple times –newer electronic vote overrides older vote –paper vote overrides electronic vote –new for elections in March 2011: mobile authentication
Informatics Grimm 2011: Online Voting 5/20 Estonia 2005 Local Elections 2007 Parliamentary Elections 2009 European Parliament Elections 2009 Local Elections Eligible voters Participating voters Voter turnouts 47,4%61,9%43,9%60,6% I-Voters I-Voters among eligible voters 0,9%3,4%6,5%9,5% I-Voters among participating voters 1,9%5,5%14,7%15,8% [ ]
Informatics Grimm 2011: Online Voting 6/20 Online voting out there in the world … France, French citizens abroad, 2003 tests The Netherlands, citizens abroad Germany, more than 30 real voting in private area UK, tests 2002, 2003, 2007 Portugal, 2004 EU and 2005 Parliament Tests Austria, since 2003, voting in academic area and for citizens abroad … and a lot more in the USA
Informatics Grimm 2011: Online Voting 7/20 Online voting systems in use Polyas, Germany –Association of Computer Science (GI) Bodies –Research Funding Association (DFG) Bodies Helios, USA/Belgium –Undergraduate Student Government at Princeton in Spring 2011 –Student elections at the Université catholique de Louvain in 2010 –International Association for Cryptologic Research (IACR) in 2010 voter turnout ~30% (compared to ~20% with paper-based elections) –Presidential election at the Université catholique de Louvain in 2009 Many more for research and demonstration –Bingo, ThreeBallot, Prêt à Voter, Punchscan, …
Informatics Grimm 2011: Online Voting 8/20 Classical advantage Ubiquity and 24-7 Seamless integration in everyday communication, esp. of Internet generation Easy-to-use, also for complex applications Increase of participation
Informatics Grimm 2011: Online Voting 9/20 Participation in GI Board Elections Casted Votes Registered Voters Online Participation 13,7% 24,1% 16,9% 20,5% 17,5%
Informatics Grimm 2011: Online Voting 10/20 Agenda How it is today Security Concern Trust Challenge Solution
Informatics Grimm 2011: Online Voting 11/20 Correctness and Anonymity Do machines Does network Are our votes Will our votes remain Are there hidden access points for manipulation ?? work as we expect ?? secret ??
Informatics Grimm 2011: Online Voting 12/20 Security can be provided, technically Several solutions for anonymity, e.g., blind signatures and separation of duty Organizational approach of protection profile and system security evaluation by Common Criteria See BSI basic protection profile and Polyas evaluation Security is manageable But How do people KNOW that these security features work?
Informatics Grimm 2011: Online Voting 13/20 Security can be provided, technically But how do people KNOW that these security features work? Cars work safely, if they do not crash Voting systems work safely, if … they do not crash?? Public relies on experts certification Is trust in experts’ statement sufficient? Are there better procedures to feel (see, touch, experience…) security … and to check correctness?
Informatics Grimm 2011: Online Voting 14/20 Agenda How it is today Security Concern Trust Challenge Solution
Informatics Grimm 2011: Online Voting 15/20 Verifiability March 2009, German Constitutional Law has stated as basic requirement: –Verifiability of voting process by everyone –Even without deeper knowledge of technology What is verifiability? –Cast as intended (individually) –Stored as cast (individually, universally) –Tallied as stored (universally)
Informatics Grimm 2011: Online Voting 16/20 Verification encrypt cast ballot decrypt recorded-as-cast cast-as-intended counted-as-recorded
Informatics Grimm 2011: Online Voting 17/20 Verification by Bulletin Board encrypt cast ballot decrypt publish ballots publish votes encrypted-as-intended recorded-as-cast cast-as-intended counted-as-recorded decrypted-as-recorded Bräunlich/Grimm,
Informatics Grimm 2011: Online Voting 18/20 Agenda How it is today Security Concern Trust Challenge Solution
Informatics Grimm 2011: Online Voting 19/20 Solution Internet Voting can provide better functionality than paper voting Ubiquity and 24-7 Seamless integration in everyday communication, esp. of Internet generation Easy-to-use, also for complex applications –Universal and individual verification –Multiple voting (recast) –Multiple media (paper, terminal, Internet) –Integration with eParticipation
Informatics Grimm 2011: Online Voting 20/20 References Johannes Pichler (Hrsg.): Überlegungen zur Hebung demokratischer Partizipation – Provokationen und Optionen. Schriften zur Rechtspolitik, Band 31, Neuer Wissenschaftlicher Verlag, Wien, Graz Krimmer, Robert; and Grimm, Rüdiger (Eds.): Electronic Voting 2010, 2008, and Lecture Notes in Informatics, Bonn 2010, 2008, and 2006, resp. Volkamer, M., Vogt, R.: Common Criteria Protection Profile For Basic Set of Security Requirements for Online Voting Products. BSI-CC-PP-0037, Version 1.0, 18. April Estonia: Helios: Polyas: