Electronic voting has been with us since 1960 but it had never been as relevant as now. The global pandemic of the new coronavirus has caused more than 3,000 million people to be forced into confinement. To the disgrace in terms of human lives we must add the enormous economic and social impact that this crisis will entail. And for businesses, the uncertainty is enormous.
In this context, agility to make decisions is key. However, for many organizations it is not just about knowing what to do, but reaching agreements with shareholders and partners, and articulating them legally. Boards of directors, shareholders’ meetings, assemblies, plenary sessions or landlord communities are forced to hold telematic events. But how to ensure the legal validity of these collective decisions? How to avoid voters to contest the results of the consultation? In this article we explain some basic concepts so that you understand what electronic voting is and how to avoid unwanted situations.
Electronic voting systems
There are many electronic voting systems. Broadly speaking, we can classify them into two groups: casting systems and counting systems. Counting systems are the most widespread in the public sphere. A large number of countries use them in their general and regional elections. Casting systems are equally mature at the technological level, but their use is restricted mostly to private use – companies, associations, cooperatives, etc.
The law allows for the use of electronic voting systems in shareholders’ meetings, boards of directors, plenary councils and other governing bodies. In order to be able to do so with all the guarantees, there are two major requirements: duly guarantee the identity of the voter and prove the security of the system. In the next sections, we will explain a little bit more these two aspects.
Electronic identification means
The use of electronic voting in any kind of general meeting is allowed in most countries, provided that the identity of the subject with the right to vote is guaranteed. So the key to ensuring the legal validity of electronic voting is how to guarantee the identity of the voter .
The European framework regulating electronic identification services is Regulation 910/2014, known as eIDAS. In this text the electronic signature is defined as the set of electronic data that allow the identity of the signer to be duly guaranteed. Although the word may lead to error, an electronic signature is nothing more than a means of electronic identification. Therefore, in electronic voting processes, the voter must sign (or provide a series of data that identifies her) before receiving the necessary rights to cast their vote.
Most of us are familiar with the electronic signature that we use when closing contracts digitally. A signature that can only be obtained in person before a competent authority such as the Police. This is what is known as qualified electronic signature. But there are two other types of signature included in the eIDAS regulation. They are the simple signature and the advanced signature, the two most widely used electronic identification means to guarantee the identity of voters in decision-making processes of private organizations.
We can say, then, that the electronic signature – whether simple, advanced or qualified – allows us to duly guarantee the identity of the voter. And, therefore, any of the three is useful for holding legally valid telematic voting in the private sphere. The main difference between them is the level of security they allow us to achieve. But before going into the details of the different types of signature, we must understand better how an identification process works.
Face-to-face identification vs. digital identification
An identification process consists of different steps. Some steps are more vulnerable to frauds than others. So we can say that the security level of the entire process is equivalent to the security level of the most vulnerable step of all. When we talk about digital identification processes we tend to obsess over possible security breaches. But, many times, we do not realize that face-to-face identification processes are equally vulnerable. Let’s see why.
The word identity comes from the Latin idem entitas (same entity). Therefore, to verify the identity of an individual we need two subjects, the individual itself and some attribute issued by an official body that allows us to make a comparison (a passport, a driving license, a national identity card, etc.) . Traditionally, this comparison has been made by a qualified person – a police officer, an official or alike. A person trained to avoid cheating and deception. However, we all know stories of twin brothers swapping to pass driving tests. And on the deep web you can buy a fake passport for just over 3,000 Euros – in the case of German passports, Portuguese cost around 700 Euros.
Some electronic voting providers claim that their systems are inviolable. But it is simply not true. The digital world is as vulnerable as the real world. The key is to minimize these risks as much as possible and always in accordance with the applicable legislation for each type of organization (public administrations, companies or associations) and transactions (traveling by bus with a friend’s transport card is not the same as buying a Louis Vuitton coat with her credit card).
Identification process in electronic voting
We have said that the security level of an identification process is equivalent to the security level of the most vulnerable step. But what are the steps of an identification process in an electronic voting? We distinguish four steps: registration, verification, identification and activation .
Imagine that a publicly traded company holds its shareholders’ meeting electronically. The first step will be to prepare a census. If there is a requested vote, only registered shareholders may vote. Otherwise, the census includes all the shareholders and, usually, it already exists. But before the vote, some adjustments will have to be made to manage the delegated vote and identify the authorized representatives of the legal persons with the right to vote. It is in this second step that the company in question will need to verify the identity of its shareholders. They will be asked for their ID or passport and, where applicable, the deeds that link their identity to that of the legal person they represent or a letter authorizing the person to whom they delegate their vote.
These first two steps are generally carried out by the company without the intervention of a digital identification and electronic voting service provider. And ideally, the security of the following steps will be equal to or greater than that of the previous two. In other words, an electronic voting provider must ensure that the security of its identification and activation system is less vulnerable than its client’s registration and verification system. If not, it’s like owning a high-end car and using retreaded second-hand wheels.
The third step, then, takes place on the voting day, when voters access the electronic voting platform to exercise their right. This is when voter identification takes place. To understand the different levels of security in this step, it is very useful to read the Technical Specifications for Security established by the European Union (EU Regulation 2015/1502). In short, to have a substantial level of security, it is important to carry out a two-factor authentication. The typical process in which the user is asked for a data that they have (such as their passport number or their personal key) and a dynamic data that is sent to them at that time (for example, a verification code by SMS). This is the level of security that banks require to authorize online financial transactions for their customers and it is also a reasonable level of security for the type of voting that we are dealing with in this article.
The fourth and final step is to activate (or authorize) the voter to cast their vote. Here, we have already duly guaranteed her identity. The point now is to prove the integrity of the data. In other words, guarantee that the voter does not lose control over his account and that the data, once registered, cannot be altered by anyone. To do this, it is usual to apply to the so-called timestamps; systems in which a trusted third party generates an alphanumeric key (or hash) that is linked to the date and time of the vote, as well as other data associated with the voter (personal data, IP address and device from which she voted, etc.). If the data is altered, we will ask the trusted third party to regenerate the alphanumeric key. And if it does not match the initial one we will know that the data has been altered. An alternative to having a trusted third-party time stamp is using blockchain technology, which allows us to do something similar without needing a certifying authority.
Simple, advanced and qualified electronic signature
Now that we fully understand the complete electronic identification and voting process, it is easier to distinguish between simple and advanced electronic signatures. The first allows us to properly guarantee the identity of the voter, generally thanks to secure two-factor authentication. The second, in addition, guarantees the integrity of the data, thanks to an authorized time stamp.
The simple electronic signature is, therefore, less secure than the advanced one, but it is equally legal depending on the type of organization and the importance of the decision at stake. The result of a simple signed electronic vote is a voting record. While with the advanced signature it is possible to issue what is known as advanced electronic signature certificate. This certificate can be qualified or unqualified depending on the certification service provider that issues it. At the technology level there is no difference between the two. And both are acceptable as evidence in a trial. The difference is in the burden of proof. Unqualified service providers must bear the costs of expert evidence if the other party refutes its validity.
Finally, as we have mentioned before, in addition to the simple and advanced electronic signature, there is the qualified signature. For an electronico signature to be qualified, the first two steps of the identification process must be carried out face-to-face by a recognized certification service provider (for instance, the Police). Although it is the most secure signature of all, it does not allow us to carry out a completely telematic process.
What electronic voting system should I choose?
To know if your electronic voting process is completely legal, you must first know what regulatory framework applies to your organization and the type of decision that will be made. This rule – be it a Publicly Traded Companies Act or the Bylaws of your organization – will require, at least, that the identity of the voters is duly guaranteed. And, in order to do that, you can use a simple, advanced or qualified signature. Whichever firm you choose, make sure your provider offers secure two-factor authentication and complies with the National Security Scheme. And if in your case it is essential to guarantee the integrity of the voting records, opt for an advanced signature with an authorized time stamp and ask your provider for advanced signature certificates once the voting process comes to an end.
We know that the technical vocabulary is not very intuitive. But if you reread this article calmly, you will see that it is actually easier than it seems. At Kuorum we have been helping public and private clients in seven countries with their electronic voting. If you have any questions, you can also contact us.