When we think of electronic voting our mind quickly travels to presidential elections. Will we ever trade in the paper envelope for our cell phone?
E-voting in different areas and with different scopes
But in reality electronic voting is applied in many other areas, mainly private, such as shareholders' meetings, owners' meetings, union elections, and elections and assemblies of sports clubs, professional associations and universities.
Electronic voting systems, moreover, have different scopes and range from the voting devices used in elections in countries such as Brazil or the USA to electronic voting tools that cover the entire value chain of the electoral event, from voter registration to the counting of results and their subsequent auditing.
Depending on the type of event and the category of the e-voting system to be applied, the vote must comply with more or less stringent minimum conditions. For example, at a shareholders' meeting or assembly, the vote is not usually secret. This makes electronic voting technology for this type of event much simpler in terms of cryptography. However, as these are events where time is very limited, the usability of the e-voting solution applied must be excellent, so that hundreds or thousands of people can vote in a few seconds without incident. And, if the event is online or hybrid, the identity of the voters must also be duly guaranteed.
What is end-to-end verifiability and when does it apply?
End-to-end verifiable electronic voting applies in voting where secrecy of the vote is a necessary condition, mainly elections.
End-to-end verifiability in electronic voting systems refers to the ability to maintain the secrecy of the vote from the time the voter casts it on his or her device until the tally is performed. End-to-end verifiable systems, moreover, allow voters and external auditors to validate that the count is correct without revealing the vote direction of any voter. These two seemingly incompatible properties, the traceability and anonymity of the vote, are made possible by a complex combination of cryptography-based technologies.
The good news is that you don't need to know in detail how these technologies work because there are accredited certifying entities that check for you whether e-voting providers comply with these measures. The bad news is that most providers do not comply with these requirements and some have even falsified their certifications. Therefore, it is important to learn to distinguish the wheat from the chaff.
Reliable and secure electronic voting
Cybersecurity is one of the most important aspects of an electronic voting system. But the concept of cybersecurity is very broad. An attack that reveals the list of voters' names (confidentiality breach) does not have the same impact as an attack that reveals the voting sign of each voter (anonymity breach). Nor is a system that goes down for a few minutes (availability flaw) the same as a system that allows voting (integrity flaw). If an attacker impersonates a voter (authenticity flaw) the consequences will be more serious if the attack cannot be identified and corrected in time (traceability flaw).
Confidentiality, integrity, availability, authenticity, traceability and anonymity are the 6 characteristics to which the supplier's Information Security Management System must pay attention. There are standards such as ISO 27001 that establish the minimums that a supplier must meet to ensure these characteristics.
To ensure that your supplier's certifications are valid and not counterfeit:
- Check that the certifying entity has listed the e-voting provider on its website (e.g. AENOR, Adok or Applus).
- Then check that the certifying entity is accredited by ENAC (the body of the Ministry of Industry in charge of ensuring the quality of these audits) to issue these certifications and that it is listed on its website.
Secure electronic voting by design
Of the 6 pillars of cybersecurity discussed above, the most sensitive is anonymity. And that is why end-to-end verifiability is so important. In an end-to-end verifiable system the vote is irreversibly encrypted on the voter's device before being sent to the provider's servers. So even if the attacker manages to break all the security systems of the provider, it is mathematically impossible for him to reveal the voting sign of each voter. Therefore, in addition to certifications, it is very important that you check that your provider applies this standard correctly.
End-to-end verifiable systems are said to be secure by design. That is, regardless of the vendor's security measures, these systems ensure that the anonymity of the vote is maintained even in an absolute disaster scenario in which everything else has failed.
What can go wrong if we choose the wrong supplier?
Most e-voting solutions for the private sector do not meet some of the conditions explained in this post: to have an end-to-end verifiable system and to be audited by an accredited certifying entity. But, what can be the consequences of working with one of these low cost systems?
Suppose your sports club uses electronic voting in its elections. But, instead of hiring a provider with an end-to-end verifiable system audited by an accredited certifying entity, you opt for a company with certifications of dubious credibility and that encrypts the votes once they reach your server and not before. In the middle of the electoral process, with the polls still open, the club president is tempted to check the results to see if he has to make more efforts to mobilize his base. Since the system is not end-to-end verifiable, in theory, some employee of the e-voting provider could access the results ahead of time to inform the president.
It is not necessary for this situation to occur de facto. Low-cost providers, although less secure, need not be less honest or less responsible. But the mere suspicion that something like this could happen could lead a voter to challenge the process. And, if the e-voting provider is unable to demonstrate that its system is secure by design, the vote could be annulled by a judge, with all the monetary and reputational costs that implies. Things could be even worse if an attacker were to intercept the votes before they are encrypted.
The end of postal vote by mail
At Kuorum we have been organizing end-to-end verifiable online voting since 2013 with a technology audited in ISO 27001 and ENS Alto. It is a technology that guarantees the 6 pillars of voting security explained in this post. In addition, the anti-coercion mechanisms of our e-voting software are already more secure than those of postal voting. That's why professional associations, sports clubs and federations, companies and associations all over the world trust us. If you want more information about our services , please contact us without obligation.