Tell us your situation and a consultant will contact you without obligation.
Contact us atOnline voting security
We don't say so, our auditors say so.
Cybersecurity is our raison d'être. That is why every year AENOR audits us for compliance with the ISO27001 information security standard. But in Kuorum we go a step further and we are spearheading in R & D for greater protection of our customers.
Request a demoHistory of online voting
Electronic voting is a mature technology that has been with us since the 1960s. Online voting, a variant of electronic voting over the Internet, has seen its use spread for private purposes since the beginning of this century, even being used in several presidential elections in countries such as Estonia.
The technology that supports online voting systems is complex. But our goal is to make your life easier. So we are going to try to explain how it works as simply as possible.
Parallels with postal voting by mail
The great challenge of online voting is not to replace face-to-face voting, but to serve as an alternative to postal voting: a more efficient, economical and sustainable alternative. That is why, when we talk about security in online voting, we must establish the security of postal voting, with its virtues and vices, as a yardstick.
Confidentiality, anonymity, integrity, availability, authenticity or traceability are the characteristics to which we must pay attention in both cases. Below, we explain what each one means. And in the next section we describe how we take care of all of them at Kuorum. If at some point you get lost, we recommend that you try to find an analogy with postal voting. That's the best way to understand it. Let's get to it!
The 5 pillars (+1) of information security
In an increasingly digitalized world, cybersecurity (or information security) is of vital importance. Banks, healthcare companies and public administration, among others, handle very sensitive information and must follow certain guidelines when managing this data to prevent risks and mitigate the impact of possible security breaches.
If you work in any of these fields, you are probably familiar with the 5 pillars of information security: CIATA (confidentiality, integrity, availability, traceability and authenticity). Well, in the online voting sector we must add one more pillar: anonymity. And so, to the 5 previous pillars (CIATA) we must add the pillar of anonymity (CIATAA). To achieve this, we use cryptographic algorithms as we will explain below.
CIATAA
If you have read the basics in the previous section, then you already know that CIATAA stands for the 6 pillars of information security for online voting technologies. Below, we explain how we secure each of these 6 pillars at Kuorum. The security levels we describe below correspond to the state of the art in online voting and are used in private electoral processes around the world.
Confidentiality
In Kuorum we use cryptography to ensure that no one, not even us, has access to the information of the votes cast with our technology. For this we use, among other mechanisms: End-to-end encryption, encryption in transit and at rest, asymmetric key encryption and a Zero-trust architecture. If you want to know more, you can contact our engineering team.
Integrity
No one is capable of altering the results of a vote. This is what in electoral jargon is called avoiding the "pucherazo". For this we use: Digital signature, immutable logs and Distributed Ledger Technologies (DLT).
Availability
We assure our customers full service availability under peak loads thanks to our scalable architecture based on micro and nano services. In addition, we perform penetration tests and emulate disaster scenarios on a regular basis.
Authenticity
Also known in computer jargon as "non-repudiation". The way we identify voters is key. With Kuorum's technology, it is the administrators of each ballot who choose the level of identification security they require for their ballots. Our most demanding customers apply multi-factor authentication (MFA).
Traceability
Also known as auditability or end-to-end verifiability . This is to ensure that the voter and/or an auditor can attest to what has occurred in the process; of course, respecting the condition of anonymity.
Anonymity
Not all voting using our technology requires an anonymous vote. But, for those that do, we apply homomorphic asymmetric cryptography and mixing.
In the basic concepts and state of the art sections, we have explained the 5 pillars of information security (CIATA) and the 6 pillars of information security in the field of online voting (CIATAA). At Kuorum we have implemented an Information Security Management System (ISMS) based on continuous improvement to prevent CIDATA risks. And every year AENOR audits our system to verify that it complies with ISO/IEC 27001/2014, the international standard for information security (download our ISO 27001 certification here or consult it on the accredited certifying company page).
This certification is based on a Statement of Applicability (SoA) with 114 checkpoints, including not only technical aspects but also human and organizational aspects. Many of the screening processes of the IT departments of large companies have long questionnaires with questions on cybersecurity for their suppliers that coincide precisely with these 114 points. Therefore, we are able to reduce procurement times for all types of private and public organizations.
We are also certified in the National Security Scheme (ENS) in High Category.
In addition to these certifications, Kuorum has an Integrated Quality Management System also based on continuous improvement and also audited annually by AENOR in compliance with ISO 9001 quality management. This certification is only a guarantee of our obsession to put the customer at the center of all our operations. That is why Kuorum is the most usable tool on the market and continues to evolve with feedback from our customers (download our ISO 9001 certification here or consult it on the accredited certifying company page).
At Kuorum we apply the security-by-default methodology, which involves thinking from a cybersecurity point of view from the stages prior to product conception.
Kuorum works with agile methodologies such as Scrum, a work philosophy based on short and incremental iterations. The customer is at the center of all our operations, from the initial research to the release and testing of new features in the test environment and its subsequent deployment to production.
The combination of these two methodologies allows us to offer a product that is both secure and usable. Something totally revolutionary in the online voting sector.
As we have told you in the basic concepts and state of the art sections, online voting is a complex field in which different disciplines of mathematics, computer science, security, law or sociology come into play. Universities and technology centers around the world are developing research projects on cryptography, cybersecurity, quantum computing or international law that have a direct impact on our sector.
At Kuorum we collaborate with universities and researchers internationally to lead advances in the field of cryptography. We are currently conducting research in collaboration with the CDTI. If you want to know more or if you are interested in collaborating with us, please contact our engineering team.
Yes, but don't trust us just because we say so, but because of our certifications. Remember that certifications must be issued by accredited certifying entities, such as AENOR. If you are comparing suppliers, always ask for the official certificate documents and check that the information matches that of the accredited certifying company's website.
We have several levels of service depending on the guarantees and support you need. The basic level of service is self-managed. In the other levels, our support team takes care of everything to make your vote a success.
No, Kuorum is a software as a service (SaaS) in the cloud.
Kuorum is the most usable tool on the market. Our incident rates are below 1% with voter populations of all ages.
Yes, with your service you can hire support hours outside office hours or on weekends.
Yes, our premium service level includes telephone attention to your voters through a standard rate phone.
Yes, we have served voters in more than 150 countries.
No, there are several voting streams with different levels of identification security and it is possible to configure a ballot to support voting by participants without e-mail.
No, there are several voting streams with different levels of identification security and it is possible to configure a vote to support voting by participants without a cell phone.
Yes, it is the most frequent.
Yes, the voting configuration in Kuorum is very versatile and also allows the secret ballot option.
Yes, voting with Kuorum supports proxy voting with and without voting instructions.
Yes, voting with Kuorum supports weighted voting.
The representative only needs to vote once and can distribute the votes of the different persons (or companies) among the different response options.
To the customer. Kuorum is merely a technology supplier.
Yes, we sign with all our clients a Data Processing Agreement in accordance with the RGPD and data protection regulations. In addition, as part of our certifications, we are audited every year for compliance with this standard.
History of online voting
Electronic voting is a mature technology that has been with us since the 1960s. Online voting, a variant of electronic voting over the Internet, has seen its use spread for private purposes since the beginning of this century, even being used in several presidential elections in countries such as Estonia.
The technology that supports online voting systems is complex. But our goal is to make your life easier. So we are going to try to explain how it works as simply as possible.
Parallels with postal voting by mail
The great challenge of online voting is not to replace face-to-face voting, but to serve as an alternative to postal voting: a more efficient, economical and sustainable alternative. That is why, when we talk about security in online voting, we must establish the security of postal voting, with its virtues and vices, as a yardstick.
Confidentiality, anonymity, integrity, availability, authenticity or traceability are the characteristics to which we must pay attention in both cases. Below, we explain what each one means. And in the next section we describe how we take care of all of them at Kuorum. If at some point you get lost, we recommend that you try to find an analogy with postal voting. That's the best way to understand it. Let's get to it!
The 5 pillars (+1) of information security
In an increasingly digitalized world, cybersecurity (or information security) is of vital importance. Banks, healthcare companies and public administration, among others, handle very sensitive information and must follow certain guidelines when managing this data to prevent risks and mitigate the impact of possible security breaches.
If you work in any of these fields, you are probably familiar with the 5 pillars of information security: CIATA (confidentiality, integrity, availability, traceability and authenticity). Well, in the online voting sector we must add one more pillar: anonymity. And so, to the 5 previous pillars (CIATA) we must add the pillar of anonymity (CIATAA). To achieve this, we use cryptographic algorithms as we will explain below.
CIATAA
If you have read the basics in the previous section, then you already know that CIATAA stands for the 6 pillars of information security for online voting technologies. Below, we explain how we secure each of these 6 pillars at Kuorum. The security levels we describe below correspond to the state of the art in online voting and are used in private electoral processes around the world.
Confidentiality
In Kuorum we use cryptography to ensure that no one, not even us, has access to the information of the votes cast with our technology. For this we use, among other mechanisms: End-to-end encryption, encryption in transit and at rest, asymmetric key encryption and a Zero-trust architecture. If you want to know more, you can contact our engineering team.
Integrity
No one is capable of altering the results of a vote. This is what in electoral jargon is called avoiding the "pucherazo". For this we use: Digital signature, immutable logs and Distributed Ledger Technologies (DLT).
Availability
We assure our customers full service availability under peak loads thanks to our scalable architecture based on micro and nano services. In addition, we perform penetration tests and emulate disaster scenarios on a regular basis.
Authenticity
Also known in computer jargon as "non-repudiation". The way we identify voters is key. With Kuorum's technology, it is the administrators of each ballot who choose the level of identification security they require for their ballots. Our most demanding customers apply multi-factor authentication (MFA).
Traceability
Also known as auditability or end-to-end verifiability . This is to ensure that the voter and/or an auditor can attest to what has occurred in the process; of course, respecting the condition of anonymity.
Anonymity
Not all voting using our technology requires an anonymous vote. But, for those that do, we apply homomorphic asymmetric cryptography and mixing.
In the basic concepts and state of the art sections, we have explained the 5 pillars of information security (CIATA) and the 6 pillars of information security in the field of online voting (CIATAA). At Kuorum we have implemented an Information Security Management System (ISMS) based on continuous improvement to prevent CIDATA risks. And every year AENOR audits our system to verify that it complies with ISO/IEC 27001/2014, the international standard for information security (download our ISO 27001 certification here or consult it on the accredited certifying company page).
This certification is based on a Statement of Applicability (SoA) with 114 checkpoints, including not only technical aspects but also human and organizational aspects. Many of the screening processes of the IT departments of large companies have long questionnaires with questions on cybersecurity for their suppliers that coincide precisely with these 114 points. Therefore, we are able to reduce procurement times for all types of private and public organizations.
In addition to this certification, Kuorum has an Integrated Quality Management System also based on continuous improvement and also audited annually by AENOR in compliance with ISO 9001 quality management. This certification is only a guarantee of our obsession to put the customer at the center of all our operations. That is why Kuorum is the most usable tool on the market and continues to evolve with feedback from our customers (download our ISO 9001 certification here or consult it on the accredited certifying company page).
At Kuorum we apply the security-by-default methodology, which involves thinking from a cybersecurity point of view from the stages prior to product conception.
Kuorum works with agile methodologies such as Scrum, a work philosophy based on short and incremental iterations. The customer is at the center of all our operations, from the initial research to the release and testing of new features in the test environment and its subsequent deployment to production.
The combination of these two methodologies allows us to offer a product that is both secure and usable. Something totally revolutionary in the online voting sector.
As we have told you in the basic concepts and state of the art sections, online voting is a complex field in which different disciplines of mathematics, computer science, security, law or sociology come into play. Universities and technology centers around the world are developing research projects on cryptography, cybersecurity, quantum computing or international law that have a direct impact on our sector.
In Kuorum we collaborate with universities and researchers internationally to lead advances in the field of cryptography. If you want to know more or if you are interested in collaborating with us, please contact our engineering team.
Yes, but don't trust us just because we say so, but because of our certifications. Remember that certifications must be issued by accredited certifying entities, such as AENOR. If you are comparing suppliers, always ask for the official certificate documents and check that the information matches that of the accredited certifying company's website.
We have several levels of service depending on the guarantees and support you need. The basic level of service is self-managed. In the other levels, our support team takes care of everything to make your vote a success.
No, Kuorum is a software as a service (SaaS) in the cloud.
Yes, we integrate with third party identification services through SAML and OAuth2 if you need it.
Kuorum is the most usable tool on the market. Our incident rates are below 1% with voter populations of all ages.
Yes, with your service you can hire support hours outside office hours or on weekends.
Yes, our premium service level includes telephone attention to your voters through a standard rate phone.
Yes, we have served voters in more than 150 countries.
No, there are several voting streams with different levels of identification security and it is possible to configure a ballot to support voting by participants without e-mail.
No, there are several voting streams with different levels of identification security and it is possible to configure a vote to support voting by participants without a cell phone.
Yes, it is the most frequent.
Yes, the voting configuration in Kuorum is very versatile and also allows the secret ballot option.
Yes, voting with Kuorum supports proxy voting with and without voting instructions.
Yes, voting with Kuorum supports weighted voting.
The representative only needs to vote once and can distribute the votes of the different persons (or companies) among the different response options.
To the customer. Kuorum is merely a technology supplier.
Yes, we sign with all our clients a Data Processing Agreement in accordance with the RGPD and data protection regulations. In addition, as part of our certifications, we are audited every year for compliance with this standard.
The world's largest technology companies endorse us
This is how we can help you
Our clients get more participation with less effort
"Kuorum is the kind of service we like to count on. It is ISO 27001 and 9001 certified and has exceptional support services. Our users congratulate us on our choice."
At Kuorum we help people around the world make collective decisions that matter. Tell us your goals and we'll tell you how we can help.