Informatics Online Voting Opportunities and Risks STOA Workshop at the European Parliament Brussels,...
20
Informatics Online Voting Opportunities and Risks STOA Workshop at the European Parliament Brussels, 17 March 2011 Prof. Dr. Rüdiger Grimm IT Risk Management Universität Koblenz-Landau
-
Upload
marybeth-hood -
Category
Documents
-
view
213 -
download
0
Transcript of Informatics Online Voting Opportunities and Risks STOA Workshop at the European Parliament Brussels,...
Informatics
Online VotingOpportunities and Risks
STOA Workshop at the European ParliamentBrussels, 17 March 2011
Prof. Dr. Rüdiger GrimmIT Risk Management
Universität Koblenz-Landau
Informatics
Grimm 2011: Online Voting 2/20
Agenda
• How it is today• Security concern• Trust challenge• Solution
Informatics
Grimm 2011: Online Voting 3/20
Legally Binding Internet Elections in Europe in 2011• Switzerland
– Legally binding internet elections in February 2011 for all cantons
– since 2002, pilots in Zürich, Neuenburg and Geneva
• Norway– legally binding municipal elections in 2011– Internet voting and paper-ballot voting– voter can recast his/her electronic vote multiple times– terminal voting overrides Internet voting – paper votes override electronic votes– open source system (ErgoGroup & Scytl)– cryptographic protocol integrated into high school maths
Informatics
Grimm 2011: Online Voting 4/20
Legally Binding Internet Elections in Europe in 2011• Estonia
– legally binding Internet elections since 2005– Internet voting and paper-ballot voting– voter can recast his/her electronic vote multiple times– newer electronic vote overrides older vote– paper vote overrides electronic vote– new for elections in March 2011: mobile authentication
Informatics
Grimm 2011: Online Voting 5/20
Estonia
2005Local Elections
2007Parliamentary
Elections
2009European
Parliament Elections
2009Local Elections
Eligible voters
1.059.292 897.243 909.628 1.094.317
Participating voters 502.504 555.463 399.181 662.813
Voter turnouts
47,4% 61,9% 43,9% 60,6%
I-Voters 9.317 30.275 58.669 104.413
I-Voters among eligible voters 0,9% 3,4% 6,5% 9,5%
I-Voters among participating voters
1,9% 5,5% 14,7% 15,8%
[http://www.vvk.ee/voting-methods-in-estonia/engindex/statistics, 04.03.2011]
kh
Voter turnout for Parliamentary Elections before I-Voting:200358%
Informatics
Grimm 2011: Online Voting 6/20
Online voting out there in the world
• …• France, French citizens abroad, 2003 tests• The Netherlands, citizens abroad• Germany, more than 30 real voting in private
area• UK, tests 2002, 2003, 2007• Portugal, 2004 EU and 2005 Parliament Tests• Austria, since 2003, voting in academic area and
for citizens abroad• … and a lot more in the USA
Informatics
Grimm 2011: Online Voting 7/20
Online voting systems in use
• Polyas, Germany– Association of Computer Science (GI) Bodies– Research Funding Association (DFG) Bodies
• Helios, USA/Belgium – Undergraduate Student Government at Princeton in Spring 2011– Student elections at the Université catholique de Louvain in 2010– International Association for Cryptologic Research (IACR) in 2010
• voter turnout ~30% (compared to ~20% with paper-based elections)
– Presidential election at the Université catholique de Louvain in 2009
• Many more for research and demonstration– Bingo, ThreeBallot, Prêt à Voter, Punchscan, …
grimm
Ben Adida, Lawrence Lessig (Harvard), Olivier Pereira (Louvain)
Informatics
Grimm 2011: Online Voting 8/20
Classical advantage
• Ubiquity and 24-7• Seamless integration in everyday communication,
esp. of Internet generation• Easy-to-use, also for complex applications
Increase of participation
Informatics
Grimm 2011: Online Voting 9/20
0
5000
10000
15000
20000
25000
1998 2000 2002 2004 2006 2008 2010 2012
Abgegebene Stimmen
Wahlberechtigte
Participation in GI Board Elections
Casted Votes
Registered Voters
Online
Online
Participation
13,7%
24,1%
16,9%
20,5%17,5%
Informatics
Grimm 2011: Online Voting 10/20
Agenda
• How it is today• Security Concern• Trust Challenge• Solution
Informatics
Grimm 2011: Online Voting 11/20
Correctness and Anonymity
• Do machines• Does network
• Are our votes• Will our votes remain
• Are there hidden access points for manipulation ??
work as we expect ??
secret ??
Informatics
Grimm 2011: Online Voting 12/20
Security can be provided, technically
• Several solutions for anonymity, e.g., blind signatures and separation of duty
• Organizational approach of protection profile and system security evaluation by Common Criteria
• See BSI basic protection profile and Polyas evaluation
Security is manageable
But How do people KNOW that these security features work?
Informatics
Grimm 2011: Online Voting 13/20
Security can be provided, technically
• But how do people KNOW that these security features work?
• Cars work safely, if they do not crash• Voting systems work safely, if … they do not
crash??• Public relies on experts certification• Is trust in experts’ statement sufficient?• Are there better procedures to feel (see, touch,
experience…) security… and to check correctness?
Informatics
Grimm 2011: Online Voting 14/20
Agenda
• How it is today• Security Concern• Trust Challenge• Solution
Informatics
Grimm 2011: Online Voting 15/20
Verifiability
• March 2009, German Constitutional Law has stated as basic requirement:– Verifiability of voting process by everyone– Even without deeper knowledge of technology
• What is verifiability?– Cast as intended (individually)– Stored as cast (individually, universally)– Tallied as stored (universally)
Informatics
Grimm 2011: Online Voting 16/20
Verification
encrypt
cast ballot
decrypt
recorded-as-cast
cast-as-intended
counted-as-recorded
Informatics
Grimm 2011: Online Voting 17/20
Verification by Bulletin Board
encrypt
cast ballot
decrypt
publish ballots
publish votes
encrypted-as-intended
recorded-as-cast
cast-as-intended
counted-as-recorded
decrypted-as-recorded
Bräunlich/Grimm, 25.2.2011
grimm
kh04.03.2011- Wenn der Wähler überprüft, ob sein Ballot veröffentlicht wurde, dann kann daraus recorded-as-cast geschlussfolgert werden- aus Zero-Knowledge folgt decrypted-as-recorded- aus vergleich der Ergebnisse folgt counted-as-recorded
Informatics
Grimm 2011: Online Voting 18/20
Agenda
• How it is today• Security Concern• Trust Challenge• Solution
Informatics
Grimm 2011: Online Voting 19/20
Solution
• Internet Voting can provide better functionality than paper voting
• Ubiquity and 24-7• Seamless integration in everyday communication,
esp. of Internet generation• Easy-to-use, also for complex applications
– Universal and individual verification– Multiple voting (recast)– Multiple media (paper, terminal, Internet)– Integration with eParticipation
Informatics
Grimm 2011: Online Voting 20/20
References
Johannes Pichler (Hrsg.): Überlegungen zur Hebung demokratischer Partizipation –Provokationen und Optionen. Schriften zur Rechtspolitik, Band 31, Neuer WissenschaftlicherVerlag, Wien, Graz 2010.
Krimmer, Robert; and Grimm, Rüdiger (Eds.): Electronic Voting 2010, 2008, and 2006.Lecture Notes in Informatics, Bonn 2010, 2008, and 2006, resp.
Volkamer, M., Vogt, R.: Common Criteria Protection Profile For Basic Set of SecurityRequirements for Online Voting Products. BSI-CC-PP-0037, Version 1.0, 18. April 2008.http://www.bsi.bund.de/
Estonia: http://www.vvk.ee/voting-methods-in-estonia/engindex/statistics
Helios: http://heliosvoting.org/about-us/
Polyas: http://www.polyas.de/
