Benefits and Risks

of

Electronic Elections

Carsten Schürmann

IT University of Copenhagen

Electronic Elections

Diebold AccuVote-TS

Privacy? Correctness?[Di Franco, Petro, Shear, Vladimirov 2001]

Trust Trustworthiness

• Personal perception

– Accurate vote

– Representative vote

• Justifications

– Secrecy

– Collective tallying

– Possibility to recount

– Stabilized election

process

– Official polling stations

• Property of the process

– Design

– Implementation

• Reasons

– Physical properties of

vote casting space

– Strict rules

– Rigorous enforcement

– Self policing tallying

– Physical nature of votes

Hypothesis

It is possible to modernize

the electoral process, while balancing

the trust of the people on the

trustworthiness of the deployed

technology

[DemTech Proposal, submitted]

Risk #1: Erosion of Trust of Voters

Daniel Fischer, Memento (1995)

Mattress Factory, Pittsburgh

Risk #2: What Does the Machine Do?

Risk #3: No Small Change

800 000 000

transistors

86 000 000

lines of code

Risk #4: Technology

Don’t fix it if it ain’t

broken

?

Benefit #1: Modernize the

Democratic Process

Attractive for younger

generations

Promises higher voter

turnout

New opportunities for

the handicapped

Benefit #2: Economic Incentives

Cheaper elections?

Anticipate challenges in

staffing polling stations

Ideally more precise,

faster results

Can we afford not to

do it

?

The Situation in Denmark

• Denmark to allow an internet election for the

meninghedsråd in 2008

• Ministry of Interior disallows use/test of

electronic equipment for municipal elections in

2008

• Internet elections for Ældreråd, Integrationsråd,

Ungdomsvalg, Frederiksberg, since 2004

• Several municipalities show renewed interest in

electronic voting equipment in 2010

Understanding Trust

Coleman. Foundations of Social Theory ’95

Naive Automation

Software Independence

A voting system is software-independent if an

undetected change or error in its software

cannot cause an undetectable change or error

in an election outcome.

Rivest, Ron and Wack, John (2006) On

the notion of "software independence"

in voting systems

“State of the Art”

The vote casting device is a computer, but not a general

purpose one. It, and its software, should be as

absolutely simple as possible. It should not be nearly as

complex as a standard PC, for example. It needs only a

touch screen, a slow processor and bus, minimal

working RAM, and only one or two kinds of I/O port

(e.g. serial, USB, or PCMCIA); it needs no rotating

storage devices, no network card, no sound card

(except for units for the handicapped), no advanced

graphics, and no clock, no keyboard, and no mouse.

[Bruck, Jeffersen, Rivest, 2001]

Accountability

• Information Security

• Programming Language

Technology

• Cryptography

Accountability

A Successful Election

• University Board Election 2007

• 1000 Students eligible

• 70 voters

• One election maschine

• Detailed study about the the trust perception

among the voters

[Lewinsky, Selsøe Sørensen,

2008]

Conclusion

• Denmark has a well-working democratic process

• Electronic elections will come

• Information Technology/Computer Science has

an enormous socio-technological responsibility

• I am convinced that we can build something

– that is trustworthy by design

– and eventually trusted by the voters

• It is going to be a challenge to do it right