The ruling of the German Federal
Constitutional Court and its
technical consequences on eVoting
Alexander Prosser
http://e-voting.at

A real issue:

Finland 2008: ~ 200 evotes “disappeared”,
     election had to be repeated on paper


 ...
http://e-voting.at


U.K. 2007: Software support staff manually
     edited ballots as they would not fit into the countin...
http://e-voting.at


Austria 2009: Head of election committee at student
      union elections boarded a fire fighting veh...
http://e-voting.at




How can something inherently unobservable be

made observable and hence auditable ?




           ...
http://e-voting.at




© futurezone.orf.at 28.5.2009 (c) Günther Hack

                                                 6
http://e-voting.at




© futurezone.orf.at 28.5.2009 (c) Günther Hack

                                                 7
http://e-voting.at




© futurezone.orf.at 28.5.2009 (c) Günther Hack

                                                 8
http://e-voting.at

Germany: Federal elections 2005,
     ~2m voters cast votes with election terminals in
     polling st...
http://e-voting.at

BMI: Public could observe how election
     staff copied the result computed by the machine into
     ...
http://e-voting.at

Court Ruling:


     - Barred the voting terminals used


     - Decree enabling their use nullified

...
http://e-voting.at

Court did not pursue the complaints regarding
       publication of source code and certification repo...
http://e-voting.at




        What does this mean for Internet voting ?




                                             ...
http://e-voting.at

 “Voter must reliably ascertain that his vote
 was counted and included in the tally correctly”



  I...
http://e-voting.at

Voter must reliably ascertain that his vote
was counted and included in the tally correctly

       Gl...
http://e-voting.at

Manipulation protection:


       Who can manipulate what ?




                                   16
http://e-voting.at

  What?                A single vote   The votes of a   The entire
  Who?                             ...
http://e-voting.at

Avoid common pitfalls:
1. Single point of manipulation
                     Public key of the ballot b...
http://e-voting.at




                     Public key of the ballot box


                                          Mixer...
http://e-voting.at




                     Public key of the ballot box


                                          Mixer...
http://e-voting.at

    The mixer‘s „election result“


                     Public key of the ballot box


              ...
http://e-voting.at


                                                Suppressed

                     Public key of the ba...
http://e-voting.at




                     Public key of the ballot box


                                          Mixer...
http://e-voting.at

Avoid common pitfalls:
2. Beware of the paper analogy




                                 24
http://e-voting.at




                 (1) Encryption




         (2) Digital
         signature




                   ...
http://e-voting.at




                 (1) Encryption




         (2) Digital
         signature                   (5) T...
http://e-voting.at




                 (1) Encryption




         (2) Digital
         signature                   (5) T...
http://e-voting.at


What is required ?

Independent verification of voting right

Authentication of ballots while maintai...
http://e-voting.at




Alexander Prosser
Univ. Economics and Business, Vienna
prosser@wu.ac.at
http://e-voting.at




    ...
Upcoming SlideShare
Loading in …5
×

The ruling of the German Federal Constitutional Court and its technical consequences on eVoting

717
-1

Published on

Alexander Prosser, Univ. Economics and Business, Vienna

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
717
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The ruling of the German Federal Constitutional Court and its technical consequences on eVoting

  1. 1. The ruling of the German Federal Constitutional Court and its technical consequences on eVoting Alexander Prosser
  2. 2. http://e-voting.at A real issue: Finland 2008: ~ 200 evotes “disappeared”, election had to be repeated on paper Step Step Step Step Audit Audit Audit => Could indicate failure in audit trail 2
  3. 3. http://e-voting.at U.K. 2007: Software support staff manually edited ballots as they would not fit into the counting software. Key processes were performed on vendor- supplied notebook computers by support staff ibid: Unaccounted data transfers by USB sticks during the ongoing election => Loss of control by election authorities ? 3
  4. 4. http://e-voting.at Austria 2009: Head of election committee at student union elections boarded a fire fighting vehicle accompanied by an armed guard to take computer disks to erasure. Data could have allowed match voter – vote.* ibid: Independent recount was not possible “We are at the mercy of the technicians” “I am convinced, I believe them”* * derstandard.at 24.6.2009, my translation 4
  5. 5. http://e-voting.at How can something inherently unobservable be made observable and hence auditable ? 5
  6. 6. http://e-voting.at © futurezone.orf.at 28.5.2009 (c) Günther Hack 6
  7. 7. http://e-voting.at © futurezone.orf.at 28.5.2009 (c) Günther Hack 7
  8. 8. http://e-voting.at © futurezone.orf.at 28.5.2009 (c) Günther Hack 8
  9. 9. http://e-voting.at Germany: Federal elections 2005, ~2m voters cast votes with election terminals in polling stations. Complaints alleged massive lack of auditability, that voters were unable to verify that their votes were counted correctly, that the Public was not able to follow election procedures. 9
  10. 10. http://e-voting.at BMI: Public could observe how election staff copied the result computed by the machine into their tally. Also, machines were certified by PTB, Berlin Complaints: Neither source code nor certification report were published The certification report for the Austrian student union pilot was not published. U.K. typically publishes such reports, recently also the U.S. 10
  11. 11. http://e-voting.at Court Ruling: - Barred the voting terminals used - Decree enabling their use nullified - Voter must reliably ascertain that his vote was counted and included in the tally correctly 11
  12. 12. http://e-voting.at Court did not pursue the complaints regarding publication of source code and certification report => They do “not decisively contribute to achieve the constitutional level of verifiability and reproducibility of the election results”* Contradicts the mainstream in evoting community. => The election, not the software has to be auditable * my translation 12
  13. 13. http://e-voting.at What does this mean for Internet voting ? 13
  14. 14. http://e-voting.at “Voter must reliably ascertain that his vote was counted and included in the tally correctly” Individual verification Global verification Useless Dangerous Either you can verify how your vote was counted or not. 14
  15. 15. http://e-voting.at Voter must reliably ascertain that his vote was counted and included in the tally correctly Global verification - Ballot box initially empty? - Can only authenticated voters vote? - Can they submit but one vote? - Only rightfully submitted votes in ballot box? - Ballot box under control of election committee? - No votes added to the count? - All votes counted? - Does election committee decide on how to count the votes? - …. 15
  16. 16. http://e-voting.at Manipulation protection: Who can manipulate what ? 16
  17. 17. http://e-voting.at What? A single vote The votes of a The entire Who? unit (ward, election constituency) A single entity Worst case Coalition involving the voter Coalition not involving election committee Coalition with committee member/s The election committee and resp. voter/s Best case 17
  18. 18. http://e-voting.at Avoid common pitfalls: 1. Single point of manipulation Public key of the ballot box Mixer Voter (1) Public key of the mixer (2) 18
  19. 19. http://e-voting.at Public key of the ballot box Mixer (4) Voter (1) (3) Public key of the mixer (2) 19
  20. 20. http://e-voting.at Public key of the ballot box Mixer (4) Voter (1) (5) (3) (6) Public key of the mixer (2) 20
  21. 21. http://e-voting.at The mixer‘s „election result“ Public key of the ballot box Mixer (4) Voter (1) (3) Public key of the mixer (2) 21
  22. 22. http://e-voting.at Suppressed Public key of the ballot box Mixer (4) Voter (1) (3) Public key of the mixer (2) 22
  23. 23. http://e-voting.at Public key of the ballot box Mixer (4) Voter (1) (5) (3) (6) Public key of the mixer (2) 23
  24. 24. http://e-voting.at Avoid common pitfalls: 2. Beware of the paper analogy 24
  25. 25. http://e-voting.at (1) Encryption (2) Digital signature Encrypted vote (3) Vote cast Digital signature 25
  26. 26. http://e-voting.at (1) Encryption (2) Digital signature (5) Transfer of authority E-votes Results Encrypted vote (6) Decryption and counting (3) Vote cast Digital signature (4) Signature verification 26
  27. 27. http://e-voting.at (1) Encryption (2) Digital signature (5) Transfer of authority E-votes Results Encrypted vote (6) Decryption and counting (3) Vote cast Digital signature (4) Signature verification 27
  28. 28. http://e-voting.at What is required ? Independent verification of voting right Authentication of ballots while maintaining voting secrecy => Requires anonymization of the vote before, not after submission Control by the election committee Independent recounts 28
  29. 29. http://e-voting.at Alexander Prosser Univ. Economics and Business, Vienna prosser@wu.ac.at http://e-voting.at 29

×