SlideShare a Scribd company logo

Skagestein cp hjune2010_static

Christian Wernberg-Tougaard
Christian Wernberg-Tougaard
1 of 15
Download to read offline
Can we trust electronic voting? Why e-voting can not be compared with Internet banking Rådet for større IT-sikkerhet: E-valg i Danmark Copenhagen June 17th 2010 Gerhard Skagestein, University of Oslo University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-1
When netbanking – why not e-voting? $ V S DF K RV SF EL …  The identity of the netbank  The identity of the voter behind a customer is no secret ballot should be kept a secret  The netbank customer can verify  The correct behaviour of an e-voting the correct behaviour of the system is difficult to verify (but there banking system by looking at the are some solutions) account statement  The netbank customer worries  The e-voter worries about his own about his own bank account only ballot, but in addition also all the other ballots  If something should be incorrect,  If something should be proven to the bank can easily fix it be incorrect, the election authorities can probably not easily fix it University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-2
Why do we trust systems? Either: We observe that the system input output behaves as we expect it to do (black box view) Or: The mechanisms in the system are so simple that it is obvious that it will work as we expect it to do (white box view) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-3
What’s so special about computerised systems?  Immensely complicated o handled by “divide and conquer”  Modularisation, layering  Components are used over and over again, for a lot of different purposes  Easily modifiable o Good for flexibility, but bad for trust There is no such thing as a guaranteed safe and correct computerised system (jf. Bruce Schneier: Secret and Lies) … (but there is no such thing as a guaranteed safe and correct non-computerised system, either) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-4
Verifying the e-voting system – Black box Some proposals  Before the election o Verify the behaviour of the system by running artificial ballots through the system  During the election o Give the voter a confirmation that his ballot has arrived unchanged in the electronic ballot box o Introduce ballots from artificial voters and check that they arrive in the electronic ballot box (those ballots will of course not be counted)  After the election o Compare the result of the election with the results of the “exit poll” (valgdagsmåling) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-5
Verifying the e-voting system – White box  Only black-box verification before the election is not sufficient, because the system may be programmed to change behaviour later. Inspecting the critical parts of the internal logic (white-box testing) is necessary  To make white-box verification possible, the mechanisms of the system must be accessible o The programming code of the computerised system o The operative procedures around the computerised system  Verifying the program code requires programming skills o From layman to expert control o Who should be the experts?  The system verified should be the system running  Verifying all modules (including for example the operating system) is unrealistic. Instead, we must build on standardised modules! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-6
An important regulation The Legal, Operational and Technical Standards for E-voting Recommendation Rec(2004)11 adopted by the Committee of Ministers of the Council of Europe (the “Recommendation”) states: I. Transparency 20. Member states shall take steps to ensure that voters understand and have confidence in the e-voting system in use. This means that the verification must be carried out so that it can be observed in some way by the public, or even performed by the public! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-7
Vote casting alternatives E-voting E-voting electronic uncontrolled at home Postal at home voting environments – voting early voting on Election Day E-voting E-voting paper Conventional Conventional in election offices in polling station controlled paper ballot – paper ballot on ballots environments – early voting on Election Day early voting Election Day phase 1 phase 2 (early voting) (Election Day) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-8
Vote casting alternatives E-voting E-voting electronic uncontrolled at home at home voting environments – early voting on Election Day E-voting E-voting controlled in election offices in polling station environments – early voting on Election Day phase 1 phase 2 (early voting) (Election Day) Which alternatives should be allowed – and for which group of voters? University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-9
Identification and authentication of the voter  In an uncontrolled environment, the voter must identify himself to the e-voting system  Identification and authentication of the voter may be done by a generally available PKI-system (citizen identity card) o cheaper that a special purpose election credential o the voter will not be tempted to sell it  The e-ballot may be connected to the voters real identity, or (safer?) to a derived pseudo-identity  But how do we separate the voters identity from his ballot? University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-10
The double envelope principle Encrypted Digitally signed, ballot encrypted ballot Encrypting with Digital signing Ballot the public key of with voter’s election event private key Received e-ballots with digital signature Datanet Verification of Decrypting the voters digital ballots with the signature private key of the election event Encrypted anonymous List of e-voters e-ballots e-ballots to be marked in to be counted the voter register University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-11
The double envelope principle… …ensures (hopefully)  the secrecy and the authenticity of the vote  that the voters identity and the content of the ballot can never be connected University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-12
The danger of compromising the secrecy of the ballot  The double envelope file and the private key of the election must NEVER meet! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-13
Threats  Technical o Falsifying votes by bogus software (especially on home computers) o Compromising voters anonymity and secrecy of vote o Denial of service attacks o Technical breakdown  Social/democratic (in uncontrolled environments) o Questionable anonymity and secrecy o Bargaining votes o Voting subject to coercion (“family voting”) o Voting taken less seriously University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-14
Will I trust electronic voting? Maybe… University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-15

Recommended

A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEM
A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEMA CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEM
A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEMIJNSA Journal
 
Sid
SidSid
Sidmadhuravuri62628442
 
Public Sector Innovation Amcham Eu Wernberg Tougaard
Public Sector Innovation Amcham Eu Wernberg TougaardPublic Sector Innovation Amcham Eu Wernberg Tougaard
Public Sector Innovation Amcham Eu Wernberg TougaardChristian Wernberg-Tougaard
 
Didier bonnet oracle open world presentation on #leading digital - Capgemin...
Didier bonnet oracle open world presentation on #leading digital - Capgemin...Didier bonnet oracle open world presentation on #leading digital - Capgemin...
Didier bonnet oracle open world presentation on #leading digital - Capgemin...Rick Bouter
 
Oracle aplicaciones 3 smart cities concept geoff.
Oracle aplicaciones 3 smart cities concept geoff.Oracle aplicaciones 3 smart cities concept geoff.
Oracle aplicaciones 3 smart cities concept geoff.AppsMk
 
Internet Voting in Estonia Free & Fair Elections (Madise)
Internet Voting in Estonia Free & Fair Elections (Madise)Internet Voting in Estonia Free & Fair Elections (Madise)
Internet Voting in Estonia Free & Fair Elections (Madise)ageor
 
E-Voting Technology
E-Voting TechnologyE-Voting Technology
E-Voting TechnologyGautam Kumar
 
Advantages And Disadvantages Of E-Voting The Estonian Experience
Advantages And Disadvantages Of E-Voting The Estonian ExperienceAdvantages And Disadvantages Of E-Voting The Estonian Experience
Advantages And Disadvantages Of E-Voting The Estonian ExperienceGina Rizzo
 

Recommended

A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEM
A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEMA CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEM
A CONCEPTUAL SECURE BLOCKCHAIN- BASED ELECTRONIC VOTING SYSTEMIJNSA Journal
 
Sid
SidSid
Sidmadhuravuri62628442
 
Public Sector Innovation Amcham Eu Wernberg Tougaard
Public Sector Innovation Amcham Eu Wernberg TougaardPublic Sector Innovation Amcham Eu Wernberg Tougaard
Public Sector Innovation Amcham Eu Wernberg TougaardChristian Wernberg-Tougaard
 
Didier bonnet oracle open world presentation on #leading digital - Capgemin...
Didier bonnet oracle open world presentation on #leading digital - Capgemin...Didier bonnet oracle open world presentation on #leading digital - Capgemin...
Didier bonnet oracle open world presentation on #leading digital - Capgemin...Rick Bouter
 
Oracle aplicaciones 3 smart cities concept geoff.
Oracle aplicaciones 3 smart cities concept geoff.Oracle aplicaciones 3 smart cities concept geoff.
Oracle aplicaciones 3 smart cities concept geoff.AppsMk
 
Internet Voting in Estonia Free & Fair Elections (Madise)
Internet Voting in Estonia Free & Fair Elections (Madise)Internet Voting in Estonia Free & Fair Elections (Madise)
Internet Voting in Estonia Free & Fair Elections (Madise)ageor
 
E-Voting Technology
E-Voting TechnologyE-Voting Technology
E-Voting TechnologyGautam Kumar
 
Advantages And Disadvantages Of E-Voting The Estonian Experience
Advantages And Disadvantages Of E-Voting The Estonian ExperienceAdvantages And Disadvantages Of E-Voting The Estonian Experience
Advantages And Disadvantages Of E-Voting The Estonian ExperienceGina Rizzo
 
Robert krimmer reduced
Robert krimmer reducedRobert krimmer reduced
Robert krimmer reducedChristian Wernberg-Tougaard
 
Mobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral SystemMobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral Systemiosrjce
 
E017222736
E017222736E017222736
E017222736IOSR Journals
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting Systemapolama
 
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTIONA MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTIONIJNSA Journal
 
PPT MAATEN.ppt
PPT MAATEN.pptPPT MAATEN.ppt
PPT MAATEN.pptHiraAshfaqSubhan
 
xxx.ppt
xxx.pptxxx.ppt
xxx.pptHiraAshfaqSubhan
 
New Technologies for remote Observation and Verification of electronic Votes
New Technologies for remote Observation and Verification of electronic VotesNew Technologies for remote Observation and Verification of electronic Votes
New Technologies for remote Observation and Verification of electronic VotesDanube University Krems, Centre for E-Governance
 
Electronic voting machine
Electronic voting machine Electronic voting machine
Electronic voting machine SonyKhan8
 
Development of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting SystemDevelopment of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting Systemiosrjce
 
F017333441
F017333441F017333441
F017333441IOSR Journals
 
EVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptxEVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptxPunitaYadav14
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in EstoniaYaroslav Vedmid
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in EstoniaYaroslav Vedmid
 
Estonian E-Voting
Estonian E-VotingEstonian E-Voting
Estonian E-Votingashevch
 
Carsten schürmann eVoting
Carsten schürmann eVotingCarsten schürmann eVoting
Carsten schürmann eVotingChristian Wernberg-Tougaard
 
J010125765
J010125765J010125765
J010125765IOSR Journals
 
Biometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 MicrocontrollerBiometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 MicrocontrollerIOSR Journals
 
How to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting systemHow to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting systemSmartmatic
 
kgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdfkgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdfShubhamGour29
 
Oracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaardOracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaardChristian Wernberg-Tougaard
 
GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014Christian Wernberg-Tougaard
 

More Related Content

Similar to Skagestein cp hjune2010_static

Mobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral SystemMobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral Systemiosrjce
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting Systemapolama
 
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTIONA MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTIONIJNSA Journal
 
Electronic voting machine
Electronic voting machine Electronic voting machine
Electronic voting machine SonyKhan8
 
Development of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting SystemDevelopment of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting Systemiosrjce
 
EVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptxEVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptxPunitaYadav14
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in EstoniaYaroslav Vedmid
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in EstoniaYaroslav Vedmid
 
Estonian E-Voting
Estonian E-VotingEstonian E-Voting
Estonian E-Votingashevch
 
Biometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 MicrocontrollerBiometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 MicrocontrollerIOSR Journals
 
How to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting systemHow to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting systemSmartmatic
 
kgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdfkgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdfShubhamGour29
 

Similar to Skagestein cp hjune2010_static (20)

Robert krimmer reduced
Robert krimmer reducedRobert krimmer reduced
Robert krimmer reduced
 
Mobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral SystemMobile, Secure E - Voting Architecture for the Nigerian Electoral System
Mobile, Secure E - Voting Architecture for the Nigerian Electoral System
 
E017222736
E017222736E017222736
E017222736
 
Online Voting System
Online Voting SystemOnline Voting System
Online Voting System
 
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTIONA MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION
 
PPT MAATEN.ppt
PPT MAATEN.pptPPT MAATEN.ppt
PPT MAATEN.ppt
 
xxx.ppt
xxx.pptxxx.ppt
xxx.ppt
 
New Technologies for remote Observation and Verification of electronic Votes
New Technologies for remote Observation and Verification of electronic VotesNew Technologies for remote Observation and Verification of electronic Votes
New Technologies for remote Observation and Verification of electronic Votes
 
Electronic voting machine
Electronic voting machine Electronic voting machine
Electronic voting machine
 
Development of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting SystemDevelopment of a Global Positioning System-Enabled Electronic Voting System
Development of a Global Positioning System-Enabled Electronic Voting System
 
F017333441
F017333441F017333441
F017333441
 
EVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptxEVM AND PAPER BALLET MACHINE.pptx
EVM AND PAPER BALLET MACHINE.pptx
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in Estonia
 
Internet Voting in Estonia
Internet Voting in EstoniaInternet Voting in Estonia
Internet Voting in Estonia
 
Estonian E-Voting
Estonian E-VotingEstonian E-Voting
Estonian E-Voting
 
Carsten schürmann eVoting
Carsten schürmann eVotingCarsten schürmann eVoting
Carsten schürmann eVoting
 
J010125765
J010125765J010125765
J010125765
 
Biometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 MicrocontrollerBiometric System Based Electronic Voting Machine Using Arm9 Microcontroller
Biometric System Based Electronic Voting Machine Using Arm9 Microcontroller
 
How to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting systemHow to vote in Estonia with the i-voting system
How to vote in Estonia with the i-voting system
 
kgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdfkgec-projectnew-150802134711-lva1-app6892.pdf
kgec-projectnew-150802134711-lva1-app6892.pdf
 

More from Christian Wernberg-Tougaard

Oracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaardOracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaardChristian Wernberg-Tougaard
 
GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014Christian Wernberg-Tougaard
 
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...Christian Wernberg-Tougaard
 
Keynote Address: Changing Public Sector Through ICT-innovation
Keynote Address: Changing Public Sector Through ICT-innovationKeynote Address: Changing Public Sector Through ICT-innovation
Keynote Address: Changing Public Sector Through ICT-innovationChristian Wernberg-Tougaard
 
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014Christian Wernberg-Tougaard
 
Initial Consideration re eVoting in Denmark 2010
Initial Consideration re eVoting in Denmark 2010Initial Consideration re eVoting in Denmark 2010
Initial Consideration re eVoting in Denmark 2010Christian Wernberg-Tougaard
 
Christian Wernberg-Tougaard eVoting Introduction
Christian Wernberg-Tougaard eVoting IntroductionChristian Wernberg-Tougaard eVoting Introduction
Christian Wernberg-Tougaard eVoting IntroductionChristian Wernberg-Tougaard
 

More from Christian Wernberg-Tougaard (20)

Oracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaardOracle Social Welfare and the Cloud - WernbergTougaard
Oracle Social Welfare and the Cloud - WernbergTougaard
 
GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014GCC Social Security Conference - Ryiadh April 10th 2014
GCC Social Security Conference - Ryiadh April 10th 2014
 
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...
Digitalization of Public Sector: How to LeapFrog with ICT - global best pract...
 
Keynote Address: Changing Public Sector Through ICT-innovation
Keynote Address: Changing Public Sector Through ICT-innovationKeynote Address: Changing Public Sector Through ICT-innovation
Keynote Address: Changing Public Sector Through ICT-innovation
 
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014
ICT-enablement of Minimum Income Support - EU Seminar April 3rd 2014
 
Dr ulrich wiesner
Dr ulrich wiesnerDr ulrich wiesner
Dr ulrich wiesner
 
Agenda
AgendaAgenda
Agenda
 
Jordi barrat
Jordi barratJordi barrat
Jordi barrat
 
Initial Consideration re eVoting in Denmark 2010
Initial Consideration re eVoting in Denmark 2010Initial Consideration re eVoting in Denmark 2010
Initial Consideration re eVoting in Denmark 2010
 
Tarvi martens eVoting Estonia
Tarvi martens eVoting EstoniaTarvi martens eVoting Estonia
Tarvi martens eVoting Estonia
 
Christian Wernberg-Tougaard eVoting Introduction
Christian Wernberg-Tougaard eVoting IntroductionChristian Wernberg-Tougaard eVoting Introduction
Christian Wernberg-Tougaard eVoting Introduction
 
Christian Wernberg-Tougaard eVoting Summary
Christian Wernberg-Tougaard eVoting SummaryChristian Wernberg-Tougaard eVoting Summary
Christian Wernberg-Tougaard eVoting Summary
 
Christian bull eVoting
Christian bull eVoting Christian bull eVoting
Christian bull eVoting
 
VDAB Employment Services
VDAB Employment ServicesVDAB Employment Services
VDAB Employment Services
 
Uwv Werkbedrijf Employment Services
Uwv Werkbedrijf Employment ServicesUwv Werkbedrijf Employment Services
Uwv Werkbedrijf Employment Services
 
Servei De Ocupaci
Servei De OcupaciServei De Ocupaci
Servei De Ocupaci
 
OPA For Unemployment
OPA For UnemploymentOPA For Unemployment
OPA For Unemployment
 
Digital Impact On Labor
Digital Impact On LaborDigital Impact On Labor
Digital Impact On Labor
 
WCC Unemployment Presentation
WCC Unemployment PresentationWCC Unemployment Presentation
WCC Unemployment Presentation
 
Digitizing Social Welfare
Digitizing Social WelfareDigitizing Social Welfare
Digitizing Social Welfare
 

Skagestein cp hjune2010_static

  • 1. Can we trust electronic voting? Why e-voting can not be compared with Internet banking Rådet for større IT-sikkerhet: E-valg i Danmark Copenhagen June 17th 2010 Gerhard Skagestein, University of Oslo University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-1
  • 2. When netbanking – why not e-voting? $ V S DF K RV SF EL …  The identity of the netbank  The identity of the voter behind a customer is no secret ballot should be kept a secret  The netbank customer can verify  The correct behaviour of an e-voting the correct behaviour of the system is difficult to verify (but there banking system by looking at the are some solutions) account statement  The netbank customer worries  The e-voter worries about his own about his own bank account only ballot, but in addition also all the other ballots  If something should be incorrect,  If something should be proven to the bank can easily fix it be incorrect, the election authorities can probably not easily fix it University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-2
  • 3. Why do we trust systems? Either: We observe that the system input output behaves as we expect it to do (black box view) Or: The mechanisms in the system are so simple that it is obvious that it will work as we expect it to do (white box view) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-3
  • 4. What’s so special about computerised systems?  Immensely complicated o handled by “divide and conquer”  Modularisation, layering  Components are used over and over again, for a lot of different purposes  Easily modifiable o Good for flexibility, but bad for trust There is no such thing as a guaranteed safe and correct computerised system (jf. Bruce Schneier: Secret and Lies) … (but there is no such thing as a guaranteed safe and correct non-computerised system, either) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-4
  • 5. Verifying the e-voting system – Black box Some proposals  Before the election o Verify the behaviour of the system by running artificial ballots through the system  During the election o Give the voter a confirmation that his ballot has arrived unchanged in the electronic ballot box o Introduce ballots from artificial voters and check that they arrive in the electronic ballot box (those ballots will of course not be counted)  After the election o Compare the result of the election with the results of the “exit poll” (valgdagsmåling) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-5
  • 6. Verifying the e-voting system – White box  Only black-box verification before the election is not sufficient, because the system may be programmed to change behaviour later. Inspecting the critical parts of the internal logic (white-box testing) is necessary  To make white-box verification possible, the mechanisms of the system must be accessible o The programming code of the computerised system o The operative procedures around the computerised system  Verifying the program code requires programming skills o From layman to expert control o Who should be the experts?  The system verified should be the system running  Verifying all modules (including for example the operating system) is unrealistic. Instead, we must build on standardised modules! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-6
  • 7. An important regulation The Legal, Operational and Technical Standards for E-voting Recommendation Rec(2004)11 adopted by the Committee of Ministers of the Council of Europe (the “Recommendation”) states: I. Transparency 20. Member states shall take steps to ensure that voters understand and have confidence in the e-voting system in use. This means that the verification must be carried out so that it can be observed in some way by the public, or even performed by the public! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-7
  • 8. Vote casting alternatives E-voting E-voting electronic uncontrolled at home Postal at home voting environments – voting early voting on Election Day E-voting E-voting paper Conventional Conventional in election offices in polling station controlled paper ballot – paper ballot on ballots environments – early voting on Election Day early voting Election Day phase 1 phase 2 (early voting) (Election Day) University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-8
  • 9. Vote casting alternatives E-voting E-voting electronic uncontrolled at home at home voting environments – early voting on Election Day E-voting E-voting controlled in election offices in polling station environments – early voting on Election Day phase 1 phase 2 (early voting) (Election Day) Which alternatives should be allowed – and for which group of voters? University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-9
  • 10. Identification and authentication of the voter  In an uncontrolled environment, the voter must identify himself to the e-voting system  Identification and authentication of the voter may be done by a generally available PKI-system (citizen identity card) o cheaper that a special purpose election credential o the voter will not be tempted to sell it  The e-ballot may be connected to the voters real identity, or (safer?) to a derived pseudo-identity  But how do we separate the voters identity from his ballot? University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-10
  • 11. The double envelope principle Encrypted Digitally signed, ballot encrypted ballot Encrypting with Digital signing Ballot the public key of with voter’s election event private key Received e-ballots with digital signature Datanet Verification of Decrypting the voters digital ballots with the signature private key of the election event Encrypted anonymous List of e-voters e-ballots e-ballots to be marked in to be counted the voter register University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-11
  • 12. The double envelope principle… …ensures (hopefully)  the secrecy and the authenticity of the vote  that the voters identity and the content of the ballot can never be connected University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-12
  • 13. The danger of compromising the secrecy of the ballot  The double envelope file and the private key of the election must NEVER meet! University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-13
  • 14. Threats  Technical o Falsifying votes by bogus software (especially on home computers) o Compromising voters anonymity and secrecy of vote o Denial of service attacks o Technical breakdown  Social/democratic (in uncontrolled environments) o Questionable anonymity and secrecy o Bargaining votes o Voting subject to coercion (“family voting”) o Voting taken less seriously University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-14
  • 15. Will I trust electronic voting? Maybe… University of Oslo, Department of informatics – © Gerhard Skagestein June 17th 2010 trusting e-voting-15