European online voting experiences

Andreu Riera, PhDChairman

Scytl Online World Security S.A.

DIMACS Voting WorkshopRutgers University26-27 May 2004

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

The origin of Scytl

1994: The academic research on e-voting cryptography was initiated at the Universitat Autònoma de Barcelona, with the main goal to balance security and practical feasibility

1996: Completion of the PhD Thesis “Design and Development of a Cryptographic Scheme to Perform Secure Elections over a LAN”

1997: First Internet binding election in Europe (Presidency of the IEEE IT Spanish Chapter)

1999: Completion of the PhD Thesis “Design of Implementable Solutions for Large Scale Electronic Voting Schemes”

2001: Scytl Online World Security is spun-off from the research lab

2001 - 2003: The company receives support and acknowledgement from the Spanish Ministry of Science and Technology, the Catalan Government, the European Commission, …

Scytl’s research team account for more than 20 international scientific publications on e-voting security

1994 2001 2002 20042003

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

Internet voting security

Technical security

measures

ProceduralSecurity

measures

PhysicalSecurity

measures

Auditing

What’s Pnyx?

• Pnyx is a patent-pending (priority date December 2001) security software for e-voting systems

• Pnyx implements a mixing-based application-level cryptographic protocol, in which the mix-net has been substituted by a cryptographic secret sharing scheme

• The main goal of Pnyx is to tunnel the vote casting procedure from the voter all the way to the members of the electoral board through all the technical systems and privileged personnel sitting in between (therefore addressing the “black box” issue)

• Pnyx supports different voter authentication mechanisms, but in any case it assumes an underlying PKI for the electoral roll

• Pnyx provides individual verifiability by voters, and auditability by third parties

• Next version of Pnyx addresses the “virus problem” in the client device (as denounced for example in the SERVE Security Report)

Pnyx protocol overview

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

European approach to Internet voting

• The European Commission is working towards the implementation of Internet voting at the European level

• The Council of Europe is drafting a set of recommendations that will be issued to all Member States

• Some countries are actively testing Internet voting and/or have defined a complete roadmap to deploy Internet voting

• Some countries have run Internet voting experiences and are in the phase of defining an strategy to deploy Internet voting

• In general Internet voting is seen as a way – to modernize electoral processes– to try to increase voter turnout, and – to engage citizens in participatory activities

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

Canton of Neuchâtel

• The perfect example of participatory democracy:– 500 people out of almost 200.000 citizens can request a referendum

– 6/8 binding elections/referenda per year

• 90% of people vote by mail (the voting period lasts approximately one month –one single day in the case of poll-site voting–)

• Internet voting system fully integrated into the Canton’s e-government portal (Guichet Unique Sécurisé)

• One of the very few permanent and binding Internet voting systems in the World

• The project initiated in 2003 as a pilot Canton for the Swiss Federal Government, with the aim of complementing/substituing postal voting

• 20.000 electors in the first phase, who have to collect their voting credentials at their City Hall

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament

of Catalonia• Example 3: Madrid Participa• Concluding remarks

Generalitat de Catalunya (1)

• First Internet voting experience in Spain run in parallel to actual public elections

• Approved (for the first time) by the Central Electoral Commission

• 23.234 citizens were allowed to participate from Argentina, Belgium, Chile, USA and Mexico (“CERA” electoral roll)

• Voting allowed during three days: •Opening: 10:00 November 14th 2003

•Closing: 20:00 November 16th 2003

• Voting kiosks were installed at several Casals Catalans, but also any computer connected to the Internet could be used to cast a vote

• The process was done in front of more than 20 national and international observers, along with several representatives from the Spanish Senate

Generalitat de Catalunya (2)

• The electorate was totally satisfied with the experience and demanded the introduction of binding Internet voting

•In the USA: almost 40% participation rate on real voter participation

•In Mexico: more than 220% of participation rate on real voter participation

•563 surveys were filled by voters, with 216 free-text comments

•97% expressed satisfaction with the experience

•96% felt confident with the e-voting system

•98% considered the e-voting process as easy to use

•98% said they would had used the system to cast binding votes

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

Madrid municipality (1)

• Up to date, the most significant e-participation project in Europe

• All citizens (regardless of their nationality) older than 16 of the central district of Madrid (totalling 120.000 persons) will be asked 3 questions about the municipal priorities for the district

• Multi channel: Internet, kiosks and mobile phones• Official webpage: www.madridparticipa.org

Madrid municipality (2)

Partners

Dates

May 21st

June 14th

June 28-30th

July

Presenting the project

Starting the promotion

Voting

Introducing the preliminary report of the event

Contents

• About Scytl • Scytl’s approach to Internet voting security• Internet voting in Europe• Example 1: The Swiss Canton of Neuchâtel • Example 2: 2003 Elections to the Parliament of

Catalonia• Example 3: Madrid Participa• Concluding remarks

Conclusions

• A number of successful Internet voting experiments have already taken place in several European countries

• The possibility of increasing democratic participation, and of achieving more efficiency in democracy, is taken very seriously; e-democracy is seen as an enabling tool

• The European Union, and every country (at its own pace) are working towards implementing Internet voting in elections and/or in consultations

• The leadership of the European Union could be a definitive step to join individual efforts and speed up the entire process

• A number of countries will deploy Internet voting –for certain segments of the electorate such as citizens living abroad– while poll-site voting will still be completely based on paper (no use of DREs at all)

• Security is a primary concern, but it is seen as something achievable

• E-participation could be the incontestable winner in the short term