Internet choice

from Wikipedia, the free encyclopedia

E-government

    democracy

  participation

    E-democracy

  E-participation

E-administration
For executive, legislative, judicial, administration and citizens, residents, organizations, companies
(e- service public ) including:

Electronic voting

ICT systems

As I voting , internet voting or remote e-voting - ( s ) internet voting (i-voting) - designated (e) to the electronic form of a vote , elections or polls , over the Internet . The I-voting described here is an alternative to (a further development of) voting using a voting computer located in the polling station (USA). Today, i-voting is part of more modern e-voting ICT systems (and also e-democracy ).

With all e-voting systems, including I-voting, the challenges lie in maintaining voting secrecy while at the same time ensuring that the voting process can be traced and falsified . Most of the I-Voting projects currently aim to offer voters who live abroad a simple option. I-voting is also intended to increase political participation, especially among young people, and enable more cost-effective elections as well as faster evaluation.

Internet voting systems and initiatives

Early systems

Early I-voting systems from the 1990s are “Sensus” by Lorrie Faith Cranor and “E-Vox” by Mark Herschberg.

Germany

Since 2001 the German federal government has been pursuing the goal of gradually introducing internet-based parliamentary elections. To this end, a working group was set up in the Federal Ministry of the Interior in October 2000. Before the federal elections, originally planned for 2006, the polling stations should first be networked with one another.

The “Research Group Internet Elections” under the leadership of research director Prof. Dr. Dieter Otten , MA (University of Osnabrück) pioneered the study of the possibilities of running elections over the Internet. With the developed system "i-vote", which uses a blind authentication process, online elections for the student parliament at the University of Osnabrück (2001), a staff council election in the State Office for Data Processing and Statistics Brandenburg (2002), a works council election with networked polling stations at Telekom Subsidiary T-Systems CSM (2002), elections to the board of directors carried out electronically as a face-to-face election at the Brandenburg City and Municipal Association (2004) and board elections for the Weimar District (2005). Most recently, the Internet Elections research group was involved in the WIEN research project (voting in electronic networks) funded by the Federal Ministry of Economics, which researched the feasibility of extra-parliamentary elections over the Internet. The research project VIENNA has been the sole responsibility of T-Systems Enterprise Services GmbH since the beginning of 2005.

On 3 March 2009 the Second Senate precipitated the Federal Constitutional Court an opinion on the use of voting machines for federal elections: Accordingly, the use of sets of electronic voting machines requires that the essential steps of the voting and results analysis can be verified reliably by civil and without special expertise. The court comes to the conclusion that this requirement cannot be met in the near future. In principle, his reasoning can be applied to all election processes that must be carried out in secret according to Section 15 (2) of the Political Parties Act .

Votes can also be carried out secretly (in part upon request). The considerations of the Federal Constitutional Court apply analogously to secret votes.

Estonia

On October 16, 2005, Estonia was the first country in the world to approve and vote in local elections for the first time using i-voting. It was possible for the voters to cast their votes both via the Internet and on permanently installed voting machines. Contrary to widespread opinion, the proportion of votes cast electronically in the JÕGEVA constituency was 20%, which was not as high as expected.

A major point of criticism in this election was and is the fact that the votes cast could be 'corrected' or changed by the voters themselves. The principle of voting was based on a voting card with a personal identification number and PIN, which were necessary for access and authorization to vote. However, with regard to voting secrecy and the obligation to make a one-off decision within a ballot, it is questionable whether these options have not violated voting secrecy, since without saving the vote and the associated ID, a subsequent change in the vote and thus a correct counting of the votes Voting is not possible.

Overall, the turnout for I-voting in the individual districts was between 10.5% (Virumaa) and the above-mentioned 20%. In view of the existing infrastructure in the country and the possibilities of access to i-voting devices (whether via the Internet or in polling stations), however, one can speak of a successful attempt to also use i-voting in state elections.

In the parliamentary elections in 2015, the total turnout was 64%, with around 19.6% of the voters casting their vote via i-voting.

Switzerland

Internet voting as part of electronic voting

Since 2003, Switzerland has had a legal basis for “attempts to cast electronic votes limited in terms of location, time and subject matter ” - in Switzerland for votes that take place every three months (municipality, canton, federal government - see also “ balloting ”) and, as in others Countries customary to hold elections every four years. On September 26, 2004, the so-called electronic vote was tested for the first time as part of a federal vote. The pilot test was carried out in the Geneva municipalities of Anières, Cologny, Carouge and Meyrin and went completely smoothly. A total of 21.8% of those eligible to vote in these communities cast their votes via the Internet. By the end of 2005, a total of five pilot tests with electronic voting had been carried out as part of federal votes. Numerous other attempts were made at the communal and cantonal level. All pilot tests ran smoothly and without any breakdowns. In the opinion of the Swiss Federal Council , these attempts are the first step on the long road towards an electronic vote .

On May 31, 2006, the Federal Council adopted the “Report on the pilot projects for electronic voting” and confirmed that it would like to introduce electronic voting in stages. On the same day he referred the business to parliament. An amendment to the law and ordinance that came into force on January 1, 2008, has established the new standards for I-voting.

  • Trials are being expanded and new cantons can participate
  • 2007–2011: A maximum of 10% of the voters are allowed to exercise their democratic rights electronically
  • After 5 successful votes without problems, an application can be submitted and the number of voters increased.
  • The aim is to involve the Swiss abroad. To do this, the electoral registers in the cantons must first be harmonized.

The Vote électronique consortium was abandoned in 2015. The costs for the necessary security updates for such systems are too high. The system is used by six cantons (as of November 2018). Three other cantons use the competing product of the Post , which uses the system of the Spanish company Scytl.

SMS election University of Zurich

Elections to the Student Council of the University of Zurich have been held for years via the Internet and SMS. The official e-voting platform of the Canton of Zurich was used until 2006 . The election in winter 2006 had to be declared invalid by the election administration and was repeated in January 2007. The reason for this was a computer science error within the University of Zurich. This error was only noticed because several students complained about incorrect voting cards.

United States

In the US in the 2004 presidential elections tests were carried out with an online voting system called SERVE. The project was funded by the US Department of Defense belonging Federal Voting Assistance Program commissioned and managed by the company Accenture conducted. Americans living overseas and uniformed workers (military) including family members could vote online. A team of experts commissioned to check the security of the system as part of the experiment advised urgently to stop the project and, in their analysis, came to the conclusion that under the given conditions, secure internet access is currently impossible. Since then, efforts towards Internet elections in the US have been suspended indefinitely.

Cryptology

Election protocols have been researched in cryptology for more than twenty years . The challenge here is that these election protocols should meet as many requirements as possible, some of which are (apparently) contradicting one another. These requirements include:

  • Compliance with voting secrecy : it must not be possible to assign his vote to his person without the assistance of the voter. A simple separation of the election server and urn server does not meet this requirement, since the voters can be identified through collaboration between the two.
  • No receipts : After the election, the voter may not be able to prove what he has cast his vote for.
  • Immediacy of choice
  • Generality of choice : There must not be any technical restrictions on the group of people entitled to vote.
  • high robustness : the failure of any subsystem must not hinder the determination of the results.
  • Authentication : The identity of the voter must be reliably verified.
  • Correctness : A correct election result must be determined.
  • Transmission integrity : It must be ensured that the voting slips cannot be manipulated when they are transmitted.
  • Non- reproducibility: It must be ensured that ballot papers cannot be reproduced.
  • Individual verifiability : Individual voters can mathematically check the count of their vote.
  • Universal verifiability : anyone can mathematically check the correctness of the overall result.
  • Low communication complexity : As little data as possible is transmitted between the individual parties,
  • low computational complexity
  • High scalability : With a linear increase in the number of voters, the hardware costs also increase only linearly, if possible. H. the voting software can be easily distributed over many computers.
  • high flexibility of the ballot format: not only single multiple-choice votes, but also any data formats (at the request of the electoral authorities).
  • Location and hardware independence : The protocol allows selection from any PC with an Internet connection. No special hardware is required for voting, such as B. Chip card reader necessary.

A very large number of different protocols have been developed, which can usually be roughly divided into classes of completely different procedures:

  • decentralized protocols : There are no central election servers here. These protocols are characterized by a very high level of communication complexity.
  • Conventional protocols : These protocols determine the result in the most direct and simple way possible, which is based on the procedure of paper elections and use standard public key cryptography procedures for this. These protocols rely on the trustworthiness of the electoral authorities involved, both for the correctness of the determination of the results and for compliance with voting secrecy. Voters and third party network participants can, however, be malicious without endangering the correct determination of results or the observance of election secrecy. Protocols of this type do not limit the complexity of the voting structure.
  • Protocols based on blind signature processes : Blind signature processes use anonymous channels to send ballot papers. Completed, encrypted and signed ballot papers are sent to an electoral authority, which checks the eligibility for voting. If this is given, it blindly signs the encrypted ballot slip already signed by the voter and sends it back to the voter. The voter removes his personal signature and sends the now encrypted ballot slip, which has been blindly signed by the voting authority, to the voting authority. This checks the voting authorization signature, decrypts the ballot and counts the vote. If an anonymous channel is actually used and it can be ruled out that the first electoral authority can secretly equip its blind signature with a voter-identifying tag, with this class of protocol the observance of electoral secrecy is in fact independent of the trustworthiness of the electoral authorities, voters and third parties Network participants guaranteed. However, these types of protocols do not offer universal verifiability of results. In addition, the completed ballot slip can be irretrievably lost if it has already been blindly signed but has not yet been submitted to the voting authority and the voter's computer fails.
  • Protocols based on mixing : In this class of protocols, anonymity is established by adding a number of mixers to the communication channel that swap the order of the incoming ballots. Mix networks can have universal verifiability, simultaneous absence of receipts and compliance with voting secrecy. However, the absence of receipts can only be guaranteed if only a yes / no question is to be voted on, as otherwise markings by the voter are possible and these can be viewed by everyone through the publication.
  • Protocols based on homomorphic encryption : These types of protocols use homomorphic encryption so that the electoral authorities can add up the encrypted ballot papers and finally decrypt the encrypted end result obtained in order to arrive at the result. This process can be traced back to anyone if the encrypted individual ballot papers are published on a black board. In this way, protocols based on homomorphic encryption can achieve universal verifiability. If anonymous channels are used, a simultaneous absence of acknowledgment can be achieved. However, it is in the nature of homomorphic encryption that this method can only be used for ballot papers, the result of which can be determined additively.

Since different protocols have different properties, there is unfortunately no optimal election protocol that would be equally suitable for all I-voting applications.

safety

Depending on the purpose of the I-Voting system, the security of the correct determination of results and the observance of voting secrecy are to be viewed as differently critical. The following aspects may need to be taken into account:

  • The protocol used must ensure the anonymity of the voter. The voter may not be able to prove his election later (no receipt). Third parties must not be able to break voting secrecy. The election authorities and the administrators of any central election servers must not be able to break the election secrecy.
  • The protocol used must ensure the correctness of the result. Neither voters, third parties nor the administrators of any central election servers must be able to prevent the determination of the correct election result.
  • The protocol used must allow universal verifiability of the result so that it is guaranteed that every voter can gain confidence in the result.
  • A security problem with Internet voting that is difficult to control is the security of the client computers. It must be ensured that the voter's PC or input device actually submits the voting slip in the way the voter has filled it out and is displayed. Otherwise, the voters' PCs could be attacked en masse in an automated manner and thus the election result could be falsified at will without a security gap in the election software or in the system software of the central election server having to be present. This can e.g. B. can be achieved with the use of chip cards , but only if it is ensured that the readers only use card readers that have their own keyboard and display and that the voting slip is encrypted on the chip card. Another possibility is the installation of the voting client software on a self-booting CD, if it is possible to get this CD to run with all the hardware configurations used by the voters.
  • As long as a universally verifiable election protocol is not used, it must be ensured that the system software used (operating system, compiler, etc.) of the central election server does not have any security gaps, and that the election software in general and the protocol used in particular have no security gaps. This can be an extremely difficult task.
  • In the case of particularly critical elections (such as federal elections ), it must also be ensured that the voters actually have confidence in the security measures taken if they should actually accept the result. This, too, can be an enormously difficult task given the technical complexity.

Legal Aspects

From a legal point of view, it is also quite controversial whether electronic voting via the Internet is a counterpart to postal voting . The postal vote itself is already in conflict with the mandatory voting secrecy in the constitution and this is actually only permitted in exceptional cases if there are special reasons. Important reasons are, for example, the absence from the electoral district for an important reason (which strictly speaking does not include vacation), the physical inability to go to the polling station or some other serious hindrance. In most cases, however, this is not seen as narrowly as one does not want to make it difficult or even deny the electorate to exercise his right to vote .

Security problems could even lead to a violation of the principle of equality of choice guaranteed in the Basic Law and thus to considerable constitutional problems.

Political Aspects

The following political arguments are often made for / against the use of i-voting systems in state elections:

  • It is controversial whether the election result is falsified if Internet users can vote from home, but the (on average probably less affluent) non-users have to go to a voting point (digital divide).
  • The (possible) simplification of the ballot could increase voter turnout.
  • The (possible) simplification of the ballot could invalidate the voting. Votes could increasingly be cast without reflection (“junk vote”).

Technical aspects

The problem of a potential denial of service attack on the election has not yet been resolved.

See also

literature

  • Hubertus Buchstein , Harald Neymanns (ed.): Online elections , leske + budrich, ISBN 3-8100-3380-4
  • Germann, Micha and Uwe Serdäne (2014) Internet Voting for Expatriates: The Swiss Case, JeDEM - eJournal of eDemocracy & Open Government 6 (2), 197-215.
  • Ulrich Karpen: Electronic elections? , Nomos, 2005, ISBN 3-8329-1249-5
  • Norbert Kersting: Online Elections in International Comparison , in: From Politics and Contemporary History (B 18/2004), Ed .: Federal Center for Political Education
  • Robert Krimmer (Ed.): Electronic Voting 2006 , GI Verlag, P-86, 2006, 252 pages, ISBN 3-88579-180-3
  • Christopher Lauer : SPD: Who will Putin vote? Why the online vote on the new SPD chairman is not safe, prone to failure, an invitation to all hackers and therefore completely pointless : In: Frankfurter Allgemeine Sonntagszeitung , October 20, 2019, p. 42
  • Alexander Prosser (Hrsg.), Robert Krimmer (Hrsg.): Electronic Voting in Europe - Technology, Law, Politics and Society , GI Verlag, P-47, 2004, 183 pages, ISBN 3-88579-376-8 , download at www.e-voting.cc ( Memento from February 16, 2009 in the Internet Archive )
  • Dieter Richter, Volker Hartmann, Nils Meißner: Online voting systems for non-parliamentary elections: Catalog of requirements , Physikalisch Technische Bundesanstalt, PTB-8.5-2004-1
  • Serdult, Uwe; Micha Germann; Fernando Mendez; Alicia Portenier and Christoph Wellig (2015) Fifteen Years of Internet Voting in Switzerland: History, Governance and Use, in: Terán, Luis and Andreas Meier, ICEDEG 2015: Second International Conference on eDemocracy & eGovernment, Quito, Ecuador, 8-10 April 2015, IEEE Xplore CFP1527Y-PRT, 126-132, doi: 10.1109 / ICEDEG.2015.7114482
  • Stefan G. Weber: Coercion-Resistant Cryptographic Voting: Implementing Free and Secret Electronic Elections , VDM Verlag, Saarbrücken, 2008, ISBN 978-3-639-04694-6
  • Martin Will: Internet elections: Constitutional possibilities and limits , ISBN 3-415-03082-2

Web links

Individual evidence

  1. ^ Official website of the Sensus project at lorrie.cranor.org
  2. ^ Cryptography and Information Security Group Research Project: Electronic Voting on theory.lcs.mit.edu
  3. BVerfG, judgment of the Second Senate of March 3, 2009 - 2 BvC 3/07 - Rn. (1-163) , on bverfg.de
  4. Bernd Guggenheimer: Estonian Internet voting system ( Memento from October 28, 2016 in the Internet Archive ), on estonia.eu (accessed on October 28, 2016)
  5. Art. 8a of the Federal Act on Political Rights , on admin.ch
  6. ^ Vote électronique, Swiss Federal Chancellery ( Memento of April 8, 2009 in the Internet Archive ).
  7. Florian Imbach: Black day for e-voting in Switzerland. In: srf.ch . November 28, 2018. Retrieved November 29, 2018 .
  8. University of Zurich press release. mediadesk.unizh.ch, December 14, 2006, archived from the original on February 19, 2009 ; accessed on October 28, 2016 .
  9. ^ SERVE - Jefferson / Rubin / Simons / Wagner, 2004
  10. Simon Gölz, Michael P. Heinl, Christoph Bösch: Trustworthy Elections? An overview of current procedures & problems of Internet voting in uncontrolled environments. In: Open Access Repository of the University of Ulm. November 29, 2019, accessed July 26, 2020 .
  11. electronic-wahlen.de ( Memento from June 26, 2004 in the Internet Archive ) (PDF).
  12. Bernd Guggenheimer: "Liquefaction" of politics - what then? - essay . From Politics and Contemporary History , September 10, 2012 (accessed February 11, 2013)