A tangible result of the multistakeholder dialogue on Internet governance is the recognition of the universal benefits provided by the information society and a push to e-democracy as a way to strengthen democratic institutions and processes.
One of the areas covered by e-democracy is electronic voting, a generic term that covers a broad spectrum of approaches to modernize the electoral process, from the optical recognition of paper ballots, to direct-recording electronic voting machines, to electronic voting using public networks.
The state of the art is discussed in this video of a lecture given by cryptographer Ron Rivest in October 2015. Providing evidence-based trust and reliability in e-voting is a hard problem, and cryptography and some interesting math can be used to provide convincing evidence that a candidate has really won.
The storyline is clearly laid out, starting with an introduction to security requirements: first of all, votes shall be secret and shall not be sold. For this reason, no receipt shall show how voters cast their ballots. In addition to that, only eligible voters can vote, and only once; even if it is possible to change the vote one or more times before the closure of the elections, only the last vote shall be counted. Finally, the final outcome of the election has to be verifiably correct, to say that it shall be possible to conduct a process through which the vote count can be confirmed and validated.
The discussion of requirements immediately steers the discussion toward software independence, a concept introduced by Rivest and Wack [1] to formalize systems in which an undetected error in the software cannot cause an undetectable change in election outcome. Strong software independence is also defined, to categorize those systems in which it is possible not only to detect but also to correct the detected change or error. This is discussed in the context of existing technologies for electronic voting such as direct-recording electronic (DRE) machines or a voter-verified paper audit trail (VVPAT).
The discussion on auditing starts at 18:15, by explaining two audit paradigms, ballot-polling audits and comparison audits. The general structure of an audit is given and several examples are detailed, such as diffsum, social choice functions, or black box audits (Bayesian, bootstrap, t-pile).
End-to-end (E2E) verifiable voting is explained at 33:53, as a method to provide end-to-end integrity, to mean that votes are cast as intended and verified by a voter, collected as cast and verified by a voter or proxy, and counted as collected and verified by anyone.
Paper ballots have the first propriety, while encryption-enabled E2E systems provide software independence, verifiable chain of custody, and verifiable tally. Their adoption is also discussed in the context of Internet voting (IV), to say that E2E is necessary but not sufficient to deliver trusted IV. The reason is that too many technological risks still hold in terms of malware, denial of service, inadequate authentication, potential for man-in-the-middle attacks, and zero-day attacks to voting servers. Social risk also exists in terms of coercion and vote selling.
The conclusions are that election integrity remains a hard problem and a good research area; E2E verifiable voting methods are the way to go (especially with paper ballots); and trusted IV is a long way off, probably 20 years from now. He is not alone in this thinking, as his opinion matches Barbara Simons’, past ACM President, who said, “Internet voting is unachievable for the foreseeable future and therefore not inevitable” [2].
Rivest, R.; Wack, J. On the notion of "software independence" in voting systems. http://people.csail.mit.edu/rivest/RivestWack-OnTheNotionOfSoftwareIndependenceInVotingSystems.pdf (05/04/2016).
2)
Simons, B.; Jones, D. W. Internet voting in the US. CACM 55, 10(2012), 68–77.http://dx.doi.org/10.1145/2347736.2347754.