e-Voting

A Risk to Democracy

Ulrich Wiesner

www.ulrichwiesner.de

Copenhagen, 17 June 2010

20 years ago...

• Copenhagen Meeting on the Human

Dimensions of the CSCE, 5-29 June 1990

• Adopting as general standard:

– Rule of law

– Free, fair, periodical elections

– ...

– Presence of domestic and international observers

in elections

Topics

• Situation in Germany

• Requirements for democratic elections

• Issues

• Can cryptography fix it?

Convention on International Trade in

Endangered Species, 2010

Testing the Conference E-Voting

• "Could everyone please vote 'Yes' now?“

– 128 Yes, 7 No, 2 Abstain

• "Is Doha the capital of Qatar?“

– 134 Yes, 2 No, 1 Abstain (Cameroon, Croatia, China)

– 135 Yes, 2 Abstain (Nigeria, Azerbaijan)

Source: The Economist, 24 March 2010, http://www.economist.com/blogs/babbage/2010/03/electronic_voting

Why eVoting?

Inappropriate Reasons

• Because it’s cheaper (?)

• Because we’ve already

spent the money on the

equipment

• Because it saves 1 hr of

counting

• „Media attention for

Cologne“

Better Reasons

• Multi-vote elections

(cumulative voting)

• Complex voting schemes

• Multiple races or high

election frequencies

e-Voting: what is the issue?

• Paper based election: white box

• Ballot box is passive device

• No processing: Output is input

• Manipulations need to be conducted under the public’s eyes

• eVoting: black box

• Voting computer is active device

• Output might be input

• Processing not observable

Fraud and errors not observable

• PowerVote • PowerFraud

Raised as issue

•by Commission on Electronic Voting in IE (2003)

•by Korthals Altes commission in NL (2007)

•by Federal Constitutional Court in DE (2009)

Resulted in banning of e-Voting in all three countries

eVoting in Germany

Nedap Voting machines

– 1999 – 2008

– 2M votes in 2005

– 2’000 of 80’000 polling

stations

Digital Pen

– Introduction in Hamburg

abandoned in 2007

– No plans for internet

voting Circle size represents number of polling

stations using computers

Nedap Voting Computer

Digital Pen

• 2D dot pattern, 90 dpi

• Dots are offset in 4 directions (up,

down, left, right)

• Pattern of 6x6 dots provide

coordinates for pen,

• Addresses* 436 squares of 2x2mm2

e.g. 20’000x20’000 km2

• *)Anoto refers to 60M km2

Certification Process until 2009

• Federal Voting Machine Act (unconstitutional)

– Evaluation of sample device by Federal Institute

for Physics and Technology

– Certification of model by Federal Ministry of

Interior

– Permission for use in a specific election by Federal

Ministry of Interior

– No evaluation of individual devices

Principles of Elections

free

equal

general

secret

in public auditable

• Verifiability, transparency and secrecy (procedure)

ensure that elections are free, fair and general (values)

Constitutional Implementation (Germany)

Section 38 (1)

Members of the German Bundestag shall be elected in

general, direct, free, equal, and secret elections. […]

Section 20 (1)

The Federal Republic of Germany is a democratic and

social federal state.

Election Scrutiny

• Complaint to scrutiny

committee of

Bundestag

– Filed Nov 2005

– Rejected Dec 2006

• Complaint to Federal

Constitutional court

– Filed Feb 2007

– Hearing Oct 2008

– Judgement Mar 2009

German Federal Constitutional Court (2 BvC 3/07 – March 2009)

1. The fundamental decision for the principles of democracy, republic and conduct of law require elections to be conducted in a transparent manner.

2. All relevant steps need to be verifiable by the public (unless other constitutional principles require something else)

3. If voting technology is used, all relevant steps of the election and the determination of the result need to be verifiable by any citizen and without any specialist knowledge .

http://www.bundesverfassungsgericht.de/entscheidungen/rs20090303_2bvc000307en.html

Cryptography

Conflicting goals: Secrecy of vote and

transparency/auditability

In e-Voting, you can’t have both

Approach

• What all proposals have in common:

– Ballots have a unique id (random/serial number)

– Voters receive a receipt which contains their vote

in an encrypted form

– All encrypted votes are published

– Voter can verify that his vote is on the list

Cryptography and Elections

• Proposals:– Prêt-à-Voter (P A Ryan, D Chaum, S A Schneider, 2005)

– ThreeBallot (R L Rivest, 2006)

– Scratch & Vote (B Adida, R Rivest, 2006 )

– Punchscan (D Chaum, 2006)

– Scantegrity (D Chaum, 2007)

– Bingo-Voting (J M Bohli, J Müller-Quade, S Röhrich, 2007)

– VoteBox (D Wallach et al, 2007)

– Scantegrity 2 (D Chaum, R Rivest et al, 2008)

Scantegrity 2

• Goal: provide additional security to optical

scanning systems

Candidate C

Candidate B

Candidate A

123456

#123456

Candidate CJ3C

Candidate BW46

Candidate A1AC

123456

#123456

123456 123456

David Chaum et al., 2007

D. Chaum, R. Rivest, et al., 2008

Candidate CJ3C

Candidate B

Candidate A

123456

#123456

123456

prepare hide vote

Bingo Voting

• Preparation Phase

– For each voter, prepare

a random number for

every candidate

(“dummy votes”)

– Commit to

candidate/number pairs

– Commitments are

shuffled and published

on bulletin board

Bulletin BoardJens-Matthias Bohli, Jörn Müller-Quade,

Stefan Röhrich, 2007

Bingo Voting

Receipt #365345

Candidate A 7274005338

Candidate B 4331957287

Candidate C 0683785432

Candidate D 6875191193

Candidate A

6590639838

9833598816

0493602852

1282600713

4765268594

9878973891

3001529408

1796122212

9478710903

0139099844

3381155817

4714748971

...

Candidate B

2520374482

8363113427

4819451232

6198852851

7628033922

4331957287

6730909097

4044134963

9424374180

1707764919

8367481777

6882788475

...

Candidate C

7212101090

1256726340

2108748691

6588916051

3676093186

2907441205

9453541167

9799374379

0683785432

1129607005

5985589286

2959387527

...

Candidate D

0886217910

1929824271

9837776014

5298189700

0499224103

6875191193

9292058742

4839552381

6737547570

7873063572

7767137671

6576688585

...

Bingo Voting

• Voting Phase– Voter selects candidate

– Fresh random number is generated (“Bingo”) and presented to voter

– Machine will print receipt with • fresh random number next

to chosen candidate

• Dummy votes next to other candidates

– Voter verifies that fresh random number is next to the chosen candidate• Voter takes receipt home

for later verification

• Receipt does not allow the voter to proof his vote

Vote for

Candidate A

Bingo Voting

Receipt #365345

Candidate A 7274005338

Candidate B 4331957287

Candidate C 0683785432

Candidate D 6875191193

Bulletin Board

Bingo Voting

• With his vote for Candidate A, the voter reduces the number of remaining dummy votes for all other voters by 1

• At the end of the election, the result can be determined (and verified) by counting the un-used dummy votes.

Bingo Voting

• Post Voting Phase

– Publish results

– Publish all receipts

– List all unused dummy votes and corresponding

commitments

– Prove that every unopened commitment was

used on one receipt

• Makes use of Randomized Partial Checking

Cryptography - Issues

• Implementation

• Usability

• Verifiability

• Complexity

Summary

• Transparency and Verifiability!

– Fundamental feature

– Legitimates elected body

• Trade offs not acceptable:

– Secrecy vs. transparency/verifiability

– Verifiability vs. election efficiency

wahlcomputer@ulrichwiesner.de