Electronic Voting 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5–8, 2021, Proceedings: 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5–8, 2021, Proceedings
Abstract
This book constitutes the proceedings of the 6th International Conference on Electronic Voting, E-Vote-ID 2021, held online -due to COVID -19- in Bregenz, Austria, in October 2021. The 14 full papers presented were carefully reviewed and selected from 55 submissions.
The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, as well as legal, social or political aspects.
ResearchGate has not been able to resolve any citations for this publication.
The aim of the article is to present the opportunities and threats resulting from the implementation of voting via the Internet (i-voting) and to discuss the conditions for effective implementation of this alternative voting procedure on the example of Estonia and Switzerland. Estonia is the only country in the world where i-voting is widely used. In Switzerland, on the other hand, this voting method has been used most often, although its use has been suspended for several years due to legal, infrastructural and political problems. What are the conditions for successfully implementing Internet voting? The attempt to answer this research question was possible thanks to the use of the following research methods: comparative, formal-dogmatic, behavioral and modified historical method. The key conclusion is that the implementation of i-voting must be preceded by many years of political, legal, infrastructural and social activities, and that the created system must be as transparent as possible....... Górny Maciej (2021), I-voting - opportunities and threats. Conditions for the effective implementation of Internet voting on the example of Switzerland and Estonia, Przegląd Politologiczny vol. 1(2021), DOI: 10.14746/pp.2021.26.1.9, pp. 133-146.
New ways of voting in elections are being sought by electoral administrations worldwide who want to reverse declining voter turnouts without increasing electoral budgets. This paper presents a novel approach to cost accounting for multi-channel elections based on local elections in Estonia. By doing so, it addresses an important gap in the academic literature in this field. The authors confirm that internet voting was most cost-efficient voting channel offered to Estonian voters. IMPACT This paper presents a new, proven methodology for calculating the cost-efficiencies of various ways of voting. The authors provide rare data on electoral costs, including costs ranging from stationery to depreciation costs and provide a detailed cost breakdown of activities. The findings will have direct practical implications for electoral management bodies and policy-makers around the world.
Coercive behaviour is hard to control in the remote electronic voting setting. This is why a number of protocols have been proposed that aim at mitigating this threat. However, these proposals have remained largely academic. This paper takes the practical viewpoint and analyses the most common assumptions that are required by the various schemes, together with the exact level of coercion-resistance they provide.
This research focuses on the interrelationship between international standards and e-voting projects. With the rise of e-government activities, a multitude of new international standards is discussed or adopted in conjunction with such innovative reform steps. In order to gain a perception which role international standards dealing with legal, organizational and technical aspects play in national contexts and whether they are actually implemented, this essay specifically examines standards used in e-voting projects, as this area can be clearly distinguished from other e-government projects. Case studies in Estonia, Norway, and Switzerland show that there is a general interest in international sources and that real international standards are considered to be more important and “binding” than private organizations’ standards or other documents. In all three countries, the Council of Europe Recommendation on e-voting, the only real international standard in this field, played a role in the respective e-voting projects, but did not coin all phases. Once the international standards were endorsed as national regulations, they only played a minor role for the continuation of the projects. However, they are used for orientation and evaluation purposes.
In the United Kingdom, natural gas dominates the provision of heating in buildings. In Sweden, oil heating has been largely replaced by district heating and heat pumps. The origins and outcomes of path dependence and lock-in in heat-system evolution can be country specific. Here, we compare case studies of heat transitions in the United Kingdom and Sweden, addressing the question: can path dependency help to understand why these countries have followed different paths in terms of change to their heating infrastructure? In both countries, the development of heating infrastructures can be understood as path-dependent processes, entailing increasing returns to adoption as fuel sources, infrastructures and end-use technologies coevolve such that the overall performance of the system increases. The challenge for policymakers seeking to achieve carbon targets is to consider how to create the conditions to encourage increasing returns to adoption of low-carbon heating solutions.
Political science research suggests that political party communications often have a strong effect on people’s positions on political issues. However, studies on support for nuclear energy have hitherto largely ignored party-political factors, especially in multiparty contexts, focusing instead on psychometric variables such as risk perception, benefit perception, and trust. This article analyzes if and how people use party cues when determining their support for nuclear energy. We conducted a public opinion survey in Belgium in 2015, which is representative for the population on age, gender, education and level of urbanization. Our results indicate that parties have a net-effect on support for nuclear energy although the effect is modest compared to the effects of the psychometric variables. Furthermore, we show that partisan cue taking occurs more amongst voters of parties that have a clear and opposing position on nuclear energy (i.e. the issue owning parties and the policy defending parties). Cue taking voters of these parties became somewhat more extreme in their support for nuclear energy in the direction advocated by their preferred party. Hence, parties seem to have a polarizing impact on public opinion on nuclear energy. Furthermore, partisan cue taking on nuclear energy occurred more amongst respondents more knowledgeable/strongly involved on the issue of nuclear than amongst those less knowledgeable/less involved.
We are presenting the results of the CoDE project in this paper,
where we investigate the costs per vote of different voting channels in Estonian
Local Elections (2017). The elections analyzed involve different processes for
casting a vote: Early Voting at County Centers, Advance Voting at County
Centers, Advance Voting at Ordinary Voting District Committees, Electronic
Voting, Election Day Voting, and Home Voting. Our analysis shows how the
administrative costs per e-vote (an electronic vote) are half the price of the
second cheapest option (Election Day Voting), representing the most costefficient
way of organizing elections, given the conditions of this Case Study.
Otherwise, different forms of convenience voting have much higher costs,
giving us subjects for further discussion on how to organize multichannel
elections.
E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements.
Everyday partisans evaluate policies partly by following partisan cues, fomenting polarization. However, there is debate over the influence of partisan cues in “real-world,” nonlaboratory contexts. An experiment with a real climate change initiative in the 2016 Washington State election tested whether partisan cues influenced climate policy polarization. In a primary study, 504 prospective voters were randomly assigned to view veridical policy endorsements by partisan elites; this study was followed by a preregistered conceptual replication (N = 1,178). Democrats supported the climate policy more than Republicans. But this difference was greater when Democrats endorsed the policy (with Republican opposition) than when Republicans endorsed the policy (with Democratic opposition). Neither knowledge nor belief in climate change reduced these polarizing effects, and greater policy knowledge was associated with increased polarization. Further, the effect of partisan cues on normative perceptions mediated the effect of partisan cues on policy support.
This paper reviews several dimensions in terms of which electronic/Internet and paper voting can be compared (vote secrecy, verifiability, ballot box integrity, transparency and trust base). We conclude that, for many vulnerabilities of Internet voting systems, there exist related weakness in paper systems as well. The main reason why paper-based elections are perceived as more secure is historical experience. We argue that recent criticisms of Internet voting have unfairly concentrated on the associated risks and neglected the benefits. Remote electronic voting lowers the cost of election participation and provides the most secure means for absentee voting. The latter is something that is urgently required in the contemporary, increasingly mobile world. Hence, we need to give Internet voting a chance, even if it means risking unknown threats and learning by trial and error.
This dissertation aims to investigate the origins of Internet voting, analyze several
deployments of Internet voting technology in Austria and identify – based on these
accumulated experiences – building blocks that can be useful in decision-making on and
planning of future uses of Internet voting technology within Austria and throughout the
world.
In line with the goals of this thesis, it will address the following research questions:
- How did Internet voting originate?
- What experiences were noted in the process of implementing Internet voting in
Austria?
- What building blocks can be identified for developing future Internet voting both
inside and outside Austria?
Internet voting is part of a transformational movement that applies information and
communication technologies to daily business activities. It is only logical that elections
are also considered for applying electronic (remote) communication technologies. While
early efforts were driven by the belief that elections could make easy use of the Internet,
it was shown that while the principles have to be interpreted and consequently applied in
a different way, the same principles can still be derived for Internet voting, like integrity,
secrecy, transparency, accountability and public confidence. The need to have forms of
decision making in electronic networks has been identified in its beginnings and has
received continuous attention throughout its development. At the height of the excitement
about the possibilities of the Internet, countries raced to become the first to run a legally
binding election using electronic voting systems. While several candidates emerged (e.g.,
Costa Rica, Bosnia Herzegovina, Germany, United States), Estonia was victorious in
2005. To date, Estonia is the only country that has introduced this form of voting without
any preconditions or other limitations.
In Austria, the intentions to use information and communication technologies (ICT) in
elections concentrated on parliamentary affairs. Spurred by the efforts around student
elections in Germany, Austria sought to conduct Internet voting in 2000. In the years
thereafter, considerable progress was made at WU Vienna University of Economics and
Business (WU), and this progress spearheaded the debate in the early 2000s. At the
beginning in the years 2001-2003, technical solutions were sought to verify voter
eligibility and maintain voter privacy. Later, more sophisticated algorithms were
developed, and functionalities like quotas in election commissions were added.
The Federation of Students’ elections in 2009 were a remarkable event that
demonstrated highly contentious political debate around the topic. This debate continued
after the elections, which were held in May 2009 and suffered from the intense debate
and protests and consequential organizational shortcomings. The experiences also
showed that accurate legal regulations are needed to show interaction with the
constitutional legal texts and to ensure accountability to a remote electronic voting
channel through legal means. International standards were a first step, but regulations
based on actual experience were needed to show how remote electronic voting channels
could be realized and how to avoid problems identified in pilot implementations. This
practical knowledge also shows that sophisticated algorithms are not always the key to
success. Rather, several key implementations make use of very basic technical means to
realize the tasks given by law. One should not forget about the voters. They not only need
to use such systems, but they also need to understand the processes in order to build trust.
The constitutional court ruling lifted the election and ruled that the respective
ordinance was not in line with the requirements of the law. Hereby, the court established
higher requirements resulting barriers for offering Internet voting channels in future
elections. While the election administration system, which was a pre-requisite for the
Internet voting system, was discontinued in the election thereafter, it returned in recent
elections where postal voting was offered.
On the basis of the aforementioned experiences, twelve building blocks were compiled
discovered. These include design decisions, such as the following: the form of electronic
voting, adaptations of the legal base, the technical means for identification and secrecy,
observation, control functions for the electoral commission, evaluation processes,
transparency functions, ballot sheet designs, controlling the organizational context as well
as providing options for planning and implementation. This framework therefore
facilitates and eases the generation of feasibility studies and other analyses and decision
making ahead of using Internet voting in an election. With little adaption it can also be
used for the use of other voting technologies.
This work utilizes theoretical work and knowledge from adaptations of legal texts.
These texts cover a wide range of topics, including methods for implementing
identification and anonymity functions in remote electronic voting as well as testing and
certifying systems that require transparent procedures. The findings also show that
implementing remote an electronic voting system is a complex topic. It requires trust in
the election administration; otherwise, suspicion will arise when more technology is
introduced and implemented in an election process. Remote electronic voting is one of
the most challenging information technology (IT) projects.
In the " third wave " of human-computer interaction (HCI), the advent of the conceptual approach of UX broadens and changes the HCI landscape. Methods approved before, mainly within the conceptual approach of usability, are still widely used, and yet their adequacy for UX evaluation remains uncertain in many applications. Laboratory testing is undoubtedly the most prominent example of such a method. Hence, in this study, we investigated how the more comprehensive and emotional scope of UX can be assessed by laboratory testing. In this paper, we report on a use case study involving 70 participants. They first took part in user/laboratory tests and then were asked to evaluate their experience with the two systems (perceived UX) by filling out an AttrakDiff scale and a UX needs fulfillment questionnaire. We conducted post-test interviews to better understand participants' experiences. We analyzed how the participants' perceived UX depends on quantitative (e.g., task completion time, task sequence, level of familiarity with the system) and qualitative aspects (think aloud, debriefing interviews) within the laboratory context. Results indicate that the laboratory setting has a strong impact on the participants' perceived UX, and support a discussion of the quality and limitations of laboratory evaluations regarding UX assessment. In this paper, we have identified concrete challenges and have provided solutions and tips useful for both practitioners and researchers who seek to account for the subjective, situated, and temporal nature of the UX in their assessments.
Heuristics are simple, yet effective, strategies that people use to make decisions. Because heuristics do not require all available information, they are thought to be easy to implement and to not tax limited cognitive resources, which has led heuristics to be characterized as fast-and-frugal. We question this monolithic conception of heuristics by contrasting the cognitive demands of two popular heuristics, Tallying and Take-the-Best. We contend that heuristics that are frugal in terms of information usage may not always be fast because of the attentional control required to implement this focus in certain contexts. In support of this hypothesis, we find that Take-the-Best, while being more frugal in terms of information usage, is slower to implement and fares worse under time pressure manipulations than Tallying. This effect is then reversed when search costs for Take-the-Best are reduced by changing the format of the stimuli. These findings suggest that heuristics are heterogeneous and should be unpacked according to their cognitive demands to determine the circumstances a heuristic best applies.
The introduction of remote electoral methods (also, e.g., postal voting) serves the citizen in providing an easily accessible and comfortable means of voting. In addition, remote voting is also considered a viable alternative for disenfranchised voters whose participation in elections has always been dependent on the methods they are offered – voters living or residing permanently abroad, voters who are living in conditions which make it difficult for them to attend elections for geographical reasons and voters with disabilities. All these voters need to make extra efforts in participating in the democratic process, and in all these cases, the principle of universality (or general elections) prevails over the possible concerns connected with the way of voting.
Still, Estonia is the only country in the world providing remote electronic means to its citizens in all elections countrywide. In this article we try to explain the reasons and modalities how Estonia could retain this service where other countries failed.
We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.
"Nowhere does history indulge in repetitions so often or so uniformly as in Wall Street," observed legendary speculator Jesse Livermore. History tells us that periods of major technological innovation are typically accompanied by speculative bubbles as economic agents overreact to genuine advancements in productivity. Excessive run-ups in asset prices can have important consequences for the economy as firms and investors respond to the price signals, resulting in capital misallocation. On the one hand, speculation can magnify the volatility of economic and financial variables, thus harming the welfare of those who are averse to uncertainty and fluctuations. But on the other hand, speculation can increase investment in risky ventures, thus yielding benefits to a society that suffers from an underinvestment problem.
E-voting has the potential to lower participation thresholds and increase turnout, but its technical complexity may produce other barriers to participation. Using Rogers' theory of the diffusion of innovations, we examined how the use of e-voting has changed over time. Data from eight e-enabled elections between 2005 and 2015 in Estonia, were used to investigate changes to the profile of e-voters and contrast them to those voting by conventional means. Owing to the aggregate share of e-voters increasing with each election, with one third of voters now casting their vote remotely over the internet, there was a lack of conclusive evidence regarding whether the new voting technology had diffused homogenously among the voting population, or remained a channel for the resourceful and privileged. Our findings show that diffusion has taken place, but not until after the first three e-enabled elections. Thus, internet voting has the potential to be used by a wide range of voter types, bridge societal divisions, and emerge as an inclusive innovative voting technology.
Internet voting can afford more inclusive and inexpensive elections. The flip side is that the integrity of the election can be compromised by adversarial attacks and malfunctioning voting infrastructure. Individual verifiability aims to protect against such risks by letting voters verify that their votes are correctly registered in the electronic ballot box. Therefore, voters need to carry out additional tasks making human factors crucial for security. In this article, we establish a categorization of individually verifiable Internet voting schemes based on voter interactions. For each category in our proposed categorization, we evaluate a voting scheme in a user study with a total of 100 participants. In our study, we assessed usability, user experience, trust, and further qualitative data to gain deeper insights into voting schemes. Based on our results, we conclude with recommendations for developers and policymakers to inform the choices and design of individually verifiable Internet voting schemes.
Presidential primaries are a critical part of the United States Presidential electoral process, since they are used to select the candidates in the Presidential election. While methods differ by state and party, many primaries involve proportional delegate allocation using the so-called Hamilton method. In this paper we show how to conduct risk-limiting audits for delegate allocation elections using variants of the Hamilton method where the viability of candidates is determined either by a plurality vote or using instant runoff voting. Experiments on real-world elections show that we can audit primary elections to high confidence (small risk limits) usually at low cost.
Cybersecurity awareness training has a bad reputation for being ineffective and boring [21]. In this paper, we show the contrary, namely that it is possible to deliver effective cybersecurity awareness training using e-learning. We provide a general methodology on how to create cybersecurity awareness training and evaluate it based on Kirkpatrick’s model of evaluation [22]. We have conducted a pilot study of the methodology in context of the European Parliament election 2019.
Counting votes is complex and error-prone. Several statistical methods have been developed to assess election accuracy by manually inspecting randomly selected physical ballots. Two ‘principled’ methods are risk-limiting audits (RLAs) and Bayesian audits (BAs). RLAs use frequentist statistical inference while BAs are based on Bayesian inference. Until recently, the two have been thought of as fundamentally different. We present results that unify and shed light upon ‘ballot-polling’ RLAs and BAs (which only require the ability to sample uniformly at random from all cast ballot cards) for two-candidate plurality contests, that are building blocks for auditing more complex social choice functions, including some preferential voting systems. We highlight the connections between the methods and explore their performance. First, building on a previous demonstration of the mathematical equivalence of classical and Bayesian approaches, we show that BAs, suitably calibrated, are risk-limiting. Second, we compare the efficiency of the methods across a wide range of contest sizes and margins, focusing on the distribution of sample sizes required to attain a given risk limit. Third, we outline several ways to improve performance and show how the mathematical equivalence explains the improvements.
We present a method and software for ballot-polling risk-limiting audits (RLAs) based on Bernoulli sampling: ballots are included in the sample with probability p, independently. Bernoulli sampling has several advantages: (1) it does not require a ballot manifest; (2) it can be conducted independently at different locations, rather than requiring a central authority to select the sample from the whole population of cast ballots or requiring stratified sampling; (3) it can start in polling places on election night, before margins are known. If the reported margins for the 2016 U.S. Presidential election are correct, a Bernoulli ballot-polling audit with a risk limit of 5% and a sampling rate of would have had at least a 99% probability of confirming the outcome in 42 states. (The other states were more likely to have needed to examine additional ballots). Logistical and security advantages that auditing in the polling place affords may outweigh the cost of examining more ballots than some other methods might require.
Smart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.
This paper by Dr. Maria Bada and Professor Angela Sasse focuses on Security Awareness Campaigns, trying to identify factors which potentially lead to failure of these in changing the information security behaviours of consumers and employees. Past and current efforts to improve information security practices have not had the desired effort. In this paper, we explain the challenges involved in improving information security behaviours. Changing behaviour requires more than giving information about risks and correct behaviours – firstly, the people must be able to understand and apply the advice, and secondly, they must be willing to do – and the latter requires changes to attitudes and intentions. These antecedents of behaviour change are identified in several psychological models of behaviour (e.g. theory of reasoned action, theory of planned behaviour, protection motivation theory). We review the suitability of persuasion techniques, including the widely used fear appeals. Essential components for an awareness campaign as well as factors which can lead to a campaign’s failure are also discussed. In order to enact change, the current sources of influence-whether they are conscious or unconscious, personal, environmental or social, which are keeping people from enacting vital behaviours, need to be identified. Cultural differences in risk perceptions can also influence the maintenance of a particular way of life. Finally, since the vast majority of behaviours are habitual, the change from existing habits to better information security habits requires support. Finally, we present examples of existing awareness campaigns in U.K., in Australia, in Canada and Africa.
Convolutional Neural Network (CNN) is the state-of-the-art for image classification task. Here we have briefly discussed different components of CNN. In this paper, We have explained different CNN architectures for image classification. Through this paper, we have shown advancements in CNN from LeNet-5 to latest SENet model. We have discussed the model description and training details of each model. We have also drawn a comparison among those models.
We present the electronic voting protocol Belenios together with its associated voting platform. Belenios guarantees vote privacy and full verifiability, even against a compromised voting server. While the core of the voting protocol was already described and formally proved secure, we detail here the complete voting system from the setup to the tally and the recovery procedures. We comment on the use of Belenios in practice. In particular, we discuss the security choices made by election administrators w.r.t. the decryption key and the delegation of some setup tasks to the voting platform.
Risk-limiting audits (RLAs) offer a statistical guarantee: if a full manual tally of the paper ballots would show that the reported election outcome is wrong, an RLA has a known minimum chance of leading to a full manual tally. RLAs generally rely on random samples. Stratified sampling—partitioning the population of ballots into disjoint strata and sampling independently from the strata—may simplify logistics or increase efficiency compared to simpler sampling designs, but makes risk calculations harder. We present SUITE, a new method for conducting RLAs using stratified samples. SUITE considers all possible partitions of outcome-changing error across strata. For each partition, it combines P-values from stratum-level tests into a combined P-value; there is no restriction on the tests used in different strata. SUITE maximizes the combined P-value over all partitions of outcome-changing error. The audit can stop if that maximum is less than the risk limit. Voting systems in some Colorado counties (comprising 98.2% of voters) allow auditors to check how the system interpreted each ballot, which allows ballot-level comparison RLAs. Other counties use ballot polling, which is less efficient. Extant approaches to conducting an RLA of a statewide contest would require major changes to Colorado’s procedures and software, or would sacrifice the efficiency of ballot-level comparison. SUITE does not. It divides ballots into two strata: those cast in counties that can conduct ballot-level comparisons, and the rest. Stratum-level P-values are found by methods derived here. The resulting audit is substantially more efficient than statewide ballot polling. SUITE is useful in any state with a mix of voting systems or that uses stratified sampling for other reasons. We provide an open-source reference implementation and exemplar calculations in Jupyter notebooks.
The growth of eGovernment applications has initiated profound re-engineering of numerous citizen-government interactions but has not yet provided significant impacts on internet-based voting (iVoting). This study examines the role of trust and the technology adoption model (TAM) in influencing citizen intentions to adopt iVoting, and whether a social identity perspective may play a role in this individual decision process. The study is based on the integrated trust and TAM model. TAM posits that people choose to adopt a new Information Technology (IT) because they perceive it to be useful and sometimes also because it is perceived as easy to use. Trust plays a central role in building that sense of perceived usefulness in cases where the IT is a conduit to the trusted party, as we propose for iVoting. In support of this social identity extension to the trust and TAM model, our results show that citizens’ perceptions that they share the same values as the individuals affiliated with providing eGovernment (and internet-based voting) services are especially instrumental. The perception that the agency is made of “people like me” is associated with increased trust in the agency, which in turn is associated with increased levels of other factors that contribute to the intention to vote electronically over the internet. Implications for theory and practice are identified.
Partisanship often colors how citizens perceive real‐world conditions. For example, an oft‐documented finding is that citizens tend to view the state of the national economy more positively if their party holds office. These partisan perceptual gaps are usually taken as a result of citizens' own motivated reasoning to defend their party identity. However, little is known about the extent to which perceptual gaps are shaped by one of the most important forces in politics: partisan elites. With two studies focusing on perceptions of the economy—a quasi‐experimental panel study and a randomized experiment—we show how partisan perceptual differences are substantially affected by messages coming from party elites. These findings imply that partisan elites are more influential on, and more responsible for, partisan perceptual differences than previous studies have revealed.
In diesem Band widmen sich 14 AutorInnen aus vergleichender politikwissenschaftlicher Perspektive der Frage von Bedeutung und Deutung von Wahlen weltweit. Leitend ist für die AutorInnen des Bandes die Erkenntnis aus der jüngeren Wahlsystemforschung, dass eine Aufgabe heute gerade darin besteht, die jeweiligen Kontexte näher zu bestimmen, in denen Wahlen stattfinden und innerhalb derer Wahlsysteme eine bestimmte Wirkung entfalten. Es gilt, Abschied zu nehmen von vormals als universal betrachteten, indes eindimensional und häufig monokausal gefassten Theorien. Die Theoriediskussion erfordert eine stärkere Berücksichtigung des gesellschaftlichen, kulturellen, wirtschaftlichen, historischen und politisch-strukturellen Kontextes, in dem Wahlen Wahlsysteme verankert sind oder installiert werden. Diese Kontextualisierung erfolgt in diesem Band, der erstmalig die großen Kulturräume der Welt und das technische Instrument Wahlsystem in ihrer Wechselwirkung analysiert.
Bounding the number of agents is a current practice when modeling a protocol. In 2003, it has been shown that one honest agent and one dishonest agent are indeed sufficient to find all possible attacks, for secrecy properties. This is no longer the case for equivalence properties, crucial to express many properties such as vote privacy or untraceability.
In this paper, we show that it is sufficient to consider two honest agents and two dishonest agents for equivalence properties, for deterministic processes with standard primitives and without else branches. More generally, we show how to bound the number of agents for arbitrary constructor theories and for protocols with simple else branches. We show that our hypotheses are tight, providing counter-examples for non action-deterministic processes, non constructor theories, or protocols with complex else branches.
Protocols for secure electronic voting are of increasing societal importance. Proving rigorously their security is more challenging than many other protocols, which aim at authentication or key exchange. One of the reasons is that they need to be secure for an arbitrary number of malicious voters. In this paper we identify a class of voting protocols for which only a small number of agents needs to be considered: if there is an attack on vote privacy then there is also an attack that involves at most 3 voters (2 honest voters and 1 dishonest voter).
In the case where the protocol allows a voter to cast several votes and counts, e.g., only the last one, we also reduce the number of ballots required for an attack to 10, and under some additional hypotheses, 7 ballots. Our results are formalised and proven in a symbolic model based on the applied pi calculus. We illustrate the applicability of our results on several case studies, including different versions of Helios and Prêt-à-Voter, as well as the JCJ protocol. For some of these protocols we can use the ProVerif tool to provide the first formal proofs of privacy for an unbounded number of voters.
End-to-end verifiable voting schemes typically involve voters handling an encrypted ballot in order to confirm that their vote is accurately included in the tally. While this may be technically valid, from a public acceptance standpoint it may be problematic: many voters may not really understand the purpose of the encrypted ballot and the various checks that they can perform. In this paper we take a different approach and revisit an old idea: to provide each voter with a private tracking number. Votes are posted on a bulletin board in the clear along with their associated tracking number. This is appealing in that it provides voters with a very simple, intuitive way to verify their vote, in the clear. However, there are obvious drawbacks: we must ensure that no two voters are assigned the same tracker and we need to keep the link between voters and trackers private.
We propose a scheme that addresses both of these problems: we ensure that voters get unique trackers and we close off coercion opportunities by ensuring that the voters only learn their tracking numbers after the votes have been posted. The resulting scheme provides receipt-freeness, and indeed a good level of coercion-resistance while also providing a more immediately understandable form of verifiability.
Internet voting has become a challenging field of action for political scientists, computer companies and legal advisers. Its introduction is on the current reform agenda of nearly all democracies (and semi-democracies). In various projects all over the world, the technical details for ‘Internet voting’, ‘online elections’, ‘cyber vote’ and ‘e-voting’ are being worked out (I will use all these terms synonymously). The academic discussion about Internet voting is centred upon various technical, empirical, analytical and constitutional questions which arise from the new voting technique. Surprisingly, the underlying normative arguments and the implicit democratic theories which are at the core of the digital reform project and which were the driving force behind the movement for online voting have vanished from sight in the course of these debates.
Coercion resistance is one of the most important and intricate security requirements for voting protocols. Several definitions of coercion resistance have been proposed in the literature, both in cryptographic settings and more abstract, symbolic models. However, unlike symbolic approaches, only very few voting protocols have been rigorously analyzed within the cryptographic setting. A major obstacle is that existing cryptographic definitions of coercion resistance tend to be complex and limited in scope: they are often tailored to specific classes of protocols or are too demanding.In this paper, we therefore present a simple and intuitive cryptographic definition of coercion resistance, in the style of game-based definitions. This definition allows us to precisely measure the level of coercion resistance a protocol provides. As the main technical contribution of this paper, we apply our definition to two voting systems, namely, the Bingo voting system and ThreeBallot. The results we obtain are out of the scope of existing approaches. We show that the Bingo voting system provides the same level of coercion resistance as an ideal voting system. We also precisely measure the degradation of the level of coercion resistance of the ThreeBallot voting system when the so-called short ballot assumption is not met and show that the level of coercion resistance this system provides is significantly lower than that of an ideal system even in the case of short ballots.
Electronic voting systems are those which depend on some electronic technology for their correct functionality. Many of them depend on such technology for the communication of election data. Depending on one or more communication channels in order to run elections poses many technical challenges with respect to verifiability, dependability, security, anonymity and trust. Changing the way in which people vote has many social and political implications. The role of election administrators and (independent) observers is fundamentally different when complex communications technology is involved in the process. Electronic voting has been deployed in many different types of election throughout the world for several decades. Despite lack of agreement on whether this has been a ‘success’, there has been—in the last few years—enormous investment in remote electronic voting (primarily as a means of exploiting the internet as the underlying communication technology).
This paper reviews the past, present and future of on-line voting. It reports on the role of technology transfer, from research to practice, and the range of divergent views concerning the adoption of on-line voting for critical elections.
This proposal aims to combine the best properties of paper-based and end-to-end verifiable remote voting systems. Ballots are delivered electronically to voters, who return their votes on paper together with some cryptographic information that allows them to verify later that their votes were correctly included and counted.
We emphasise the ease of the voter’s experience, which is not much harder than basic electronic delivery and postal returns. A typical voter needs only to perform a simple check that the human-readable printout reflects the intended vote. The only extra work is adding some cryptographic information into the same envelope as the human-readable vote.
The proposed scheme is not strictly end-to-end verifiable, because it depends on procedural assumptions at the point where the ballots are received. These procedures should be public and could be enforced by a group of observers, but are not publicly verifiable afterwards by observers who were absent at the time.