• Français
  • English

2016/01/19Voting by Internet : secure and verifiable [by Thierry Flajoliet, CEO of Election-Europe]

Europe, while experiencing an unprecedented economic crisis, must simultaneously face a crisis of confidence on the part of our fellow citizens in their politicians. This loss of confidence may have disastrous direct effects, weakening our democracies. In major national elections, the disillusion and disenchantment of a large proportion of our fellow citizens are distancing them from the polling stations. “Why bother” syndrome leaves the field open to extremes, and extremists are flocking to the ballot boxes, spurred on by a militant spirit.

Internet voting has previously unheard-of advantages, and the French are in favour of it: according to a survey conducted in late October 2015 by Harris Interactive for the daily newspaper Le Parisien, 56% of French citizens surveyed would like to be able to vote electronically, without having to go to a polling station. Better: 58% of those who had abstained from voting in previous elections stated that if they could vote by Internet, they would. This number jumped to 79% in 18- to 25-year-olds. Indeed, the 18- to 24-year-old population is known to hold the record for abstention rates, owing to a lack of political sensitivity, information or simply interest. There is also a general disinterest in politics among those under 34 years of age. In the most recent regional elections, in early December 2015, 65% of 18- to 24-year-olds and 66% of 25- to 34-year-olds abstained from voting. These figures are alarming.

It’s simple. With Internet voting, participation may climb back up several dozen points and make our democracies much stronger.

Axelle Lemaire wishes to legislate to make Internet voting legal in major national elections. Let’s help her demystify an absolutely reliable technology, so that the legal framework evolves, and let’s identify together the conditions to be met to prevent bad experiences. The voting website must always be available, voting must be accessible from any browser, secrecy — anonymity and confidentiality — must be ensured, integrity — resistance to hackers — must be ensured, and all this must be done with voters being able to verify their own vote. That is to say, just as in a physical vote, voters must be able to ensure for themselves that their own ballot, and not a hacked ballot, lands in the ballot box.

  • – A service that is always available: at Election-Europe, we ensure 99.99% availability, thanks to our redundant proprietary infrastructure on two synchronised, fault-tolerant sites. This amounts to less than a minute of non-availability per week.
  • – Immediate accessibility of the voting site: there are no cookies, nor are there any applets or apps to download. The code is streamlined to limit exchanges with servers, and the pages load in less than a second. The software has been tested on all browser/OS/hardware combinations.
  • – Application and server security: The Election Central® code is designed upstream, in a secure-by-design style, by IT specialists who are cybersecurity experts, and it is audited regularly.
  • – Secrecy of voting: anonymity is managed by means of voter authentication, which is done by rigorously separating the signing and counting processes. Confidentiality is ensured by the use of state-of-the-art technologies, including 2,048-bit RSA encryption. In fact, the solution is 100% compliant with the requirements of the French National Commission on Information Technology and Civil Liberties (CNIL) and the French National Information Systems Security Agency (ANSSI).
  • – Integrity of voting: signing and results must be exact, with zero tolerance for error, and a ballot must be impervious to hacking. To prove this, the Election Central platform regularly undergoes penetration testing by independent companies that are ANSSI-qualified information systems security audit providers (PASSIs). To date, the platform has a clean record.
  • – Verifiability of voting by voters themselves, to vote with confidence: V² Secure®, a device on the cutting edge of innovation, uses a new technology to let voters verify for themselves that it is indeed their vote that is recorded unmodified in the electronic ballot box. This is the equivalent of the moment in traditional voting when voters may follow their envelope with their own eyes until it lands in the transparent ballot box.

Certain voting solutions simply verify a ballot by means of an electronic signature, with nothing to ensure that the contents of this ballot had not modified by means of a man-in-the-browser or man-in-the-middle attack before the ballot was signed. Thus, these solutions only allow voters to verify the container of their vote, that is to say the equivalent of their voting envelope. They do not allow voters to verify the contents of their voting ballot.

For its part, the V² Secure® device is a transaction-mirroring device that relies on the security of the voting server. It creates a verification loop for the contents of the voting ballot, and sends back a transitory reflection of the ballot that is only visible in the voter’s browser.

While their voting ballot is awaiting confirmation in the electronic ballot box, voters verify that the transitory reflection — which is displayed instantaneously on their screen without them taking any particular action — matches their voting choice. If their original choice is indeed displayed, voters may be certain that the encrypted voting ballot awaiting confirmation matches their voting choice and has not been modified without their knowledge by a hacker. Thus, after having verified their ballot, voters may confirm their choice with confidence. The device then definitively records their encrypted voting ballot, with no further information transfer.  The integrity of their vote is thus ensured.

With verifiability of voting, let’s hope that France, alongside the Council of Europe, Switzerland, Estonia, Belgium and a dozen other European countries, will accelerate the use of Internet voting to strengthen our democracies.