Pilot Implementation of Scytl Online Voting for Referendums in Iceland, Lecture notes of Technology

In most modern society’s democracy is an important consideration. Inside a democracy on of the most critical things is the election of legislators. It is also a very sensitive method that is the target of various disruptions, such as inactive people

Typology: Lecture notes

2019/2020

Uploaded on 04/05/2020

shangavi-s
shangavi-s 🇱🇰

5 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Overview of the proposed solution
The proposed voting system will be based on Scytl Online Voting, the leading product in the
electronic voting sector for executing transparent and secure elections. Scytl Online Voting is
a unique solution developed by Scytl based on its 18 years of research experience in the
electronic voting security field, a recognised voting platform used in real elections. The
solution implements a unique and patented cryptographic protocol, which combined with
physical and logical security measures, provides electronic voting platforms with the highest
security levels available today.
Figure 1 - Solution Overview
Specifically, Scytl Online Voting implements a set of cryptographic protocols and
mechanisms which jointly guarantee reliable and secure elections, ensuring voter privacy and
providing end-to-end security by creating a virtual secure channel between voters and the
Election Committee and putting the control of the electoral process in the hands of the
Election Committee (rather than the system administrators or technicians). In addition, Scytl
Online Voting uses digital certificates to strongly authenticate voters before allowing them
to access the voting process and cryptographic means to ensure the integrity of election
results, preventing and detecting the addition of bogus votes and the manipulation or removal
of valid ones.
Regarding voter verifiability and auditability, Scytl Online Voting implements a unique and
patented mechanism, called “ballot receipt” (also named as “voting receipt”), which allows
voters to anonymously verify that their vote was recorded by the system as cast. Additionally,
Scytl Online Voting stores all the important actions performed by the system, including
pf3
pf4
pf5

Partial preview of the text

Download Pilot Implementation of Scytl Online Voting for Referendums in Iceland and more Lecture notes Technology in PDF only on Docsity!

Overview of the proposed solution

The proposed voting system will be based on Scytl Online Voting, the leading product in the electronic voting sector for executing transparent and secure elections. Scytl Online Voting is a unique solution developed by Scytl based on its 18 years of research experience in the electronic voting security field, a recognised voting platform used in real elections. The solution implements a unique and patented cryptographic protocol, which combined with physical and logical security measures, provides electronic voting platforms with the highest security levels available today.

Figure 1 - Solution Overview

Specifically, Scytl Online Voting implements a set of cryptographic protocols and mechanisms which jointly guarantee reliable and secure elections, ensuring voter privacy and providing end-to-end security by creating a virtual secure channel between voters and the Election Committee and putting the control of the electoral process in the hands of the Election Committee (rather than the system administrators or technicians). In addition, Scytl Online Voting uses digital certificates to strongly authenticate voters before allowing them to access the voting process and cryptographic means to ensure the integrity of election results , preventing and detecting the addition of bogus votes and the manipulation or removal of valid ones.

Regarding voter verifiability and auditability , Scytl Online Voting implements a unique and patented mechanism, called “ballot receipt” (also named as “voting receipt”), which allows voters to anonymously verify that their vote was recorded by the system as cast. Additionally, Scytl Online Voting stores all the important actions performed by the system, including

voters’ and administration users’ activities, in logs protected by means of cryptographic mechanisms (called immutable logs), ensuring that nobody can manipulate the entries stored in the log. Scytl e-voting system has been audited and certified by governments all over the world, which have verified and approved the use of Scytl Online Voting in binding elections.

Voting process flow

Accessibility and usability are key factors towards making a remote voting project a success, as both the voters and the Election Committee must feel confident with the technology. For that reason, all the voting interfaces have been developed taking into consideration accessibility standards and usability guidelines to facilitate the voting process for everyone. Thus, the voting process flow is very intuitive, allowing voters to vote without requiring previous training.

Internet Voting Solution

  1. Using a web browser, the voter connects through a secure channel (e.g., HTTPS) to the voting web page.
  2. The voter introduces his credentials - based on his unique national identification number ( Kennitala ) – which are validated, using SAML protocol, through the Registers Iceland Authentication Service which also checks the voters register for voter’s eligibility.
  3. If the authentication and authorizations are successful the Registers Iceland will return an identity assertion which will be used by Scytl’s platform (acting as Service Provider) to represent and identify the voter during the session.
  4. Once satisfactorily fulfilled the previous steps, the voter will see on the screen the personalized ballot contents for all election events assigned to him. The voter will be able to easily navigate through them. Voter is allowed to vote as many times as wanted, only the last vote counts.
  5. The voter will then be able to select the appropriate number of candidates/answers and continue to the next election event (or alternatively, proceed to cast the ballot). The system can warn about undervotes and overvotes, and can even block certain options (e.g. do not allow overvotes that spoil the ballot). This is customizable per election and will be configured to comply with the relevant legislation.
  6. Once the options are selected, a confirmation screen will display the selected options/candidates. The voter will be able to confirm (and cast the ballot) or to go back and change his/her selections.
  7. If the voter confirms the options, the vote is then individually protected using a

The voting system automatically stops accepting e-votes at the time specified by the Electoral committee during the configuration. Voters in the process of voting when this situation occurs (already logged in) can be granted extra time to cast their votes.

After the election is automatically closed, the digital ballot box (the database) is sealed and its contents can be decrypted following a mixing service. The mixing service validates the integrity of the ballot box and of each individual ballot, and shuffles its contents to remove any correlation between voters and votes while deciphering its contents. To perform this action, it is absolutely necessary to obtain the participation of the Electoral Committee members, whose members hold different pieces of the decryption key. This event is usually conducted in front of the public, the media and election observers for maximum transparency.

The output of the mixing process is twofold: (1) the decrypted votes are counted, and (2) the “counted-as-cast” receipts are associated to the decrypted votes, so they can be published for voter individual verifiability (allowing voters to check that their cast ballot was counted). All this information is digitally signed by the Electoral Committee ensuring that it cannot be changed.

Pilot Implementation Approach

Project Outline

In order to gradually introduce and empower Internet Voting in Iceland as well as to provide real experience and indicators to Registers Iceland in this matter, it is envisioned to prepare and execute some pilot elections using Scytl Online Voting platform before the end of the year 2014. In case there are no referendums happening in Iceland during calendar year 2014, the project will be extended until June 30, 2015.

In order to define a reasonable scope for these first elections through the internet, the following premises will be considered:

  • Election type : Referendum (i.e. Direct vote on a ballot question )
  • Electorate : Citizens of some selected municipalities. The recommended election roll should comprise some 3,000 voters.
  • Voting Period : Voting period should be from 7 to 10 days.
  • Number of elections : o Option 1: 2 referendums events (increasing the numbers of voters in the second one). o Option 2: 1 referendum events involving two municipalities at a time.
  • Special case: Municipality of Reykjavik: In order to embrace online voting as soon as possible, Scytl offers as a special proposal to include the city of Reykjavik in the pilot phase. Consequently one of the two online referendums in the pilot can take place in the capital of Iceland.

The project tasks needed to set-up a referendum with Scytl Online Voting platform - considering the previously mentioned premises – would encompass:

  • Development: o Customization of the Look and Feel of the Web Interface (including Icelandic language) o Integration of Scytl Online with Registers Iceland Authentication system (SAML)
  • Configuration: o Configuration of the referendum in Scytl Online Voting Back-Office
  • Deployment and Testing: o Installation of the platform in Icelandic o End-to-End Testing o Stress Testing o User Acceptance Test

Responsibility Matrix

The following table shows the responsibilities of the several stakeholders during the project.

Element Scytl Registers Iceland Authentication Portal X Scytl Online Voting Developments X Project management X X Translations of Templates to Icelandic X Electoral Roll (authorized IDs) X Election Configuration X Online Voting Platform Hosting (and support hosting) X Deployment and Testing X Platform Validation X Platform acceptance X Election Management X X Online Voting Platform Support – 1 st^ level ( Icelandic ) X Online Voting Platform Support – 2 nd^ level X Online Voting Platform Support – 3 rd^ level X Table 1 - Responsibility Matrix

For further referendums beyond the pilot ones, it is an open option to get Registers Iceland trained so that no further service is needed from Scytl after the two initial pilot referendums.

In order to make this possible, Registers Iceland should assign a resource to shadow Scytl’s team during implementation of the pilot project and receive additional five days of training just before the implementation kick off of the new referendums after pilot phase.