Abstract
How to ascertain that the person voting behind a computer or smartphone screen is actually who they claim to be remains one of the key challenges in remote electronic voting. Credentials to vote online can be shared, stolen, or traded. For this reason, it is generally argued that introducing remote electronic voting from uncontrolled environments for political public elections is only feasible as long as a robust infrastructure for the digital identification of voters (e.g., based on electronic identity documents, e-ID) is already in place. But is such a digital infrastructure for voter authentication a sine qua non condition for remote electronic voting? In this paper we assess how voters are authenticated in internet voting for political public elections in nine countries: Australia, Canada, Estonia, France, Mexico, Pakistan, Panama, Switzerland, and the United States of America (USA). To the best of our knowledge, this is the broadest comparative assessment of voter authentication methods in governmental remote electronic voting experiences. Our analysis reveals that the use of solely knowledge-based factors for voter authentication is the most common practice in these experiences. In most cases, a combination of several credentials is used (e.g., in Canada and Australia). Another alternative is to rely on a different combination of knowledge and ownership-based authentication methods that does not require neither e-IDs nor digital certificates (e.g., as in France and Mexico).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
It should be noted that it may not be necessary to guarantee the anonymity of encrypted votes as soon as they are cast. As a matter of fact, in certain cases it may be even necessary to maintain a link between the encrypted vote cast and the identity of the voter who has cast it until the decryption stage (e.g., when multiple voting is supported).
- 2.
Remote electronic voting is understood here as those systems “where votes are transferred via the Internet to a central counting server. Votes can be cast either from public computers or from voting kiosks in polling stations or—more commonly—from any Internet-connected computer accessible to a voter” (International IDEA 2011: 11). We will use the terms “remote electronic voting”, “internet voting”, and “online voting” indistinctively to refer to these systems.
- 3.
Whilst internet voting can be used from both controlled and uncontrolled environments, our focus here will be on the later (since it is in uncontrolled environments where it is more difficult to ascertain the identity and eligibility of a voter). In remote electronic voting from controlled environments (such as in polling stations, embassies and/or public libraries) a polling station officer could always verify, at least in principle, the identity of the voter.
- 4.
More recently, the Australian Capital Territory (ACT) has also introduced e-voting for voters overseas. This system was first used between 28 September and 17 October 2020.
- 5.
Online voting is also used, although to a lesser extent, in the Canadian province of Nova Scotia. However, and because of its size, we have decided to focus on Ontario: according to Cardillo, Akinyokun and Essex, “in the context of Ontario’s 2018 municipal elections […] as many as one million voters cast a ballot online” (2020: 7).
- 6.
In addition to CDMX, 11 Mexican states used internet voting for the state elections of 6 June 2021, in partnership with Mexico’s Election Management Body, the Instituto Nacional Electoral (INE): Baja California Sur, Chihuahua, Colima, Guerrero, Michoacán, Nayarit, Querétaro, San Luis Potosí y Zacatecas, Guerrero (diputación migrante) and Jalisco (diputación representación proporcional). More information can be found at: <https://www.dof.gob.mx/nota_detalle.php?codigo=5573949&fecha=01/10/2019> [retrieved: 18 March 2022].
- 7.
For example, Oman has a score of 0.08 in the category of electoral process and pluralism in the Economist’s Democracy Index (The Economist Intelligence Unit 2020), and the United Arab Emirates’ score is 0.00. In contrast, Australia scores 10.00, Canada, Estonia, France, Panama and Switzerland score 9.58, Mexico scores 7.83, Armenia scores 7.50, and Pakistan scores 5.67. The same could be said of the Russian Federation, a country where internet voting has been used as well, but that is not included in International IDEA’s database. Russia scores 2.17 in the category of electoral process and pluralism in the Economist’s Democracy Index.
- 8.
The USA score 9.17 in the category of electoral process and pluralism in the Economist’s Democracy Index (The Economist Intelligence Unit 2020).
- 9.
A recent study commissioned by the European Commission also offers a comparative assessment of voter authentication methods in governmental experiences with remote electronic voting (Lupiáñez-Villanueva and Devaux 2018). However, this study is not as comprehensive as our (several of our case studies are not considered, such as Mexico and New South Wales) and focuses more on providers than on actual experiences.
- 10.
Even if the geographic scope of the Recommendation is in principle limited to the countries of the Council of Europe, there are several examples of non-European countries resorting to them. See for instance Stein and Wenda (2014) and Driza Maurer (2014). More recently, Essex and Goodman (2020) have also assessed the Council of Europe’s approach towards the regulation of e-voting as a model for the development of internet voting standards in Canada.
- 11.
- 12.
For more information about this specific voting experience, the reading by Haq et al. (2019) is suggested.
- 13.
There is not a lot of information about how this system works. However, we have found this reference to the C1V verification key in a document by the ACE Project: <https://aceproject.org/ero-en/regions/americas/PA/panama-carpeta-informativa-elecciones-generales> [retrieved: 18 March 2022].
- 14.
These authors identify one exception in the city of Cambridge, where PINs were sent by email (Cardillo et al. 2020: 5).
- 15.
The authors highlight that “[t]he use of single credential for voter authentication is inadvisable since access to the voter information package is sufficient to cast a ballot on another’s behalf” (Cardillo et al. 2020: 5). However, we have already seen that a single credential for voter authentication is the method that has been used in some cantons in Switzerland for both internet voting as well as postal voting.
- 16.
More information about this method can be found online: <https://www.elections.nsw.gov.au/Voters/Other-voting-options/iVote-online-and-telephone-voting> [retrieved: 18 March 2022].
- 17.
- 18.
Due to security concerns and vulnerabilities found by a group of researchers (see Specter et al. 2020), the system was not used during the 2020 presidential and legislative elections.
- 19.
More information about the results of the pilot can be found online: <https://sos.wv.gov/news/Pages/11-16-2018-A.aspx> [retrieved: 18 March 2022].
- 20.
More information about this method can be found online: <https://voatz.com/wp-content/uploads/2020/07/voatz-security-whitepaper.pdf> [last accessed: 18 March 2022].
- 21.
The article also reads that the credentials are to be delivered to voters at the opening of the voting phase at the latest and at least one of the two credentials is needed to recover the other one in case of loss.
- 22.
There are two ceremonies because the process takes many hours (for the consular elections of 2021, about 1.3 million credentials are needed), and it is not suitable to have the observers during all the time.
- 23.
While the resort to these techniques could imply that biometrics are used for voter authentication, we have not considered face recognition as a method used for voter authentication as such (since the use of these techniques is limited to the registration phase and they are not used at the time of voting). In a similar vein, Barrat Esteve and Morales-Rocha have noted that the authentication process could be strengthened if biometrics were used at the time of voting instead (2020: 8).
- 24.
However, according to Heiberg, Krips, and Willemson, “[r]ight now, only ID-card and mID are used for i-voting” (2020: 83).
- 25.
At the same time, delivering the OTP using another channel (such as SMS), which would re-quire sharing the mobile phone or at least the SIM-card, does not seem suitable either, since internet voting is offered to French voters abroad and the delivery of the OTP would be subject to certain constraints that could render voting online almost impossible (i.e., if the SMS is not received before the voting session expires, the vote cannot be confirmed and thus remains not cast). This is not unimportant in view that up to 50% of voters involved in a User Acceptance Test (UAT) ahead of the 2017 French legislative elections had connection problems, mostly due to issues with their e-mail and the delivery of the SMS (Deromedi and Détraigne, 2018: 40). Issues with SMS were especially concerning in countries like China (Deromedi and Détraigne, 2018: 31).
- 26.
This vulnerability, described as the Ghost Click Attack by Springall et al. (2014), was first identified in 2013.
- 27.
While not very common for governmental experiences, it is not unlikely that such digital identification infrastructures could exist for private settings, such as in universities, political parties or professional associations, to name just a few examples.
References
Abu-Shanab, E., Khasawneh, R., Alsmadi, I.: Authentication mechanisms for E-Voting. In: Saeed, S., Reddick, C.G. (eds.) Human-Centered System Design for Electronic Governance, pp. 71–86 (2013)
Anziani, A., Lefèvre, A.: Vote électronique: preserver la confiance des électeurs. Rapport d’information fait au nom de la commission des lois (2014)
Barrat Esteve, J., Morales Rocha, V.M.: Informe de Voto Electrónico (2020)
Cardillo, A., Akinyokun, N., Essex, A.: Online voting in Ontario municipal elections: a conflict of legal principles and technology? Whisper Lab Research Report, Western University (2020)
Chorny, V.: El voto por internet en México: La libertad y la secrecía del voto condicionadas. R3D. Red en Defensa de los Derechos Digitales, Ciudad de México (2020)
Council of Europe: Recommendation CM/Rec(2017)5 of the Committee of Ministers to member States on standards for e-voting (2017a)
Council of Europe: Explanatory Memorandum to Recommendation CM/Rec(2017)5 of the Committee of Ministers to member States on standards for e-voting (2017b)
Deromedi, J., Détraigne, Y.: Réconcilier le vote et les nouvelles technologies. Rapport d’information fait au nom de la commission des lois (2018)
Driza Maurer, A.: Ten years Council of Europe Rec(2004)11. Lessons learned and outlook. In: Krimmer, R., Volkamer, M. (eds.) Proceedings of Electronic Voting 2014 (EVOTE 2014), pp. 111–117. TUT Press, Tallinn (2014)
Driza Maurer, A.: Updated European standards for E-voting. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 146–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_9
Essex, A., Goodman, N.: Protecting electoral integrity in the digital age: developing E-voting regulations in Canada. Election Law J. 19(2), 162–179 (2020)
French Electoral Code
Goodman, N., Smith, R.: Internet voting in sub-national elections: policy learning in Canada and Australia. In: Krimmer, R., et al. (eds.) E-Vote-ID 2016. LNCS, vol. 10141, pp. 164–177. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52240-1_10
Haq, H.B., McDermott, R., Ali, S.T.: Pakistan’s internet voting experiment. In: Krimmer, R., et al. (eds.) Fourth International Joint Conference on Electronic Voting E-Vote-ID 2019, Lochau/Bregenz, Austria, 1–4 October 2019. Proceedings. TalTech Press, Tallin (2019)
Heiberg, S., Krips, K., Willemson, J.: Planning the next steps for Estonian Internet voting. In: Krimmer, R., et al. (eds.) Fifth International Joint Conference on Electronic Voting E-Vote-ID 2020, 6–9 October 2020. Proceedings. TalTech Press, Tallin (2020)
Hof, S.: E-voting and biometric systems. In: Electronic Voting in Europe - Technology, Law, Politics and Society, Workshop of the ESF TED Programme Together with GI and OCG, Schloß Hofen/Bregenz, Lake of Constance, Austria, 7–9 July 2004. Proceedings, pp. 63–72 (2004)
Human Rights Committee: United Nations: General Comment No. 25 (1996)
Ilves, T.H.: Foreword. In: Solvak, M., Vassil, K. (eds.) E-Voting in Estonia: Technological Diffusion and Other Developments Over Ten Years. Johan Skytte Institute of Political Studies, in cooperation with Estonian National Electoral Committee, Tartu and Tallin (2016)
International IDEA: Introducing Electronic Voting: Essential Considerations (2011)
Krimmer, R., Triessnig, S., Volkamer, M.: The development of remote E-voting around the world: a review of roads and directions. In: Alkassar, A., Volkamer, M. (eds.) Vote-ID 2007. LNCS, vol. 4896, pp. 1–15. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77493-8_1
Lupiáñez-Villanueva, F., Devaux, A. (eds.): Study on the Benefits and Drawbacks of Remote Voting. European Commission, Brussels (2018)
Morales-Rocha, V., Puiggalí, J., Soriano, M.: Secure remote voter registration. In: Proceedings of 3rd International Symposium on Electronic Voting (EVOTE 2008), Bregenz, Austria, 7–9 August 2008, pp. 95–108 (2008)
Romanov, B., Kabanov, Y.: The oxymoron of the internet voting in illiberal and hybrid political contexts. In: Krimmer, R., et al. (eds.) E-Vote-ID 2020. LNCS, vol. 12455, pp. 183–195. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60347-2_12
Specter, M.A., Koppel, J., Weitzner, D.: The ballot is busted before the blockchain: a security analysis of Voatz, the first internet voting application used in U.S. federal elections. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 1535–1553 (2020)
Springall, D., et al.: Security analysis of the Estonian internet voting system. In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS 2014), November 2014
State Electoral Office of Estonia: General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia (2017)
Stein, R., Wenda, G.: The Council of Europe and e-voting: history and impact of Rec(2004)11. In: Krimmer, R., Volkamer, M. (eds.) Proceedings of Electronic Voting 2014 (EVOTE 2014), pp. 105–110. TUT Press, Tallinn (2014)
Swiss Federal Chancellery: Le vote électronique dans sa phase pilote - Rapport intermédiaire (2004)
Swiss Federal Chancellery: Restructuration et reprise des essais. Rapport final du Comité de pilotage Vote électronique (CoPil VE) (2020)
Swiss Federal Council: Rapport sur le vote électronique du 9 janvier 2002: Chances, risques et faisabilité (2002)
Swiss Federal Council: Rapport sur les projets pilotes en matière de vote électronique (2006)
The Economist Intelligence Unit: Democracy Index 2020: In sickness and in health? (2020)
Vassil, K.: The Estonian e-government ecosystem. In: Solvak, M., Vassil, K. (eds.) E-Voting in Estonia: Technological Diffusion and Other Developments Over Ten Years. Johan Skytte Institute of Political Studies, in cooperation with Estonian National Electoral Committee, Tartu and Tallin (2016)
Venice Commission: Code of Good Practice in Electoral Matters: Guidelines and Explanatory Report (2002)
Vinkel, P.: Historical development and legal aspects. In: Solvak, M., Vassil, K. (eds.) E-voting in Estonia: Technological Diffusion and Other Developments Over Ten Years. Johan Skytte Institute of Political Studies, in cooperation with Estonian National Electoral Committee, Tartu and Tallin (2016)
Volkamer, M.: Evaluation of Electronic Voting: Requirements and Evaluation Procedures to Support Responsible Election Authorities. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01662-2
Acknowledgements
This work received support from the mGov4EU project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 959072.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Rodríguez-Pérez, A., Cucurull, J., Puiggalí, J. (2022). Voter Authentication in Remote Electronic Voting Governmental Experiences: Requirements and Practices. In: Krimmer, R., et al. Electronic Participation. ePart 2022. Lecture Notes in Computer Science, vol 13392. Springer, Cham. https://doi.org/10.1007/978-3-031-23213-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-23213-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23212-1
Online ISBN: 978-3-031-23213-8
eBook Packages: Computer ScienceComputer Science (R0)