Challenge: Security Vulnerabilities
For online voting to be truly secure and reli-
able, election o;cials must build an end-to-end
veri;able system, according to the U.S. Vote
Foundation. Such a system (often abbreviated
E2E-VIV) would allow voters to check that the
system recorded their votes correctly and counted
their votes in the ;nal tally, as well as audit the
announced outcome of
the election.
Plan: Robust
Testing and
Risk Mitigation
Online voting built on
an E2E-VIV system
might be ;ve or 15 years
away depending on the
scope of the project,
says Joseph Kiniry, PhD,
principal investigator at
IT security R&D ;rm
Galois, Portland, Oregon, USA. But project
leaders agree that in the
here and now, robust
risk management is the
best rampart against
vote manipulation.
For projects launched
recently in Chile and the
U.S., Tartu, Estonia-based Smartmatic-Cybernetica
Centre of Excellence for Internet Voting (SCCEIV)
is running tests on a variety of fronts: internal code
reviews, peer-to-peer code reviews, penetration
tests and third-party breach attempts. “You can’t
test and monitor enough in these project environ-
ments,” says Mike Summers, program manager,
SCCEIV, London, England. “Our team of project
managers approaches every decision and every test
result with a risk-based framework. Our risk miti-
gation strategy is incredibly robust.” PM
To Vote,
Click Here
A look at online voting projects
around the world:
Estonia
The world leader in internet voting,
Estonia’s government rolled out online
voting at the national level in 2005.
Last year, Smartmatic-Cybernetica
Centre of Excellence for Internet Voting led a project to develop a voter
verification system, which allows
online voters to scan a QR code to
confirm a vote is correctly recorded by
the government’s server.
New Zealand
Looking to boost recent historically
low voter-turnout rates, eight New
Zealand local government councils
were hoping to deliver online voting
options to residents in an election
later this year. In April, however, the
national government postponed the
online voting trials to allow more time
for security testing.
United States
In March, 59,000 of approximately
200,000 Republicans in the state of
Utah registered to vote online for
the presidential caucus. The state
Republican Party paid Smartmatic
US$80,000 to build the system and
spent US$150,000 to promote it—
costs the competing Democratic Party
declined to bear. It was one of the
largest-ever online elections in the
country—but many voters experienced technical difficulties.
India
The state of Gujarat rolled out online
voting in 2010, but the system didn’t
meet user expectations. To boost
online turnout, the State Election
Commission sponsored a project to
build an Android mobile phone application. The app launched in November
2015 for use in municipal elections
throughout Gujarat that month.
“Our team
of project
managers
approaches
every
decision and
every test
result with
a risk-based
framework.”
—Mike Summers,
Smartmatic-Cybernetica
Centre of Excellence for
Internet Voting, London,
England