Council of Europe Recommendation CM/Rec(2017)5 and e-Voting Protocol Design
Roč.14,č.2(2020)
The Corona pandemic has created a push towards digitization in a number of fields, not least in the public sector including democratic processes. This of course includes an increased interest in e-voting via the Internet. The Council of Europe has a long-standing history of work in the field including two Recommendations – (2004)11 and (2017)5 – which have become the de facto yardstick against which every e-voting system is measured. Rec(2017)5 builds on a decade of experience with e-voting and particularly strengthens two concepts important in any electronic voting system: Voting secrecy and auditability/verifiability. This has distinct implications for the design of e-voting protocols.
The aim of this paper is to analyse the impact on what arguably are the most popular voting protocol families, envelope and token protocols. How does the modified Recommendation impact on the viability of protocols and protocol design? The paper first presents the Council of Europe Recommendation and the technical issues it addresses. Then a model is introduced to assess a voting protocol against the Recommendation; a typical envelope and a token protocol are assessed in view of the model and finally the two assessments are compared including policy recommendations for a path to e-voting implementation.
Council of Europe; Envelope Protocol; e-Voting; Token Protocol; Voting Principles
p. 275–302
[1] Actica Consulting. (2007) Technical Evaluation of Rushmoor Borough Council e-voting Pilot 2007. [online] Available from: http://www.electoralcommission.org.uk/__data/assets/electoral_commission_pdf_file/0019/16192/Actica_Rushmoor_27248-20137__E__N__S__W__.pdf [Accessed 31 May 2018].
[2] Actica Consulting. (2007) Summary of Technical Assessments of May 2007 e-voting Pilots. [online] Available from: http://www.electoralcommission.org.uk/__data/assets/electoral_commission_pdf_file/0018/16191/Actica_Summary_27244-20136__E__N__S__W__.pdf [Accessed 31 May 2018].
[3] Bagnato, D. (2019) The impact of the Council of Europe Recommendation CM/REC(2017)5 on eVoting protocols. In: Nemeslaki, A., Prosser, A., Scola, D., Szadeczky, T. (eds.). Central and Eastern European eDem and eGov Days 2019, Budapest, 2–3 May.
[4] Blakley, G. R. (1979) Safeguarding cryptographic keys. In: IEEE (eds.). International Workshop on Managing Requirements Knowledge (MARK), New York, 4–7 June. https://doi.org/10.1109/MARK.1979.8817296
[5] Cohen, J. and Fischer, M. (1985) A robust and verifiable cryptographically secure election scheme. In: 26th Symposium on the Foundations of Computer Science, October 21–23, IEEE. https://doi.org/10.1109/SFCS.1985.2
[6] Common Criteria. (2014) Common Criteria Recognition Arrangement, Common Criteria for Information Technology Security Evaluation, Version 3.1R5, Parts 1 to 3. Available from: https://www.commoncriteriaportal.org/cc/ [Accessed 16 June 2020].
[7] Constitutional Court. (2011) V 85-96/11-15, 13 December.
[8] Estonian National Electoral Committee. (2010) E-Voting System – General Overview, Tallin, 2005–2010. [online] Available from: https://www.valimised.ee/sites/default/files/uploads/eng/General_Description_E-Voting_2010.pdf [Accessed 16 June 2020].
[9] Explanatory Memorandum to Recommendation CM/Rec(2017)5 of the Committee of Ministers to member States on standards for e-voting, 14 June 2017 (CM(2017)50-add1final). Available from: https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=090000168071bc84 [Accessed 17 April 2019].
[10] Guidelines on the implementation of the provisions of Recommendation CM/Rec(2017)5 on standards for e-voting, 14 June 2017(CM(2017)50-add2final). Available from: https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680726c0b [Accessed 17 April 2019].
[11] Chaum, D. (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24 (2). https://doi.org/10.1145/358549.358563
[12] Karhumäki, J. and Meskanen, T. (2008) Audit Report on Pilot Electronic Voting in Municipal Elections. University of Turku, Turku.
[13] Landgericht Regensburg. (2018) Strafverfahren wegen Verdachts der Wahlmanipulation in Geiselhöring. [press release] 15 October. Available from: https://www.justiz.bayern.de/gerichte-und-behoerden/landgericht/regensburg/presse/2018/7.php [Accessed 2 November 2018].
[14] Maaten, E. (2004) Towards remote e-voting: Estonian case. In: Prosser, A. and Krimmer, R. (eds.). Electronic Voting in Europe – Technology, Law, Politics and Society, GI-Edition, Lecture Notes in Informatics.
[15] Müller-Török, R. (2019) The Principles Established by the Recommendation CM/Rec(2017)5 on Standards for E-Voting Applied to Other Channels of Remote Voting. Masaryk University Journal of Law and Technology, 13 (1). https://doi.org/10.5817/MUJLT2019-1-1
[16] National Institute of Standards and Technology. (2001) Federal Information Processing Standards Publication 197, ADVANCED ENCRYPTION STANDARD (AES). [online] Available from: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf [Accessed 16 June 2020].
[17] Pichler, G. (2019) Darf man seinen ausgefüllten Wahlzettel auf Instagram teilen? Der Standard, 25 May. [online] Available from: https://www.derstandard.at/story/2000103646954/darf-man-seinen-ausgefuellten-wahlzettel-auf-instagram-teilen [Accessed 16 June 2020].
[18] Prosser, A. (2014) Transparency in eVoting – Lessons learnt. Transforming Government: People, Process and Policy, 8 (2). https://doi.org/10.1108/TG-09-2013-0032
[19] Prosser, A. and Müller-Török, R. (2009) E-Voting: Lessons Learnt. In: Kaplan, B. and Aktan, D. (eds.). International Conference on eGovernment and eGovernance, Ankara.
[20] Prosser, A., Kofler, R., Krimmer, R. and Unger, M. K. (2004) Implementation of Quorum-Based Decisions in an Election Committee. In: Traunmüller, R. (ed.). Proceedings of DEXA/EGOV 2004, Lecture Notes in Computer Science LNCS 3183, Springer, Berlin. https://doi.org/10.1007/978-3-540-30078-6_21
[21] Prosser, A. and Müller-Török, R. (2002) E-Democracy: Eine neue Qualität im demokratischen Entscheidungsprozess. Wirtschaftsinformatik, 44 (6). https://doi.org/10.1007/BF03250873
[22] Recommendation CM/Rec(2017)5 of the Committee of Ministers to member States on standards for e-voting, 14 June 2017 (CM/Rec(2017)5). Available from: https://rm.coe.int/0900001680726f6f [Accessed 17 April 2019].
[23] Recommendation Rec(2004)11 of the Committee of Ministers to member States on legal, operational and technical standards for e-voting, 30 September 2004. Available from: https://www.coe.int/t/dgap/goodgovernance/Activities/Key-Texts/Recommendations/Rec(2004)11_Eng_Evoting_and_Expl_Memo_en.pdf [Accessed 16 June 2020].
[24] Rivest, R. L., Shamir, A., Adleman, L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21 (2). https://doi.org/10.1145/359340.359342
[25] Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M. and Halderman, J. A. (2014) Security Analysis of the Estonian Internet Voting System. In: CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM. [online] Available from: https://jhalderm.com/pub/papers/ivoting-ccs14.pdf [Accessed 16 June 2020]. https://doi.org/10.1145/2660267.2660315
[26] State Electoral Office of Estonia. (2017) General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia, Document: IVXV-ÜK-1.0, Tallin. [online] Available from: https://www.valimised.ee/sites/default/files/uploads/eng/IVXV-UK-1.0-eng.pdf [Accessed 16 June 2020].
[27] Stein, R. and Wenda, G. (2014) Das Zentrale Wählerregister – Ein skalierbares Instrument zur Bürgerbeteiligung mit 1:1-Verifikation. In: Plodereder, E., Grunske, L., Ull, D. and Schneider, E. (eds.). 44. Jahrestagung der Gesellschaft für Informatik. INFORMATIK 2014, 22–26 September, Bonn. [online] Available from: https://subs.emis.de/LNI/Proceedings/Proceedings232/1427.pdf [Accessed 16 June 2020].
[28] White, I. and Coleman, Ch. (2011) Postal Voting & Electoral Fraud, SN/PC/3667, House of Commons Library.
Copyright © 2020 Masaryk University Journal of Law and Technology