Requirements of E-Voting

Considerations and Examples

E-Voting has additional requirements and concerns aside from those found with traditional voting.

Fail safe voter privacy

Privacy must be preserved long enough to preserve backward and forward election integrity.

Example

The system needs to prevent voters from being coerced on previous votes, or from forcing certain future votes.

Collusion free vote secrecy

Vote secrecy must be ensured in cases of attacks against the system, collusion or faults in the system.

Example

If an encryption algorithm used in the system is eventually broken, the votes should remain private.

Verifiable election integrity

The systems must provide that one and only one valid vote cast by the voter.

Example

If a voter tries to vote multiple times online, and in the polling place, they would be denied for subsequent attempts.
This is not American Idol.

Fail safe privacy in verification

Regardless of circumstances, the idenitify of the voter of a vote must never be revealed.

Example

Should a vote be analyzed, due to some fault in the system, or a court order, the identity of the voter must not be discovered.

Human recounting and auditing

The systems must be able recountable and audited offline and in realtime, by humans, without conflicting with other requirements.

Example

If the e-system, online or otherwise electronic fails, or there is a case where there is no electricity, the votes must still be human readable.

Complete accuracy

Every vote and absence of a vote must be counted, without fail.

Example

Regardless if a person votes for a position, or intentionally casts a blank vote (e.g. a write-in option, or an unusual selection otherwise), it should be counted.

Represent blank votes

Blank votes must be an option for all positions possible on a ballot before casting.

Example

While selecting a vote for a position, the voter should be able to change their selection, and the choice of a blank vote should be present.

Prevent over voting

In single vote per race cases, the system must inform multiple selections are an error.

Example

When selecting from a list of choices to vote for, and it is a single-vote-race (i.e. there is only one governor), the system should inform the user of the error of selecting multiple choices.

Null votes

The system must provide the option for null ballots.

Example

Should a vote cast be incomphrensible (i.e. they draw a giraffe on the ballot next to a checkbox), or otherwise required to be excluded, it should not be counted.

Allow undervoting

The system must allow for undervoting.

Example

Intentionally leaving a section of the ballot blank, or selecting less than the maximum number of selections possible, should be allowed with an optional accompanied warning.

Authenticated Styles, Rotation & Resources

The system must use consistent styles of ballot, rotation and other resources, and only resources that are authenticated may be shown.

Example

Only secure assets from known authenticated sources can be shown to the voter.

Redundancy of Links

The system must use redundant links and keys to securely define, authenticate and control ballots.

Example

In an online e-voting system, a DoS attack should be mitigated by using many distributed systems to balance the load.

Offline security

The system must provide for offline secure end-to-end control of ballots.

Example

The online or electronic control of the ballot must be secure, but in addition, the offline versions must also work correctly and securely.

Technology independent

The system must be implemented such that the system is most accessible.

Example

The system must be designed and implemented so it may be used offline, and in non-ideal conditions, and be compatiable as possible.

User defined presentation

The system must allow ballots to be shown in multiple languages, layouts and other formats.

Example

If a voter desires a larger font size, it must be available to them, or if they are given an English ballot but would prefer a Spanish ballot, it must be available to them.

Open Source

The entire system must be open source.

Example

All source code should be in the public so that it can be publically audited and verified at any time, which includes all algorithms, protocols, assets and other resources.
Keys for encryption algorithms, for example, may remain secret.

Credits

These requirements are explained in detail in Voting System Requirements by Safevote hosted on The Bell.