An introduction into internet voting

Florian Moser

Playlists: 'gpn22' videos starting here / audio

Internet voting allows you to submit your vote over the internet using your own device. This talk will give an introduction into the topic: Why might governments, associations or political parties turn to internet voting? What are the security requirements of such a system, and how does this differ to e-banking or postal voting? How do such systems work, and what separates a bad from a good (or at least a "better") voting system?

Everything is better digitalized: e-banking, crypto currencies, smart homes, vtubers, ... - so when can we finally vote online? /s

When a government, and an association or a political party starts to provide internet voting to its voters, it usually aims to increase turnout or reduce cost, while retaining a similar level of security than their current voting methods. But the security of internet voting is hard to compare to the security of other voting channels or other secure systems, such as e-banking. Further, reduced cost or increased turnout depends heavily on the context the election is held in.

But what if the decision is taken, that internet voting needs to be provided? Simple systems usually do not cut it, as they need to relay on strong trust assumptions in the system provider, the administrators and even the voters. Against rogue employees or even nation-state adversaries, a black-box system stands no chance. Even in strong adversarial scenarios needs the system to keep votes secret, but at the same time remain transparent to verify the votes have been tallied correctly.

Internet voting systems are in active use for political elections, for example in Switzerland. Looking at the history of such systems shows how full transparency and independent evaluations are necessary to detect flaws. For non-political elections (e.g. universities, associations), few available systems are sufficiently transparent to even begin evaluating them, and certifications such as BSI's corresponding Common Criteria are insufficient on their own.

To summarize, the talk answers the following questions:
- Why institutions would want or not want to use internet voting.
- What properties an (internet) voting systems need to achieve.
- What separates a bad from a better internet voting system.

No scientific / computer science background is need to follow this session.