{"id":20474,"date":"2023-05-17T16:07:10","date_gmt":"2023-05-17T15:07:10","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=20474"},"modified":"2023-05-17T16:31:04","modified_gmt":"2023-05-17T15:31:04","slug":"independent-expertise-of-electronic-voting-systems","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/05\/independent-expertise-of-electronic-voting-systems\/","title":{"rendered":"Independent expertise of electronic voting systems"},"content":{"rendered":"\n

Introduction<\/h1>\n

Definition of electronic voting<\/h2>\n

Electronic voting is a dematerialised<\/strong>, self-counting <\/strong>voting system in which voters use electronic devices to record their votes.<\/p>\n

The system can be used remotely<\/strong> via internet voting<\/strong>, or in person where voters can visit polling stations equipped with voting machines.<\/p>\n

\u00a0<\/p>\n

History of electronic voting in France<\/h2>\n

The first traces date back to…1969!<\/h3>\n

The French Minister of the Interior, Raymond Marcellin, had the use of 100% mechanical <\/strong>voting machines authorised[i]<\/a>. Due to major breakdown and the failure to reduce fraud, these machines fell into disuse, but the amendment made to the electoral code remained.<\/p>\n

Use in professional elections<\/h3>\n

In the 2018 <\/strong>French public sector professional elections, 5.15 million public employees <\/strong>were asked to vote using an electronic voting solution.<\/p>\n

In 2022<\/strong>, 5.6 million public employees <\/strong>in the three branches of the civil service are called upon to vote for their union representatives in the representative bodies. The ballot took place from the 1st<\/sup> to the 8th<\/sup> of December 2022. This was precedent in several respects, including the generalisation of electronic voting in the civil service and the establishment of new bodies for social dialogue[ii]<\/a>.<\/p>\n

Experiments underway for voting by French citizens abroad<\/h3>\n

For the 2017 elections, the Ministry of Foreign Affairs and International Development had developed an online voting <\/strong>platform for French citizens living abroad to participate in the legislative elections<\/strong>.<\/p>\n

\u00a0<\/p>\n

Types of voting in French organisations<\/h2>\n

Since 2018 in the French private sector<\/strong>, it became compulsory for companies with more than 11 employees to hold elections for members of the staff delegation within the social and economic committees <\/strong>(CSE<\/strong>), by secret ballot<\/a><\/p>\n

\u00a0<\/p>\n

In all cases, the employer should inform the workforce every four years <\/strong>(unless the industry agreement provides for a shorter period of <\/em>between two and four years) by posting notices of the elections.<\/p>\n

\u00a0<\/p>\n

How electronic voting works in the context of professional elections<\/h2>\n

\u00a0<\/p>\n

\"\"<\/p>\n

\u00a0<\/p>\n

Prior to the vote, the employer must call the professional elections<\/strong> specifying the date, place, and voting method (paper, electronic, or hybrid).<\/p>\n

The organisation of elections is generally based on one or more centralised polling stations <\/strong>and regional polling stations, depending on the volume of votes and voters. The polling station members are trained<\/strong>, the solution is assessed, <\/strong>and test elections <\/strong>are held.<\/p>\n

Once the solution has been validated <\/strong>it goes into production<\/strong>, and the election can begin<\/strong>:<\/p>\n

    \n
  1. The electoral lists <\/strong>are drawn up and unions or employees can check and report any errors or omissions.<\/li>\n
  2. Candidates can campaign <\/strong>to the voters and present their program.<\/li>\n
  3. On the day of the opening of the vote<\/strong>, the solution is sealed <\/strong>using private encryption keys, where 1\/3 is held by the corporate administration and 2\/3 by the trade unions.<\/li>\n
  4. Voters then vote according to the <\/strong>designated timetable<\/strong>, the polling stations monitor the counting of votes and assist the voters, the supervision unit monitors the process and manages any incidents, and the provider company is mobilised if necessary.<\/li>\n
  5. On the closing <\/strong>day of the elections<\/strong>, the integrity of the ballot box (urn) is checked, and the unsealing is carried out by the administration and the trade unions.<\/li>\n
  6. The counting of <\/strong>the votes is then carried out under the control of the centralising polling stations.<\/li>\n
  7. The results of <\/strong>the elections should be communicated to the voters, publicly displayed, and sent to the labour inspector (\u201cInspecteur du travail\u201d<\/em>).<\/li>\n
  8. The ballot box is sealed <\/strong>again, and the entire solution (including copies of source and executable programs, voting materials, vote count, results and backup files and files that keep track of interventions on the system<\/em>) is archived under seal<\/strong> for a minimum of 2 years.<\/li>\n
  9. In the event of a dispute<\/strong>, an appeal may be lodged with the labour inspector or the district court.<\/li>\n<\/ol>\n

    \u00a0<\/p>\n

    What are the opportunities and risks in electronic voting?<\/h1>\n

    Opportunities<\/h2>\n

    Ease of implementation of the ballot<\/h3>\n

    Electronic voting is generally more efficient to implement than paper voting<\/strong>, requiring less manual work for preparation (printing of propaganda posters, logistics, etc.), counting and reporting of results. This leads to a reduction in costs and an improvement in the efficiency of the electoral process.<\/p>\n

    \u00a0<\/p>\n

    Reducing the carbon footprint<\/h3>\n

    Electronic voting greatly reduces the dependence on paper printing for electoral lists, propaganda documents, and especially ballot papers. It also drastically reduces travel depending on the geographical organisation of the company.<\/p>\n

    According to a study by Kercia[iv]<\/a>, the carbon footprint of a postal vote is more than twice that of an electronic vote.<\/p>\n

    \u00a0<\/p>\n

    Maximising participation and elected bodies with a broader electoral base<\/h3>\n

    Electronic voting allows for greater voter participation.<\/strong><\/p>\n

    A study conducted in Switzerland in 2011 showed that turnout increased by 2.2%<\/strong>[v]<\/a> in cantons that implemented e-voting compared to those that did not use this method. Similarly, a study in Estonia in 2014 found that the use of e-voting increased voter turnout by 3-4%<\/strong>[vi]<\/a>.<\/strong><\/p>\n

    Voters can vote remotely without having to physically travel <\/strong>to the polling station. This can increase voter turnout, especially in the context of the widespread use of remote work post-COVID-19.<\/p>\n

    \u00a0<\/p>\n

    Agreements with a stronger democratic basis<\/h3>\n

    E-voting can help to strengthen social dialogue <\/strong>due to wider outreach and greater accessibility for voter participation. The results of elections are more convincing by increasing the participation in the polls.<\/p>\n

    \u00a0<\/p>\n

    Risks<\/h2>\n

    Alteration of results<\/h3>\n

    Electronic voting systems can be vulnerable to attacks such as the usurpation <\/strong>of voter accounts<\/strong>, multiple votes by the same voter in the same election<\/strong>, or the compromise of ballots<\/strong>.<\/p>\n

    Protection of personal data<\/h3>\n

    The implementation of e-voting platforms should consider the risk of excessive collection of sensitive personal data <\/strong>such as voters’ political opinions.<\/p>\n

    Voters’ personal information may also be stored on vulnerable servers, exposing this data to the risk of compromised voting secrecy or data leakage<\/strong>.<\/p>\n

    Transparency of voting operations<\/h3>\n

    It can be difficult for each stakeholder to understand how votes are recorded and how the results are tabulated, leading to mistrust of the solution and the election<\/strong> results.<\/strong><\/p>\n

    \u00a0<\/p>\n

    These risks must be considered and mitigated in order to drastically reduce the probability of occurrence and\/or their impact on the smooth running of the elections.<\/p>\n

    \u00a0<\/p>\n

    How to comply with the regulations?<\/h1>\n

    CNIL deliberation 2019-053 of 25 April 2019<\/h2>\n

    \u00a0<\/p>\n

    \"\"<\/p>\n

    \u00a0<\/p>\n

    The CNIL<\/strong> (National Commission for Information Technology and Civil Liberties<\/em>) deliberation n\u00b02019-053 of 25 April 2019<\/strong>[vii]<\/a> simplifies and clarifies the texts of 2010 and 2018. The process is as follows:<\/p>\n

      \n
    1. Choice of security level <\/strong>(1, 2 or 3) according to a questionnaire provided by the CNIL[viii]<\/a>.<\/li>\n
    2. Implementation of a test voting platform <\/strong>(iso-production) prior to the elections, with support from the independent expert in the event of questions relating to the conformity of the technical and organisational choices to be made.<\/li>\n
    3. Independent assessment of the <\/strong>solution to evaluate the compliance of the solution with the security objectives: depending on the defined risk level, the security objectives are more or less strict. These are cumulative, e.g., if a risk level of 3 is defined, the objectives of levels 1, 2 and 3 must be met.<\/li>\n<\/ol>\n

      \u00a0<\/p>\n

      Decree 2011-595 (public sector)<\/h2>\n

      A regulation has been added to the CNIL deliberation 2019-053 for the public service <\/strong>and certain parastatal sector companies[ix]<\/a> :<\/p>\n

      \u00a0<\/p>\n

      \"\"<\/p>\n

      \u00a0<\/p>\n

      In addition to the CNIL security objectives, 18 articles <\/strong>composing this decree must be respected and checked by the independent expert. The control points include for example:<\/p>\n