Title: Standards for eVoting: The results of the work of the Election
1Standards for e-VotingThe results of the
work of the Election Voter Services Technical
CommitteeJohn Borras Chair Technical
Committee
www.oasis-open.org
2OASIS Overview
- OASIS is a member consortium dedicated to
building systems interoperability specifications - Focus is on applications of structured
information standards (eg XML, SGML) - Members of OASIS are providers, users and
specialists of standards-based technologies - Include organisations, individuals, industry
groups and governments - More than 500 members
- International, Not-for-profit, Open, Independent
- Successful through industry and government wide
collaboration
3OASIS Technical Agenda
- The OASIS technical agenda is set by the members
bottom-up approach - Technical committees formed by the proposal of
members - Attempt to cooperate and liaise with other
standards organisations as much as possible
4OASIS Standards Process
- Standards are created under an open, democratic,
vendor-neutral process - Any interested parties may participate and
contribute - No one organisation can dictate the standard
- Ensures that standards meet everyones needs, not
just largest players - Open to all interested parties
- All discussion open to public comment
- Resulting work is guaranteed to be representative
of OASIS as a whole, not just any one vendors
view
5Development of e-Voting Standards
- OASIS TC History
- Formed March 2001
- election.com, Accenture, Microsoft
- Chair since Aug 2001- UK Govt (currently Dept of
Constitutional Affairs) - Committee Membership
- Governments, Corporations, Election Services
providers, Academia
6Committee Charter
- The purpose of the Election and Voter Services
Technical Committee is to develop a standard for
the structured interchange of data among
hardware, software, and service providers who
engage in any aspect of providing election or
voter services to public or private organizations.
7Why Interchange Standards?
- Need for information to be exchanged at several
points in the election process - Several parties involved
- Need to service dissimilar systems and equipment
- Voting has to be an open, transparent process
8Targeted Processes
- Pre election
- Declaration of Elections
- Nominating Candidates
- Formulating Referendum
- Registration of Voters
- Election
- Casting of Votes
- Post election
- Declaring Results
- Audit
- Analysis
9(No Transcript)
10Deliverable - EML
- Process and Data Requirements
- Outlines voting processes
- Identifies data requirements
- Contains glossary of terms
- Addresses security issues
- XML Schemas
- Overview of approach taken in preparing the
schemas - 38 Individual schemas
11Security
- Key security requirements addressed
- in EML are
- Identity authentication
- Right to vote authentication
- Vote sealing and non-repudiation of vote accuracy
- Vote confidentiality
- Voting Audit
12EML Localisation
- Need to localise EML to reflect national
circumstances - Restrict certain parts, and/or add local elements
- Schematron used to handle and apply
localisations - EML(UK) prepared for use in UK pilots
- EML (Belgium) being prepared for Flemish local
elections
13Future TC work
- Future versions of EML to reflect experiences
learnt from UK and other pilots - Accommodate other types of election systems
- Develop compliance accreditation processes
- Ongoing enhancements and review to accommodate
any changes in voting policies/legislation - Move EML to an ISO Standard
14Council of Europe Project
- 43 countries, larger membership than EU
- Objective to set standards for e-voting at legal,
operational and technical levels - Members requirements for their election systems
fed into EML v4 - Ministerial directive Dec 04
- Recommends EML as core technical standard
15- Using EML with
- Trusted Voting Mechanisms
16From Specification to Implementation
- EML Specification is a set of formal tools
- How do we use them to actually ensure better
digital election processes? - What are the trust challenges that we face?
- What fundamental principles work?
17How to Facilitate Trust
- Since democracy was invented - people have sought
to influence the result of a vote - Our goal with EML and trusted balloting
mechanisms is to reduce the risk that people
will use the computer technology introduced into
the process to cheat in new and interesting
ways that were previously not available - Also - computer technology should remove old ways
of cheating such as ballot stuffing - and
therefore minimize the risks that were there
previously - People should be able to transparently understand
how the computer is handling their vote and have
the means to independently verify that and hence
be confident in and embrace the process.
18How do the principles work?
- Two most common deployed systems in USA
- Paper ballot scanning (70)
- DRE voting terminals (20)
- Used in polling station single-day events
19Principle of inherent confirmation
Party A
Party B
2
4
ask Party B to tell you what that information
says
1
Take what Party A tells you
3
copies can be independently audited
Compare the two
Keep secure copy
Keep secure copy
20DRE-based trust mechanisms
5
6
2
3
4
- Simplicity and transparency are our friends
- Isolation and separation essential in processing
and components - Intermediate work products use open standards
(EML) and should be certified for conformance
- Multiple sources of audit records are vital
- Inherent confirmation mechanism for voter trust
- Hardware and software platform independence
21Scanner-based trust mechanisms
5
Counting
Write-Once Storage
2
3, 4
XML
XML
Unique Crosscheck
Write-Once Storage
6
2
Ballot Context
XML
Results
- Simplicity and transparency are our friends
- Isolation and separation essential in processing
and components - Intermediate work products use open standards
(EML) and should be certified for conformance
- Multiple sources of audit records are vital
- Inherent confirmation mechanism for voter trust
- Hardware and software platform independence
22Ballot Counting Essentials
- Separation of process components
- Anonymous methods ensured (no time labelling)
- Separated from electoral voter list
- Simple counting mechanisms that are deliberately
context unaware - Counting only occurs after all balloting is over
- Sub-totalling at geographic levels
- Context applied only as last possible step
23Essentials for Trusted Voting
- Appling the right principles can provide trusted
verifiable voting processes - Use of open public specifications is essential
- Independent verification and inspection is vital
- Each new situation brings its own challenges no
one-size fits all / in-country localization - Future broad availability of proven
infrastructure - Supported by an Electoral Assurance Framework
24Electoral Assurance Framework
- Provides Accreditation, Assessment and
Certification of electoral systems and services - Builds trust by enabling public verifiability of
the whole voting process - Framework needs to be based on standards
- EML provides standardised interface points where
voting auditing processes can be independently
assesses under the Assurance Framework - UK Govt looking to set up such a Framework
25John Borrasjohnaborras_at_yahoo.co.ukDavid
Webberdavid_at_drrw.infoOASIS TC
www.oasis-open.org/committees/tc_home.php?wg_abb
revelectionEML (UK)www.govtalk.gov.uk/schemas
standards/schemalibrary_schema.asp?schemaid201