Standards for eVoting: The results of the work of the Election

1
Standards for e-VotingThe results of the
work of the Election Voter Services Technical
CommitteeJohn Borras Chair Technical
Committee
www.oasis-open.org
2
OASIS Overview

• OASIS is a member consortium dedicated to
  building systems interoperability specifications
• Focus is on applications of structured
  information standards (eg XML, SGML)
• Members of OASIS are providers, users and
  specialists of standards-based technologies
• Include organisations, individuals, industry
  groups and governments
• More than 500 members
• International, Not-for-profit, Open, Independent
• Successful through industry and government wide
  collaboration

3
OASIS Technical Agenda

• The OASIS technical agenda is set by the members
  bottom-up approach
• Technical committees formed by the proposal of
  members
• Attempt to cooperate and liaise with other
  standards organisations as much as possible

4
OASIS Standards Process

• Standards are created under an open, democratic,
  vendor-neutral process
• Any interested parties may participate and
  contribute
• No one organisation can dictate the standard
• Ensures that standards meet everyones needs, not
  just largest players
• Open to all interested parties
• All discussion open to public comment
• Resulting work is guaranteed to be representative
  of OASIS as a whole, not just any one vendors
  view

5
Development of e-Voting Standards

• OASIS TC History
• Formed March 2001
• election.com, Accenture, Microsoft
• Chair since Aug 2001- UK Govt (currently Dept of
  Constitutional Affairs)
• Committee Membership
• Governments, Corporations, Election Services
  providers, Academia

6
Committee Charter

• The purpose of the Election and Voter Services
  Technical Committee is to develop a standard for
  the structured interchange of data among
  hardware, software, and service providers who
  engage in any aspect of providing election or
  voter services to public or private organizations.

7
Why Interchange Standards?

• Need for information to be exchanged at several
  points in the election process
• Several parties involved
• Need to service dissimilar systems and equipment
• Voting has to be an open, transparent process

8
Targeted Processes

• Pre election
• Declaration of Elections
• Nominating Candidates
• Formulating Referendum
• Registration of Voters
• Election
• Casting of Votes
• Post election
• Declaring Results
• Audit
• Analysis

9
(No Transcript)
10
Deliverable - EML

• Process and Data Requirements
• Outlines voting processes
• Identifies data requirements
• Contains glossary of terms
• Addresses security issues
• XML Schemas
• Overview of approach taken in preparing the
  schemas
• 38 Individual schemas

11
Security

• Key security requirements addressed
• in EML are
• Identity authentication
• Right to vote authentication
• Vote sealing and non-repudiation of vote accuracy
• Vote confidentiality
• Voting Audit

12
EML Localisation

• Need to localise EML to reflect national
  circumstances
• Restrict certain parts, and/or add local elements
• Schematron used to handle and apply
  localisations
• EML(UK) prepared for use in UK pilots
• EML (Belgium) being prepared for Flemish local
  elections

13
Future TC work

• Future versions of EML to reflect experiences
  learnt from UK and other pilots
• Accommodate other types of election systems
• Develop compliance accreditation processes
• Ongoing enhancements and review to accommodate
  any changes in voting policies/legislation
• Move EML to an ISO Standard

14
Council of Europe Project

• 43 countries, larger membership than EU
• Objective to set standards for e-voting at legal,
  operational and technical levels
• Members requirements for their election systems
  fed into EML v4
• Ministerial directive Dec 04
• Recommends EML as core technical standard

15

• Using EML with
• Trusted Voting Mechanisms

16
From Specification to Implementation

• EML Specification is a set of formal tools
• How do we use them to actually ensure better
  digital election processes?
• What are the trust challenges that we face?
• What fundamental principles work?

17
How to Facilitate Trust

• Since democracy was invented - people have sought
  to influence the result of a vote
• Our goal with EML and trusted balloting
  mechanisms is to reduce the risk that people
  will use the computer technology introduced into
  the process to cheat in new and interesting
  ways that were previously not available
• Also - computer technology should remove old ways
  of cheating such as ballot stuffing - and
  therefore minimize the risks that were there
  previously
• People should be able to transparently understand
  how the computer is handling their vote and have
  the means to independently verify that and hence
  be confident in and embrace the process.

18
How do the principles work?

• Two most common deployed systems in USA
• Paper ballot scanning (70)
• DRE voting terminals (20)
• Used in polling station single-day events

19
Principle of inherent confirmation
Party A
Party B
2
4
ask Party B to tell you what that information
says
1
Take what Party A tells you
3
copies can be independently audited
Compare the two
Keep secure copy
Keep secure copy
20
DRE-based trust mechanisms
5
6
2
3
4

• Simplicity and transparency are our friends
• Isolation and separation essential in processing
  and components
• Intermediate work products use open standards
  (EML) and should be certified for conformance

• Multiple sources of audit records are vital
• Inherent confirmation mechanism for voter trust
• Hardware and software platform independence

21
Scanner-based trust mechanisms
5
Counting
Write-Once Storage
2
3, 4
XML
XML
Unique Crosscheck
Write-Once Storage
6
2
Ballot Context
XML
Results

• Simplicity and transparency are our friends
• Isolation and separation essential in processing
  and components
• Intermediate work products use open standards
  (EML) and should be certified for conformance

• Multiple sources of audit records are vital
• Inherent confirmation mechanism for voter trust
• Hardware and software platform independence

22
Ballot Counting Essentials

• Separation of process components
• Anonymous methods ensured (no time labelling)
• Separated from electoral voter list
• Simple counting mechanisms that are deliberately
  context unaware
• Counting only occurs after all balloting is over
• Sub-totalling at geographic levels
• Context applied only as last possible step

23
Essentials for Trusted Voting

• Appling the right principles can provide trusted
  verifiable voting processes
• Use of open public specifications is essential
• Independent verification and inspection is vital
• Each new situation brings its own challenges no
  one-size fits all / in-country localization
• Future broad availability of proven
  infrastructure
• Supported by an Electoral Assurance Framework

24
Electoral Assurance Framework

• Provides Accreditation, Assessment and
  Certification of electoral systems and services
• Builds trust by enabling public verifiability of
  the whole voting process
• Framework needs to be based on standards
• EML provides standardised interface points where
  voting auditing processes can be independently
  assesses under the Assurance Framework
• UK Govt looking to set up such a Framework

25
John Borrasjohnaborras_at_yahoo.co.ukDavid
Webberdavid_at_drrw.infoOASIS TC
www.oasis-open.org/committees/tc_home.php?wg_abb
revelectionEML (UK)www.govtalk.gov.uk/schemas
standards/schemalibrary_schema.asp?schemaid201