About Scytl
advertisement
Internet Voting Solutions Towards greater efficiency April 2012 Oleksiy Lychkovakh Business Development Manager oleksiy.lychkovakh@scytl.com Pablo Sarrias EVP Sales&Marketing pablo.sarrias@scytl.com Index About Scytl Our solutions portfolio Pnyx – our core technology Advanced e-voting security E-voting risks to consider 2 About Scytl A Global provider of Election modernization About Scytl Overview Worldwide leader in secure electronic voting & electoral modernization Strong scientific background university spin-off Leading advisor 70% market share 15 out of 17 countries using our system Largest patent portfolio 41 patents worldwide of international institutions & governmental agencies 4. About Scytl Overview Concept Scytl Countries running e-elections 15 out of 17 Largest election executed 3,500,000 electors 1,450,000 votes cast Total elections managed >100,000 electoral events Public sector experience >80% of our clients are governments Patents in the electoral field 21 granted 20 pending Scientific publications 30+ Number of employees 145 5. About Scytl Where we work London Kiev Toronto Barcelona Baltimore Athens Tampa New Delhi 6. About Scytl Our customers Canada The EU USA Austria Mexico Slovakia Peru BiH Argentina Ethiopia Finland The UAE Norway India The UK The Philippines France Australia Spain South Africa Switzerland 7. About Scytl Audits & Certifications European Commission (EU) Canton of Neuchâtel (Switzerland) City of Barcelona (Spain) Electoral Commission (Philippines) State of Victoria (Australia) State of Gujarat (India) State of Florida (US) Ministry of Science and Research (Austria) Ministry of Justice (UK) Ministry of Local Government (Norway) Ministry of Foreign Affairs (France) Electoral Commission (UAE) 8. About Scytl International awards Scytl has received multiple international awards, including: • ICT Prize, granted by the European Commission. • European Venture Contest Award, granted by the European Association of Venture Capital. • Best Case Label, granted by the European Commission. • Leader de l’ITech-Economie, granted by the French Chambers of Commerce. • Global Innovator Award, granted by The Guidewire Group. • Red Herring 100, granted Red Herring Magazine. • Premi Ciutat de Barcelona, granted by the City of Barcelona. • ebiz egovernment award, granted by the Austrian chancellery. • Tech Start-up 100 granted by the Telegraph • eWorld award granted by the Indian Government About Scytl Strategic Alliances About Scytl References (1/3) South Africa - NCOP United Arab Emirates – EIDA • Expected on 2011 to 2012 • Implementation of the Parliament Voting Solution in the National Council of Provinces • 2011 (and next years) • Electronic Voting for Commission of UAE. the National Electoral India - State of Gujarat Peru - Organization of American States • • • • • 2010 to 2011 • Comprehensive audit of the in-person electronic voting solution developed by the National Office of Elections of Peru (ONPE). 2010 to 2015. Internet voting will be used during 5 years. 30-40% illiteracy rate among voters. 50 million voters. Norway - Ministry of Local Government • 2010 to 2015. • Voting system to cover all public Norwegian Elections i.e. County, Municipality, Parliamentary elections and Referendums. Bosnia & HerzegovinaCentral Election Commission • 2010 to 2012 • Developed an Integrated Information Election System: Election preparation, processing, certification of candidates, political parties & printing of the ballots, Election night reporting, … 11. About Scytl References (2/3) Australia - Victoria Electoral Commission Philippines, COMELEC • 2006-2010 • Voting solution for handicapped and illiterate voters for State-level Elections. • 2007 • Internet Voting for Filipino citizens living abroad. United States - Department of Defense United State - West Virgina State • 2010 • Absentee Voters Solution compliant with the MOVE Act. Delivery of blank ballots and ballots marked online to 6 Million overseas voters. • 2010 • Absentee Voters Solution for West Virginian voters who live overseas United States - District of Columbia Board of Elections and Ethics • 2010 • Early-voting solution that allowed to share voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. United States - State of Texas • 2010. • Early-voting solution that allowed sharing voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. 12. About Scytl References (3/3) United States, State of Florida • 2008, 2010 • Internet Voting allowing the Military Overseas Absentee voters located in Japan, Germany and the UK participate in the 2008 and 2010 Elections. Canada National Democratic Party • 2012 • Internet Voting for the NDP Leadership Election Catalonia (Spain) - City of Barcelona • 2010 • Internet-based citizen consultation to vote remotely or from one of the 110 polling centers • 1,4 million citizens United Kingdom - Ministry of Justice • 2007 • E-voting solutions in multichannel scenarios for the Municipality Elections of Rushmoor and South Bucks France - Ministry of Foreign Affairs • • 2009 to 2013 Internet voting for French non-residents citizens to vote for their representatives in the Senate France - Ministry of National Education and Ministry of Universities and Higher Education • 2010 to 2013 • Internet voting for more than 1.000.000 staff employed by both Ministries to vote for their Union representatives. 13. Our solutions portfolio Solutions for all the stages in the Election life cycle Our solutions portfolio Solutions portfolio eVoting Election Management Corporate Management Internet voting voter registration pollworker training voting kiosks election configuration asset management telephone voting voter list online help desk eBallot delivery results consolidation task management election night report information portal eDemocracy Parliaments & Assemblies Consulting Services e-consultations in house e-voting electoral consulting citizen web portal session management project management field agent internet voting dissemination & tracking webcasting satisfaction assessment 15. About Scytl Product portfolio Pre-Election Election Management Voter Registration Post-Election Election Day Management Voting Talling Consolidation Reporting Results Consolidation Election Night Reporting Electronic Pollbooks Poll-site eVoting Polling Station eVote Tally Election Help Desk Internet Voting Internet and IVR eVote Tally Participation Reporting Phone Voting Paper Ballot Scanning (PCOS & CCOS) Management Dashboard Candidate Filing Pollworker Training Ballot Design Asset Tracking Election Project Management Electronic Ballot Delivery Paper Ballots Our solutions portfolio Benefits of a proven solution VS in-house Time-to-market Research & experience • Developing an advanced • Building state-of-the-art e-voting Manage risk • Building a new solution may Cost effectiveness • Using an existing and e-voting solution is time solutions requires extensive be in conflict with one or more proven solution is more consuming, complex and academic research. of over 1.000 patents in the cost effective than field of e-voting. building one from effort extensive. • Using a certified and proven existing e-voting solution significantly reduces time-to-market. • Immediately pursue any window of opportunity. • Teaming up with the market leader allows learning from previous experiences. • Large amount of references successfully carrying out high- • Using a certified and proven scratch. existing solution significantly eliminates risk. • Governments and companies profile and election critical were unsuccessful introducing projects. new e-voting solutions. 17. Pnyx Internet Voting Solution overview Pnyx What is Pnyx? Pnyx is the name we gave to our core electronic voting technology: It is the result of over 17 years of research security applied to electronic voting processes. It is based on groundbreaking cryptographic technology. It guarantees the same levels of trust, security and privacy that exist in conventional paper-based elections without having to trust either the administrators of the system or the complex technological systems used. 19. Pnyx Efficiency Scytl uses pioneering technology to optimize the delivery of public services, enhancing governments’ efficiency in carrying-out electoral processes: Cost-effective Speed Enfranchisement Economies of scale: Speed-up the counting process The use of remote electronic Avoiding elevated storage and by electronically receiving the voting technologies is the ultimate maintenance costs results from all the polling places, answer to voter enfranchisement, Allowing to reuse existing automatically consolidate them allowing overseas and remotely infrastructure and assign the corresponding located voters to exercise their Eliminating printing, postage & mandates. right to vote. mailing costs 20. Pnyx Usability Scytl’s solutions have been specifically designed to be accessible to both computer-illiterate and disabled voters, while adapting to any language specificities: Ease of use Accessibility Flexibility Reproduce a similar process to Scytl takes into account the Adapted to any ballot format paper-based elections, specific needs of the voters with Supports multiple languages. computer-illiterate disabilities and enables them to Scytl has provided solutions people to vote without any participate in elections without in: Russian, Gujarati, Arabic, previous training. assistance, fully guaranteeing Mandarin, etc. allowing their privacy. 21. Pnyx Security Scytl's solutions provide end-to-end security, preventing both internal and external attacks, guaranteeing voters’ privacy and allowing their audit by authorized third-parties: Integrity Auditability Privacy Advanced tamper-proof security Can be audited by independent Votes are encrypted in the voters' measures using ground-breaking experts before, during and after voting device before they are and the election day. cast. Only the Electoral Board can cryptography to prevent attacks Voters are provided with a voting decrypt the votes. The decryption from anyone, including hackers or receipt that allows them to check of the votes is carried out by system that their vote has been counted. breaking the correlation between highly advanced administrators privileged access. with the voters' identity and their vote. 22. Advanced e-voting security Pnyx 23 Advanced e-voting security Problems that need to be addressed 1. Each individual ballot is correctly added to the total number of ballots. 2. An individual ballot remains anonymous despite any technical means that could be used to track it down. 3. No any individual ballot that really was not cast can be added to the total number of ballots. 4. The possibility of votes buying and selling is not higher than using traditional election procedure. 5. The possibility of any form of 'family voting’ (in family, at workplace etc.) is not higher than using traditional election procedure. 6. Civil society observers can verify that elections using E-voting is fair even if they don’t have any specific knowledge in computer technology. 7. No one can misuse the voting process by offering a computer (voting point) to derive profit from it. 8. Voting process can be suspended only due standard force majeure events not due some people’s intentional wrecking. Advanced e-voting security Security concepts in Internet Voting Voter privacy compromise Innacurate auditability Cast as intended Vote verification tampering + Universal verifiable Mix-net Vote deletion Recorded as cast verification + + Secret Sharing Schemes Vote encryption + + Eligibility verifiability Multiple voting + + Immutable logs Voter coercion, Unauthorized voters casting votes Digital signatures family voting and vote buying Voter impersonation / Ballot stuffing Intermediate results ElectionDoS boycott-denial of service Specific countermeasures 25. Advanced e-voting security Conventional security measures System Administrator Voter E-voting technological infrastructure Electoral Board Electronic voting with conventional security measures • Protection only focused on external threats and attacks. • Voter’s authentication solved but voter’s privacy not addressed. • Electoral board’s has no role. • Lack of voter-verifiability (“Thank you for having voted” messages). 26. Advanced e-voting security Scytl’s specialized security measures System Administrator Voter e-Voting technological infrastructure Electoral Board Electronic voting with Scytl’s specialized security technology • Application-level cryptographic protocol running on the voter’s device and on an airgapped electoral board server. • Protection focused also on internal threats and attacks. • Focus on the specific security requirements of voting rather than on the generic ones. 27. Advanced e-voting security Scytl’s specialized security measures Scytl' specialized e-voting security technology is focused on the specific security needs of elections End-to-end security Voter State of the art E-Voting security: -Cast as Intended -Recorded as Cast -Counted as Cast -Voter self verification -Voter privacy -Zero trust Client System Administrator Digital ballot box Electoral Board Protection of the votes: -Protection of partial results -Integrity of the ballot box -Fully auditable results -Universal verifiability Protection against internal attacks (End-to-end security from the voter to the Electoral Board) 28. Advanced e-voting security Article 6 of the Constitution of Latvia The Saeima shall be elected in general, equal and direct elections, and by secret ballot based on proportional representation 29 E-voting risks to consider 30 E-voting risks to consider General security risks of remote voting Voter privacy compromise Innacurate auditability Vote tampering Vote deletion Voter coercion and vote buying Election boycott-denial of service Unauthorized voters casting votes Voter impersonation / Ballot stuffing Intermediate results 31. E-voting risks to consider Voter authentication risks How can we proof voter identity in a remote way? Username and password methods: Username and password values are stored in the voting server to verify voter identity: they are vulnerable to credential stealing. High Risk: Unauthorized voters, voter impersonation and ballot box stuffing Digital certificates Digital certificates and digital signatures: provides strong authentication. No personal credentials are stored on the voting server and (encrypted) votes can be digitally signed. Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering E-voting risks to consider Voter authentication risks How can we proof voter identity in a remote way? Supervised kiosk: Voter is identified in-person by poll workers at a supervised center Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering E-voting risks to consider Vote secrecy How can we protect a vote from eavesdroppers? Network encryption: Voting options are only encrypted while transmitted over the network but processed in clear at the voting server: they are vulnerable to attackers that have access to the server. High Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion Application level encryption: Voting options are encrypted at the voting terminal and remain encrypted until the electoral board decrypts them: they are not vulnerable to server attacks. Low Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion E-voting risks to consider Vote integrity How can we protect votes from being modified? MAC functions: Vote integrity is protected by means of a voter/server shared MAC key stored in the voting server: they are vulnerable to key stealing. Medium Risk: Vote tampering and vote impersonation/ballot box stuffing Digital signatures and Zero knowledge proofs of origin: Private values needed to perform digital signatures and ZK proofs are not stored on the server. Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering E-voting risks to consider Election Key Security How can we protect a vote from decryption? Access control: Access to the decryption key is protected by authentication and authorization (ACL) means: vulnerable to brute force attacks. High Risk: Voter privacy compromise, intermediate results and voter coercion Secret sharing schemes: Threshold cryptography is used to create and split the election key in shares without requiring to store the key as a whole anywhere. A minimum number of Electoral Board members must collaborate with their key shares to decrypt the votes. Low Risk: Voter privacy compromise, intermediate results, voter coercion and denial of service E-voting risks to consider Voter privacy How to preserve voter anonymity? Straight forward decryption: Clear text votes can be correlated with encrypted votes, which could be connected to the voters: voter privacy could be broken. High Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion Mixnets: Encrypted votes are shuffled and decrypted (or re-encrypted and decrypted) several times before obtaining the clear-text votes. Encrypted votes and decrypted ones cannot be directly correlated by position, preserving voter privacy. Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion E-voting risks to consider Voter privacy How to preserve voter anonymity? Homomorphic tally: Encrypted votes are not individually decrypted. The result is the decryption of the operation of all the encrypted votes. Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion E-voting risks to consider Election auditability How to audit election fairness? Standard logs: Sensitive operations are registered in standard log files: logs could be altered without being noticed to hide malicious practices. High Risk: Inaccurate auditability, voter privacy compromise, vote tampering, ballot stuffing, voter coercion, etc. Immutable logs: All sensitive operations are registered in cryptographically protected logs and cannot be manipulated. Low Risk: Inaccurate auditability. Standard receipt: Voters receive a proof of casting based on non-cryptographically protected information (i.e., does not provide counted as cast features). High Risk: Inaccurate auditability. E-voting risks to consider Election auditability How to audit election fairness? Individual voter verification - cast as intended: Voter is able to verify that the vote recorded by the voting server contains the voting options originally selected by herself. (E.g., Return Codes). Low Risk: Inaccurate auditability. Individual voter verification - counted as cast: Voters are able to verify that their votes have been included in the final tally. This verification can be complemented with the Universal verifiability Low Risk: Inaccurate auditability. E-voting risks to consider Election auditability How to audit election fairness? Universal verifiability: Allows observers or independent auditors to verify the proper decryption of the votes by means of using cryptographic proofs (e.g., ZKP) generated by the decryption process. Low Risk: Inaccurate auditability. End-to-end verification: Combination of individual and universal verifiability Lowest Risk: Inaccurate auditability. Implementation FAQ Typical questions 42 Implementation FAQs Typical questions • How much time it is needed to implement Internet Voting? • Is it a reduced pilot recommended, or a country roll out? • Is it better to start using the system on an Election or on a referendum or consultation? • Is the legislation ready? • What is the certification of the system be in Latvia? • How are citizens going to be authenticated? • How much does it cost? Latvia Current schema discussed Our solutions portfolio Voter registration Voter registration Configuration Voting Counting & consolidation Reporting In order to carry out Internet voting, voters must be correctly authenticated before they can access the system. Several options are available: Existing digital certificates (e.g. an e-ID) Voting credentials subject to physical identification Special credentials sent by mail or online credentials Existing credentials used to access other government systems Personal data available to the EA. No credentials Pnyx has been designed so that it can be easily integrated with existing voter registration systems and processes. 46. Our solutions portfolio Election configuration Voter registration Configuration Voting Counting & consolidation Reporting Scytl allows you to configure electronically any aspect of the electoral process, including: Voting period Electoral model Electoral roll Candidates Ballots Voter credentials Electoral Board Electoral Board Once the election is configured, a Electoral Board is created before the evoting process starts. Each of the members is given a share of the election key used to open all of the digital votes. A threshold is required to reconstruct the key at the end of the e-voting process. 47. Our solutions portfolio Voting process Voter registration Configuration Counting & consolidation Voting Reporting Scytl offers groundbreaking and highly secure electronic voting solutions for both remote and on-site voting: Remote eVoting On-site eVoting Phone Voting Uncontrolled environment Controlled environment Un- & Controlled environments eBallot Delivery Uncontrolled environment Casting of votes through Casting of votes from Casting of votes from a land Voters receive their ballot any device (PC, mobile electronic voting terminals line or mobile phone, from a electronically, mark it online, phone, PDA, etc.) with an located in polling stations polling station or any place return it by mail, fax or email with coverage and at any point check its Internet connection status 48. Our solutions portfolio Ballot counting and consolidation Voter registration Configuration Step 1 The digital ballot box is downloaded and transported to an isolated environment under the control of the Electoral Board Voting Counting & consolidation Reporting Step 2 The Electoral Board rebuilds the election key using their shares Step 3 Step 4 A Mixing process is started that decrypts the votes and breaks any correlation between the ballot and elector The decrypted ballots are tallied and the results are provided to the Electoral Board 49. Our solutions portfolio Reporting Voter registration Configuration Voting Counting & consolidation Reporting Election results broadcast on the web Maps, Bar charts, Downloadable reports RSS, Email and Social Media integration City, County & State-wide presentation Benefits: Improves the dissemination of information to the public Increases transparency and public outreach 50. Our solutions portfolio Pricing policy Multiple factors can have an influence on the cost of an election, including but not limited to: • The number of voters that are eligible to participate with an election. • Sizing and other requirements for Hardware and Network infrastructure. • Hosting of the solution. • Support requirements. • Helpdesk and/or call center needs. • Electoral requirements. • Voting channels that will being used. • Voter authentication mechanisms. • Potential voter registration and election administration requirements. • Customization requirements, potential integration with existing solutions. • Additional solutions and services that may be needed. 51.
