The openevoting way of auditing requires evoting sytems which fulfill the following specifications (draft rev. 0.4 11/2016):
- Each vote/ballot must be verifyable
- Votes/ballots must be anonymous
- Votes/ballots must be system independent
- Filled ballots and their history must be provided online
- Voting protocol must be published
- Encryption function of ballots must be published
- Evoting system must be made as simple as possible.
- Evoting system and operating system must be based on open source libraries
1. Each vote/ballot must be verifyable
Each ballot must contain some additional infomation which enables any outsider to proof that the ballot was…
- filled by a valid voter
- is irreversibly linked to the voting district
- was not changed
- was not inserted by a system administrator / man in the middle
Note! Just the publication of the result is a NULL information – useless for any audit.
2. Votes/ballots must be anonymous
It must not be possible for the authority or for any system administration to break anonymity of voters. This covers also failures caused by malfunction of software or wrong system design. In other words: what ever they do at the server side, they must not be able to break voter’s anonymity.
3. Votes/ballots must be system independent
Research results are worthless without the underlying data. Results must be reproducible, although results are independent from any statistical software. So in this context an e-voting result must be reproducible from underlying data – the ballots – without the system which collected them.
4. Filled ballots and their history must be provided online
As we stated in 1. we don’t need any results, we need the ballots and we need them online. From start to end of the evoting phase we want to see how the result materializes.
5. Voting protocol must be published
To provide full transparency we have to know what happens between the voting client and the ballot box.
6. Encryption function of ballots must be published
No black box voting! The publication of the encryption function enables everybody to recount and verify the ballots.
7. Evoting system must be made as simple as possible.
More complex systems are difficult to review – especially in cryptography things should be made as simple as possible.
8. Evoting system and operating system must be based on open source libraries
To be really sure what’s going on and what happens to our votes we want to see the function/library between input and output. As encryption libraries cannot work without an operationg system, we propose that also the operating system is open source. This enables the greatest possible review – a community review.