Votobit 27-05-2005
--Paladino Mimmo
Sthephen Mason.
Stephen Mason is the Legal Director of Cryoserver Limited and a non-practising barrister and door tenant at St Pauls Chambers Associate Research Fellow of the Institute for Advanced Legal Studies, 2004 - 2005; General Editor, e-Signature Law Journal.
Technology has long been used in the process of voting, and the use of electronic machines was introduced in the United States of America in the 1970s. More recently, vendors have encouraged the use of remote electronic voting methods, and politicians have begun to consider such options, including the use of the internet, telephone, text messaging and interactive digital television. This paper considers some of the practical and security issues that affect remote electronic voting.

The concept of the secret ballot was first given the force of law with the passing of The Electoral Act of 1856 by the colony of Victoria in Australia.
(1) For the first time, ballot papers were standardized. The government issued ballots with the name of the candidates already printed on the ballot paper. Since the passing of this Act, known as the Australian secret ballot in the United States of America, various technologies have been utilized to facilitate voting arrangements, particularly in the United States. Apart from the use of the paper ballot, a range of technologies has been used in voting, as set out below.

The mechanical lever voting machine
The lever voting machine was introduced in 1892. There is no document for the voter to mark. The voter enters the voting booth and chooses the candidates they wish to vote for on a ballot posted in the booth by pulling a lever for each choice. An advance in the counting mechanism records each vote. The ballot is counted by taking a record of the numbers on each machine. These machines are no longer made and are gradually being replaced.

Computer assisted counting (Punched cards and Optical scanning)
Punched cards were first used in 1964. There are different types of punch card, but the principle is the same. The voter records their choice of candidates by punching holes in appropriate locations on a paper computer card. This card is, at a later stage, fed into a compute reader to record the vote. The piece of card that is punched out is called a chad. This method of voting is considered to be the least accurate and most prone to error. Optical scanning was first used in the 1980s. In this instance, the voter uses a paper form and appropriate writing instrument to fill in the relevant boxes, or whatever other form of mark is required on the form. The completed ballot paper is then passed through a device that senses the marks and records the votes.

Electronic voting
Electronic voting was first introduced in the 1970s. It is called direct recording electronic technology and corresponds to, but is more sophisticated than the lever voting machine. The voter chooses candidates from a ballot posted in the booth. The form in which the ballot takes will differ, depending on the equipment used. The ballot can be printed and posted on the machine, or the ballot can be displayed on a screen. The voter indicates their choice of candidates by pushing a button, touching the screen or using other devices, such as a mouse. The voter submits their choices before leaving the voting booth. This can take the form of pushing, pressing or clicking on a “vote” icon or button. The votes are stored in the computer memory of the machine, usually in a removable disk. This form of technology also permits the use of kiosks that can be static or mobile, and can be located at points throughout a constituency, such as hospitals, libraries and homes for the elderly.

These systems are used in the United States in increasing numbers, and Brazil has used direct recording electronic voting systems since 1996. Electronic voting is in the form of voting machines located in polling stations. In the local, state and national
elections in 1998, 57 per cent of those voting cast their vote using a push button system.
(2) Similar systems were tested in the United Kingdom in three local authorities, that of Bury, Salford and Start-upon-Avon in 2000.

Remote electronic voting
The concept of electronic remote voting is new, more popularly assumed to be by means of the internet, although it is also possible to vote by way of a telephone, whether using a land line or mobile telephone, text messages, and interactive digital television. Voting by way of the internet was used in the Arizona Democratic Primary elections of 11 March 2000. (3) Liverpool City Council, Sheffield City Council, St Albans City & Borough Council and Crewe & Nantwich Borough Council also tested it in 2002. Liverpool City Council, St Albans City & Borough Council and Swindon Borough Council tested telephone voting in the 2002 elections. Liverpool City Council and Sheffield City Council tested the Short Message Service (SMS) facility available on mobile telephones in 2002. It is also technically possible to cast a vote using some interactive digital television systems, although this method has yet to be tested.

The attributes of a voting system
In a democracy, imperfect as it works in reality, the legitimacy of the elected representatives is predicated on the trustworthiness of the voting system. If a serious failure of the voting system occurs, as it did in the United States presidential election in 2000, the legality of those people voted into positions of power could be undermined to the detriment of the health of the democracy. As a result, there are a number of criteria that apply to all voting systems to prevent wide spread cynicism within the electorate. The attributes of a voting system include:

To ensure only eligible voters actually vote, and each person is positively identified as an eligible voter.
A voter only votes once.
A person votes in secret, is not subject to duress and unlawful undue influences, and the privacy of the vote is upheld.
Every vote that is received and counted is a valid vote.
The system of voting is open and transparent and is subject to scrutiny by interested parties.

In an ideal world, an audit trail of the voting system can be useful. Depending on the effectiveness of such an audit trail, and in the event of a dispute, such a trail may permit the reconstruction of the voting ballots. For instance, it may be necessary to verify the count, check to ensure no authorized events took place, or to review the final tallies of votes cast for the candidates. Of the different types of voting system in use, some voting mechanisms allow for an audit trail of varying degrees of accuracy, whilst others, such as the lever voting machine, does not have an audit trail at all. Commentators that criticise the electronic voting technologies that are presently available, argue that an audit of the machine and the operating system is essential to prevent a range of problems that can affect such systems.

Remote electronic voting
There has yet to be any public elections that have taken place on a large scale using remote voting by electronic means. A series of electoral pilot schemes in the United Kingdom under the authority of s10 of the Representation of the People Act 2000, as amended by Schedule 21, section 16 of the Political Parties, Elections and Referendums Act 2000, were tested in local authorities in England during 2000, and a further set of schemes were also tested during the local elections held on 2 May 2002. A total of 38 pilot schemes were tested. Electronic counting of votes took place in five authorities and electronic voting in three. During the 2002 elections, there was electronic voting in nine authorities and electronic voting in 15. Voting in poll stations occurred in six authorities, voting over the internet in five, voting by telephone in three and voting by sending a text message in two. (5)

It is interesting to note that Indonesia plans to use internet voting in the general elections on 5 April 2004 and presidential elections on 5 July 2004 and 20 September 2004.

In the European Union, the European Commission and participating companies and organizations between September 2000 and March 2003 funded a research and development programme called CyberVote. The objective of CyberVote was to demonstrate a “highly secure” cyber-voting prototype using mobile and fixed internet technologies. A prototype was defined and implemented, using a new voting protocol
that relied on the use of advanced cryptographic tools to provide for the integrity, privacy and authentication of voters. The prototype was demonstrated on three occasions:

At Bremen University for Public Administration (Hochschule für öffentliche Verwaltung) a vote took place between 13 and 16 January 2003 for elections to the university council (Hochschulrat), faculty councils (Fachbereichsräte) and the student council (Studentenrat). Of 500 people that were entitled to vote, 150 requested a digital signature card to vote electronically and of these, it appears only a minority returned their notification of receipt to the trust centre. It is not clear how many people used this method of voting.
Two trials were tested at Issy-les-Moulineaux in France. Both trials took place on 11 December 2002. One trial elected members of the Council of Industrial Tribunals (elections prud’homales), although there is no indication as to how many people took part. The second trial elected members of the borough council. Apparently 1,452 people registered to receive their authentication credentials and 860 or 59 per cent of those registered actually voted remotely.
In Kista, Sweden, voting took place in relation to local decision-making by the local municipality between 27 and 31 January 2003. This trial only involved elderly people, with the aim of testing the efficacy of the project from the point of view of people that were not familiar with technology. A total of 500 people were invited, by post, to register for the pilot and 140 people were subsequently issued with a personal identification code to use during the election. Apparently 226 people voted, most of which needed help during the voting procedure.

Also, it is to be noted that the United States Department of Defense initiated an internet based voting system called Secure Electronic Registration and Voting Experiment under the Federal Voting Assistance Program to permit overseas citizens to take part in the elections during the autumn of 2004. While this project was only meant to be an experiment, it was intended to count actual votes cast in the general elections. Members of the Security Peer Review Group were requested to help evaluate the project by the Federal Voting Assistance Program. Their conclusions are set out in a report “Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)” dated January 21, 2004. After the report was submitted, an official from the Pentagon recently indicated that the plans to conduct voting by way of the internet had been cancelled because of the concerns over security

Technical problems associated
with electronic voting
Many municipalities in the United States of America have, despite the warnings of those in the security industry, adopted systems for electronic voting. It does not appear that many of systems sold by vendors have been subject to analysis by the security community in general, partly because vendors insist that secrecy is crucial to keep their systems secure. The logic of this argument is the subject of regular discussions by Bruce Schneier, amongst others, and will not be discussed in this paper (9).

In essence, it is the security of remote electronic voting that exercises the minds of the commentators. Security can been divided into two parts: security to ensure every voter is permitted to cast their ballot, and security to ensure that once the votes have been cast, they are stored and counted correctly.
(10) The major security problems that affect electronic voting include:

Hackers may be successful in corrupting or altering votes, or adding or removing votes. Spoofing and man in the middle attacks are also possible.

Attack from malicious software
Home computers are particularly prone to attack from malicious software such as a virus or worms, as the recent Mydoom and variant virus attacks have demonstrated. Computers based in polling stations may also suffer from the same problem, especially where the system has not been protected properly or attacked from the inside.

Domain name service attacks
Voting over the internet opens up the possibility of a denial of service attack, which may mean the election is void for want of time to permit voters to cast their votes. This does not only affect the internet, of course, but using the internet for remote voting exposes the election process to a higher degree of disruption by this means. Such an attack was reported to have taken place during the NDFP leadership convention in Toronto in 2003, apparently causing a delay in the voting.

System failure
The voting machines may fail because of a failure in the power supply, which occurs more frequently than is imagined. Also, machines may prevent people from voting if the system itself becomes overloaded with requests to vote, thus disenfranchising people – perhaps permanently. It has been reported that six electronic voting machines used in two North Carolina counties lost 436 absentee ballot votes in the 2002 general election because of a problem relating to the software, and 134 votes were not counted in Brownard County, Florida in a vote to elect a state house representative. Apparently the candidate with the most votes gained the seat by a margin of 12 votes. This example illustrates how even a small number of votes can make the difference in an election.

Put another way, voting remotely by electronic means can cause voters to be disenfranchised; their ballot could be modified by a third party; voters may lack privacy of their vote, especially if they vote in the work place; a voter may vote more than once; votes can be easier to buy, sell and trade, and the system may be subject to strains because of the sheer scale of the operation. It should be observed that some of these problems also relate to other forms of remote voting, especially postal votes, which is being used on an increasingly scale, especially in the United States of America.
(13) The security issues can also be analysed by distinguishing between the threats and vulnerabilities. (14)

Anatomy of a source code
During 2003, the source code, purporting to be the software for a voting system from a major vendor, in this case, Diebold, appeared on the internet. A number of systems made by this manufacturer were used in elections in the state of Georgia in 2002, and the state of Maryland awarded Diebold a contract to purchase machines, despite adverse comments in Risk Assessment Report commissioned by the State.
(15) The release of this code enabled it to be reviewed by others not connected with the manufacturer. An analysis in the summer of 2003 demonstrated a number of issues that should be carefully considered by any authority that agrees to buy, lease or use electronic voting systems in the future. (16)

The analysis was restricted to the source code made available over the internet, although the security in place was such that it was possible to obtain more data of relevance, because it was only protected by very weak compression-encryption software. However, the authors claim that even with the limited access they had to the source code, there were significant problems that were a cause for concern. A description of the faults set out in the analysis are discussed in brief below.

Smart cards can defeat the security
The smart cards distributed to people entitled to vote did not perform any cryptographic operations. Authentication of the terminal was conducted in clear text and there was no authentication between the smart card and the voting machine. The authors concluded that it was a relatively easy step for a determined person to produce a smart card at home that would defeat the security (paragraph 3.1). It was suggested that a person could vote as often as they wanted. Once a vote was cast, the terminal deactivated the smart card. However, where a person makes their own card, they can circumvent this problem, and either keep on re-submitting the card or program the card to ignore the deactivation command. Theoretically, if more votes had been cast than were on the electoral register, the system would note this. But the system only counted votes that were not cast, so there is no way of knowing the true number of votes cast or distinguishing between true votes and fabricated votes (paragraph 3.1.1).

Administrator smart cards
The official responsible for supervision the ballot is given an administrator card, thus permitting them to terminate the ballot at the appropriate time. Apparently, because these cards can also be manufactured at home, a person wishing to end the voting early could make an attack (paragraph 3.1.2). An additional security flaw with this particular smart card lies with the personal identity number. Apparently, the smart card and the terminal communicate after a personal identification number is tapped into the terminal. The value of the number is sent from the card to the terminal in cleartext. It seems that any person with a smart card reader can find out the personal identity number on such a smart card (paragraph 3.2).

Integrity of the information on the terminal
Other issues include the operating systems in the terminal, not all of which are protected. For instance, the counter in the terminal, is configured in such a way as to permit the creation of a discrepancy between the numbers of votes cast on a particular terminal and the number of votes counted in the election. The terminal includes information relating to everything the voter sees on the screen, including the number of each candidate (the names of candidates are not included in the information presented to the person voting), thus permitting an attacker to change the number of a candidate. Both the logs recording the votes and the audit mechanisms are encrypted, but it is not secure, making it relatively easy for an attacker to gain access to the files and alter them. Given that these terminals may also be connected to the internet, the range of attacks against this particular source code illustrates the weaknesses of such systems, despite the existence of Federal Election Commission standards. (17)

Response to the analysis
The Diebold corporation posted an analysis of this report on 30 July 2003,
(18) and Doug Jones from the University of Iowa Department of Computer Science subsequently responded to the Diebold análisis. (19) The comments made by Doug Jones are of interest in relation to this matter, and indicate that Diebold appeared to accept the underlying propositions of a number of the points made in this analysis.

The UK pilot schemes and security
Whilst it is recognized that there are serious security issues to be considered in relation to electronic voting,
(20) the comments made in the report by the Electoral Commission bear consideration. With respect to issues surrounding security, the Commission noted the work undertake by the California Electronic Voting Taskforce, (21) the UK Independent Commission on Alternative Voting Methods and the technical committee of the international OASIS group, chaired by the Office of the e- Envoy. (22) However, it was concluded, “The central issue here is not security per se, but voter confidence.” (Latin tag in italics in the original). (23) The report acknowledges that the methods of authentication presently available are not sufficient, and there will be a continuing need to continue with paper-based systems, where a voter wishes to vote by way of the internet. (24) In addition, the report also accepts that people who wish to cast their vote by way of the internet will be required to secure their own computers, but it is recognized that “… in the absence of a county-provided, clean operating system and clean web-browser software, this requirement is difficult to enforce or detect.” (25)

The comments made in this report jar against the consideration given to issues relating to quality assurance for the pilot schemes authorized by the United Kingdom government.
(26) Quality assurance was split into two phases. The first consisted of a consultant working for the IT services division of the Department of Transport Local Government Regions to look at:

• Ensuring that appropriate project management steps were in place to ensure implementation by May 2.
• The technical robustness of the mechanisms.
• The security, quality assurance and testing systems.
• Whether contingencies were in place for system failure or problems.
• A general assessment of whether the final proposal and specification would result in a successful pilot.

The conclusion was that the projects submitted by local authorities were very likely to be successful, despite an extremely tight timetable. The details surrounding the time scale within which this person had to report are not given, nor is the timetable for the implementation of the various schemes. Further, it is far from clear what criteria the consultant used to assess the security and technical robustness of the mechanisms. Actica Consulting Limited carried out the second phase in April. This firm carried out an independent review of the adequacy of the technical controls within each electronic voting pilot, with the exclusion of Broxbourne Borough Council, which developed thE software in-house. The work was carried out between 26 April and 1 May. Given the importance that should be attached to the integrity of the voting system, it can hardly be said that the work that was supposed to be carried out during this phase can be considered to be remotely adequate. The Commission admitted that, given Actica visited seven suppliers in four working days, the time available was “… insufficient to conduct any thorough review of the proposed operation of the electronic voting mechanisms and was insufficient time to conduct any detailed testing.”
(28) In the case of the pilot in Liverpool, Actica did not even speak to the representative from, who were responsible for the bulk of the security. As a result of this experience, the Commission have set out a number of issues that must be addressed in the future, including a recommendation that the government should “consider” implementing an accreditation programme. (29) More recently, the Electoral Commission have indicated that there is insufficient evidence to suggest when remote electronic voting can take place, although it intends to continue with pilot projects. (30)

The future of remote electronic voting
The overwhelming conclusion that most of the commentators have reached in relation to voting remotely over the internet, is: don’t, certainly not yet, if at all.
(31) Security is not the only issue, both for voting over the internet and in relation to the present use of direct electronic voting systems. The drawbacks include the cost of research, development and implementation, which governments do not quantify publicly, but is probably high. Also, election officials that are experienced with using direct electronic voting systems find that only about 30 voters can use a single machine each hour. This indicates that a large number of machines are necessary to ensure every voter can cast their ballot in big wards. (32) In addition, the link between security standards set by governments and their effective enforcement is to be doubted.

Politicians claim that the use of remote voting and electronic voting increases the number of people voting in elections. Despite such claims and the expenditure of large amounts of money on such schemes, the claims that turnout has increased is certainly debatable, and it is questionable whether it is even capable of being measured.
(33) Increases in turnout can more readily be achieved by having polling days on weekends, rather than during the working week.

Realistically, the commitment to count ballots other than by hand has more to do with the pressure exerted by politicians to get quick decisions. This has led the way to the introduction of technology into the election process, sometimes with mediocre results. More particularly, politicians do not seem to have made any realistic connection between the use of remote electronic voting and the increased participation of subjects in the process of decision making. With the notable exception of Switzerland, few people around the world ever get the opportunity to make a difference to the way their country is governed, except on the rare occasions when they cast their vote every three to five years or so. Politicians might usefully pay more attention to the use of technology in promoting greater participation in the democratic process. It may be that voters will, if they are permitted to take a more active role in the process of government, vote in greater numbers in those jurisdictions where voting is not compulsory.

© Stephen Mason, 2004


The Act is referred to as The Electoral Act of 1856, as provided by clause LXXXIV. The Act was passed with a majority of one on 13 March 1856 and received the assent of the Governor on 19 March 1856. The colony of Victoria passed the Act two weeks before a similar Act was passed by South Australia on 2 April 1856. William Boothby is recognized as the pioneer of the secret ballot.
(2) For a discussion of the situation in Brazil The links to relevant papers prepared by the participants of CIVILIS.
(3) A number of problems occurred that might have been more serious if the system was used in an election that was more contentious, see Lorrie Faith Cranor “Voting After Florida.
(4) David Chaum “Secret-Ballot Receipts and Transparent Integrity” available in electronic format; Michael Ian Shamos, PhD JD “CFP’93 – Electronic Voting – Evaluating the Threat” available in electronic format viewed on 18 May 2003. Other commentators not mentioned in this footnote are also concerned about the need for an audit trail. Please see the selected list at the end of this article for more references.
(5)Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” (The Electoral Commission, 2002) a copy in electronic format.
(6) Moch N Kurniawan “Ballot counting vulnerable to hackers: Agency”, The Jakarta Post, 8 September 2003 viewed on 15 September 2003.
(7) There is an apparent discrepancy between the number of people that registered and the number of people that voted. This does not appear to be explained in the report “Deliverable 22 4th evaluation Report”.
(8) See news item “Pentagon Gives E-Voting the Boot” Associated Press, 5 February 2004 viewed on 7 February 2004. Report, by Dr David Jefferson, Dr Aviel D Rubin, Dr Barbara Simons and Dr David Wagner.
(9) See the monthly newsletter “Crypto-gram” for discussions relating to “security through obscurity”. Back issues are available on the web site. See also Ross Anderson Security Engineering: A Guide to Building Dependable Distributed Systems (Wiley Computer Publishing, 2001) paragraph 14.7.2 and the experience of Douglas W Jones “Problems with Voting S
ystems and the Applicable Standards” Testimony before the US House of Representatives’ Committee on Science, May 22, 2001.
(10) Dr Lawrence Pratchett and others, “The implementation of electronic voting in the UK” (LGA Publications, May 2002), p 58 a copy in electronic format.
(11)Computer vandal delays leadership vote” CBC News Online 25 January 2003. (12) Kim Zetter “E-Vote Machines Drop More Ballots” Wired News, 9 February 2004 viewed on 10 February 2004.
(13) Dr David Jefferson, Dr Aviel D Rubin, Dr Barbara Simons and Dr David Wagner “Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)” paragraph 1.5.
(14) Eric A Fischer “Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues” November 4, 2003, CRS Report for Congress (RL32139), pp 10 – 16.
(15) Kim Zetter “Maryland: E-Voting Passes Muster” Wired News, 25 September 2003 viewed on 1 October 2003 and “Risk Assessment Report Diebold AccuVote-TS Voting System and Processes” September 2, 2003 State of Maryland.
(16) Tadayoshi Kohno, Adam Stubblefield, Aviel D Rubin and Dan S Wallach “Analysis of an Electronic Voting System” 23 July 2003, available in electronic format viewed on 17 August 2003.
(17) Tadayoshi Kohno, Adam Stubblefield, Aviel D Rubin and Dan S Wallach “Analysis of an Electronic Voting System” paragraphs 4 – 6 for more detailed analysis; the Federal Election Commission Voting Systems Standards. See also the National Association of State Election Directors.
(18) Available in electronic format at
(19) Douglas W Jones “The Case of the Diebold FTP Site” available at viewed on 16 October 2003. Mr Jones also sets out the history of the postings made by Diebold in this paper, together with references to responses by other commentators.
(20) Dr Lawrence Pratchett, “The implementation of electronic voting in the UK”
Chapter 4.
(21)A Report on the Feasibility of Internet Voting”, January 2000 available in electronic format.
(22) “Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” p 49.
(23) “Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” p 69.
(24) A Report on the Feasibility of Internet Voting pp 23 - 24.
(25) A Report on the Feasibility of Internet Voting pp 26 - 27.
(26) See “e-Voting Security Study”, Issue 1.2, 31 July 2002 (X/8833/4600/6/21) available in electronic format. “e-Voting Technical Security Requirements” Issue 1.0, 8 November 2002 (X/10049/4600/6/21) available in electronic format. Note to the reader: these web sites are in a state of flux, and the web address for these papers may change.
(27) “Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” pp 23 – 24.
(28) “Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” p 23.
(29) “Modernising elections A strategic evaluation of the 2002 electoral pilot schemes” p 24.
(30) “The shape of elections to come A strategic evaluation of the 2003 electoral pilot schemes”, (The Electoral Commission, July 2003) p 8 available in electronic format. See also “The Government’s Response to the Electoral Commission’s Report: The shape of elections to come - A strategic evaluation of the 2003 electoral pilot schemes” (September 2003, Cm 5975) available in electronic format. “In the service of democracy” a consultation paper on a policy for electronic democracy, (Office of the e-Envoy, 15 July 2002) available in electronic format.
(31) The authors of the “e-Voting Security Study” list a number of prominent commentators in this area, including Dr Lorrie Faith Cranor, whom they describe on page 35 as taking a “practical view” on electronic voting. One of her early papers is quoted in this study, but not her later paper “Voting After Florida: No Easy Answers” which was first written in December 2000 and revised on 19 March 2001. Also see Rebecca Mercuri’s “Statement on Electronic Voting” and “Generic Security Assessment Questions” both available in electronic format. and a Recommendation “What is the future of electronic voting in France?” (The Internet Rights Forum, 26 September 2003) available in electronic format.
(32) Lorrie Faith Cranor, “Voting After Florida: No Easy Answers”.
(33) Pippa Norris “E-Voting as the Magic Bullet? The impact of internet voting on turnout in European Parliamentary elections” a paper for the Workshop on ‘E-voting and the European Parliamentary Elections’ Robert Schuman Centre for Advanced Studies, Villa La Forte, EUI 10 – 1 May 2002 available in electronic format.

Some useful papers not mentioned in the footnotes
• R Michael Alvarez, Stephen Ansolabehere, Erik Antonsson, Jehoshua Bruck, Stephen Graves, Thomas Palfrey, Ron Rivest, Ted Selker, Alex Socum and Charles Stewart III “Voting What it Could Be” (Caltech MIT Voting Technology Project, July 2001) available in electronic format.
• Kevin Coleman “Internet Voting” Updated January 31, 2003, CRS Report for
Congress (RS20639)
• Eric A Fischer “Voting Technologies in the United States: Overview and Issues for
Congress” Updated March 21, 2001, CRS Report for Congress (RL30773)
• Douglas W Jones “Trustworthy Systems on Untrusted Machines” prepared for the Workshop on the Future of Voting Technology in a Networked Environment June 4- 5, 2002 available in electronic format.
• Margaret McGaley and J Paul Gibson “E-voting: a safety critical system” NUIM-CSTR2003-02, National University of Ireland, Maynooth available in electronic format.
Peter Neumann Computer-Related Risks (Addison-Wesley, 1995) some materials of which are available in electronic format
• Avi Rubin “Security Considerations for Remote Electronic Voting over the Internet” available in electronic format.
• Roy G Saltman “CFP’93 – Assuring Accuracy, Integrity and Security in National
Elections: The Role of the U S Congress
”, viewed on 18 May 2003
• Roy G Saltman “Accuracy, Integrity, and Security in Computerized Vote-Tallying” NBS Special Publication 500-158 available in electronic format.
• Berry Schoenmakers “Fully Auditable Electronic Secret-Ballot Elections”, Xootic Magazine, July 2000, 5 – 11 available in electronic format.
• Ken Thompson “Reflections on Trusting Trust” Turing Award Lecture,
Communications of the ACM, August 1984, Volume 27, Number 8, 761 – 763
available in electronic format.

Some web sites of interest
Voting and Elections, run by Douglas W Jones
Electronic Voting, run by Rebecca Mercuri PhD.
Electronic Voting Hot List run by Lorrie Faith Cranor.
Dr N Ben Fairweather’s web pages.
Electoral Commission (UK).
The European Union Cybervote project.
E-democracy source links.l
Electronic Voting sources, run by Helger Limass.
Electronic Voting Page, run by Anne-Marie Oostveen.
Irish Citizens for Trustworthy Voting.
The International Teledemocracy Centre has a number of links.
True Vote.
The Usability Professionals’ Association Project: Voting and Usability.
Voting Technology.
The Federal Electoral Commission.
The Administration and Cost of Elections Project.

The author gives you a licence to download and print copies of this article PROVIDED THAT you (a) retain the copyright notice at the end of the article in its entirety, (b) clearly identify this article as being written by the author in electronic and printed versions and (c) only use it for your private use. Commercial use of this article is strictly forbidden without written permission from the author.
This article was published in Computer Fraud & Security March 2004 6 –13

Fecha. 27-05-2005
Informes a los Presidentes
La llave · Revista
Ediciones Votobit
Misiones de Observación
Master Internacional*
(*) En preparación
• IV Informe
¿Cuánto vale confiar?
OVE • Emisión 15-09-2004

• III Informe
El Efecto hip-hop sobre el voto-e
OVE • Emisión 15-07-2003

• II Informe
La urna que guarda silencio
OVE • Emisión 15-01-2003

• I Informe
La información que

OVE • Emisión 15-08-2002
NUEVO Emisión 24-06-05
Diseño de una plataforma de democracia digital
Por Ana Gómez Oliva, Sergio Sánchez García, Carlos González Martínez, Emilia Pérez Belleboni y Jesús Moreno Blázquez

NUEVO Emisión 27-05-05
Is there a future for internet voting?
Por Stephen Mason, Barrister

NUEVO Emisión 27-05-05
Voto Electrónico. Antecedentes y despliegue
Por Macarita Elizondo Gasperín

El computador cuántico y el final de la criptografía de clave pública
Por Fernando Acero Martín
Emisión 15-03-2005

El caso Indra
Por Antonio Yuste
Emisión 01-03-2005

Cuestionario OVE
Prueba Piloto en España de Voto por Internet
Observatorio Voto Electrónico Emisión 27-01-05

Consejo de Europa Recomendaciones legales y técnica sobre voto electrónico
Emisión 05-10-04

Informe. Elecciones catalanas de 2003
Por Jordi Barrat i Esteve y Josep Maria Reniu i Vilamala

DNI electrónico y firma electrónica

Por Fernando Acero
Emisión 24-04-03

La democracia
se pone al día

Por Javier Tornadijo
Emisión 28-03-2003

La automatización del proceso electoral
Por Ángel A. de la Rosa
Emisión 07-03-2003

Esto es lo que parece
Por Antonio Yuste
Emisión 10-02-2003

Los núcleos de decisión entran en el quirófano
Por Jorge A. García Diez
Emisión 03-02-2003

Estrategias civiles para crear transparencia
Por Antonio Yuste
Emisión 03-02-2003

El bucle decisor
Por Ángel Alonso
Emisión 15-08-2002

Estándares para los sistemas de votación
Comisión Electoral Federal de los EE UU

Patrocinio · Contacto
OVE (Observatorio Voto Electrónico) · Campus de Vegazana
Edificio Tecnológico, s/n · 24071 León - España · tel +34 987 291 915