Presentation on theme: "Towards greater efficiency April 2012 Pablo Sarrias EVP Sales&Marketing Internet Voting Solutions Oleksiy Lychkovakh Business Development."— Presentation transcript:
Towards greater efficiency April 2012 Pablo Sarrias EVP Sales&Marketing Internet Voting Solutions Oleksiy Lychkovakh Business Development Manager
Index About Scytl Our solutions portfolio Pnyx – our core technology Advanced e-voting security E-voting risks to consider 2
About Scytl A Global provider of Election modernization
About Scytl Overview 4. 70% market share 15 out of 17 countries using our system Strong scientific background university spin-off Largest patent portfolio 41 patents worldwide Worldwide leader in secure electronic voting & electoral modernization Leading advisor of international institutions & governmental agencies
ConceptScytl Countries running e-elections15 out of 17 Largest election executed3,500,000 electors 1,450,000 votes cast Total elections managed>100,000 electoral events Public sector experience>80% of our clients are governments Patents in the electoral field21 granted 20 pending Scientific publications30+ Number of employees145 About Scytl Overview 5.
About Scytl Where we work 6. Barcelona London Tampa Kiev Athens New Delhi Toronto Baltimore
About Scytl Our customers 7. Canada USA Mexico Peru Argentina Finland Norway The UK France Spain Switzerland The EU Austria Slovakia BiH Ethiopia The UAE India The Philippines Australia South Africa
About Scytl Audits & Certifications European Commission (EU) Canton of Neuchâtel (Switzerland) City of Barcelona (Spain) Electoral Commission (Philippines) State of Victoria (Australia) State of Gujarat (India) State of Florida (US) Ministry of Science and Research (Austria) Ministry of Justice (UK) Ministry of Local Government (Norway) Ministry of Foreign Affairs (France) Electoral Commission (UAE) 8.
Scytl has received multiple international awards, including: ICT Prize, granted by the European Commission. European Venture Contest Award, granted by the European Association of Venture Capital. Best Case Label, granted by the European Commission. Leader de l’ITech-Economie, granted by the French Chambers of Commerce. Global Innovator Award, granted by The Guidewire Group. Red Herring 100, granted Red Herring Magazine. Premi Ciutat de Barcelona, granted by the City of Barcelona. ebiz egovernment award, granted by the Austrian chancellery. Tech Start-up 100 granted by the Telegraph eWorld award granted by the Indian Government About Scytl International awards
About Scytl Strategic Alliances
About Scytl References (1/3) Norway - Ministry of Local Government 2010 to Voting system to cover all public Norwegian Elections i.e. County, Municipality, Parliamentary elections and Referendums. Bosnia & Herzegovina- Central Election Commission 2010 to 2012 Developed an Integrated Information Election System: Election preparation, processing, certification of candidates, political parties & printing of the ballots, Election night reporting, … Peru - Organization of American States 2010 to 2011 Comprehensive audit of the in-person electronic voting solution developed by the National Office of Elections of Peru (ONPE). South Africa - NCOP Expected on 2011 to 2012 Implementation of the Parliament Voting Solution in the National Council of Provinces India - State of Gujarat 2010 to Internet voting will be used during 5 years % illiteracy rate among voters. 50 million voters. United Arab Emirates – EIDA 2011 (and next years) Electronic Voting for the National Electoral Commission of UAE. 11.
About Scytl References (2/3) United States - District of Columbia Board of Elections and Ethics 2010 Early-voting solution that allowed to share voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. United States - State of Texas Early-voting solution that allowed sharing voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. United State - West Virgina State 2010 Absentee Voters Solution for West Virginian voters who live overseas Australia - Victoria Electoral Commission Voting solution for handicapped and illiterate voters for State-level Elections. United States - Department of Defense 2010 Absentee Voters Solution compliant with the MOVE Act. Delivery of blank ballots and ballots marked online to 6 Million overseas voters. Philippines, COMELEC 2007 Internet Voting for Filipino citizens living abroad. 12.
About Scytl References (3/3) Catalonia (Spain) - City of Barcelona 2010 Internet-based citizen consultation to vote remotely or from one of the 110 polling centers 1,4 million citizens France - Ministry of National Education and Ministry of Universities and Higher Education 2010 to 2013 Internet voting for more than staff employed by both Ministries to vote for their Union representatives. France - Ministry of Foreign Affairs 2009 to 2013 Internet voting for French non-residents citizens to vote for their representatives in the Senate United States, State of Florida 2008, 2010 Internet Voting allowing the Military Overseas Absentee voters located in Japan, Germany and the UK participate in the 2008 and 2010 Elections. Canada - National Democratic Party 2012 Internet Voting for the NDP Leadership Election United Kingdom - Ministry of Justice 2007 E-voting solutions in multichannel scenarios for the Municipality Elections of Rushmoor and South Bucks 13.
Solutions for all the stages in the Election life cycle Our solutions portfolio
15. Internet voting voting kiosks telephone voting eBallot delivery eVoting voter registration election configuration voter list results consolidation election night report Election Management pollworker training asset management online help desk task management information portal Corporate Management Consulting Services electoral consulting project management eDemocracy Parliaments & Assemblies e-consultations citizen web portal field agent dissemination & tracking satisfaction assessment in house e-voting session management internet voting webcasting Our solutions portfolio Solutions portfolio
Electronic Pollbooks Poll-site eVoting Internet Voting Phone Voting Paper Ballot Scanning (PCOS & CCOS) Polling Station eVote Tally Internet and IVR eVote Tally Results Consolidation Election Night Reporting Candidate Filing Ballot Design Asset Tracking Election Project Management Voter Registration Election Day VotingManagement Pre-Election Post-Election Election Management Talling ConsolidationReporting Electronic Ballot Delivery Paper Ballots Participation Reporting Management Dashboard About Scytl Product portfolio Pollworker Training Election Help Desk
17. Our solutions portfolio Developing an advanced e-voting solution is time consuming, complex and effort extensive. Using a certified and proven existing e-voting solution significantly reduces time-to-market. Immediately pursue any window of opportunity. Benefits of a proven solution VS in-house Building state-of-the-art e-voting solutions requires extensive academic research. Teaming up with the market leader allows learning from previous experiences. Large amount of references successfully carrying out high- profile and election critical projects. Using an existing and proven solution is more cost effective than building one from scratch. Building a new solution may be in conflict with one or more of over patents in the field of e-voting. Using a certified and proven existing solution significantly eliminates risk. Governments and companies were unsuccessful introducing new e-voting solutions. Time-to-market Research & experience Manage riskCost effectiveness
Internet Voting Solution overview Pnyx
19. Pnyx It is the result of over 17 years of research security applied to electronic voting processes. It is based on groundbreaking cryptographic technology. It guarantees the same levels of trust, security and privacy that exist in conventional paper-based elections without having to trust either the administrators of the system or the complex technological systems used. Pnyx is the name we gave to our core electronic voting technology: What is Pnyx?
Economies of scale: Avoiding elevated storage and maintenance costs Allowing to reuse existing infrastructure Eliminating printing, postage & mailing costs The use of remote electronic voting technologies is the ultimate answer to voter enfranchisement, allowing overseas and remotely located voters to exercise their right to vote. Cost-effective Speed Enfranchisement Speed-up the counting process by electronically receiving the results from all the polling places, automatically consolidate them and assign the corresponding mandates. Scytl uses pioneering technology to optimize the delivery of public services, enhancing governments’ efficiency in carrying-out electoral processes: Pnyx Efficiency 20.
21. Scytl takes into account the specific needs of the voters with disabilities and enables them to participate in elections without assistance, fully guaranteeing their privacy. Adapted to any ballot format Supports multiple languages. Scytl has provided solutions in: Russian, Gujarati, Arabic, Mandarin, etc. Accessibility Flexibility Ease of use Reproduce a similar process to paper-based elections, allowing computer-illiterate people to vote without any previous training. Pnyx Scytl’s solutions have been specifically designed to be accessible to both computer-illiterate and disabled voters, while adapting to any language specificities: Usability
22. Scytl's solutions provide end-to-end security, preventing both internal and external attacks, guaranteeing voters’ privacy and allowing their audit by authorized third-parties: Advanced tamper-proof security measures using ground-breaking and highly advanced cryptography to prevent attacks from anyone, including hackers or system administrators with privileged access. Can be audited by independent experts before, during and after the election day. Voters are provided with a voting receipt that allows them to check that their vote has been counted. Votes are encrypted in the voters' voting device before they are cast. Only the Electoral Board can decrypt the votes. The decryption of the votes is carried out by breaking the correlation between the voters' identity and their vote. IntegrityAuditabilityPrivacy Pnyx Security
Pnyx Advanced e-voting security 23
Advanced e-voting security 1.Each individual ballot is correctly added to the total number of ballots. 2.An individual ballot remains anonymous despite any technical means that could be used to track it down. 3.No any individual ballot that really was not cast can be added to the total number of ballots. 4.The possibility of votes buying and selling is not higher than using traditional election procedure. 5.The possibility of any form of 'family voting’ (in family, at workplace etc.) is not higher than using traditional election procedure. 6.Civil society observers can verify that elections using E-voting is fair even if they don’t have any specific knowledge in computer technology. 7.No one can misuse the voting process by offering a computer (voting point) to derive profit from it. 8.Voting process can be suspended only due standard force majeure events not due some people’s intentional wrecking. Problems that need to be addressed
25. Unauthorized voters casting votes Voter impersonation / Ballot stuffing Voter privacy compromise Voter coercion, family voting and vote buying Vote tampering Vote deletion Intermediate results Election boycott-denial of service Innacurate auditability Security concepts in Internet Voting Advanced e-voting security Universal verifiable Mix-net + Secret Sharing Schemes + Eligibility verifiability + Immutable logs Specific DoS countermeasures Cast as intended verification + Recorded as cast verification + Vote encryption + Multiple voting + Digital signatures
26. Protection only focused on external threats and attacks. Voter’s authentication solved but voter’s privacy not addressed. Electoral board’s has no role. Lack of voter-verifiability (“Thank you for having voted” messages). Electronic voting with conventional security measures Voter Electoral Board E-voting technological infrastructure System Administrator Advanced e-voting security Conventional security measures
Application-level cryptographic protocol running on the voter’s device and on an air- gapped electoral board server. Protection focused also on internal threats and attacks. Focus on the specific security requirements of voting rather than on the generic ones. 27. e-Voting technological infrastructure VoterElectoral Board System Administrator Electronic voting with Scytl’s specialized security technology Advanced e-voting security Scytl’s specialized security measures
Protection of the votes: -Protection of partial results -Integrity of the ballot box -Fully auditable results -Universal verifiability Protection against internal attacks (End-to-end security from the voter to the Electoral Board) Electoral Board Voter Digital ballot box End-to-end security 28. System Administrator State of the art E-Voting security: -Cast as Intended -Recorded as Cast -Counted as Cast -Voter self verification -Voter privacy -Zero trust Client Advanced e-voting security Scytl’s specialized security measures Scytl' specialized e-voting security technology is focused on the specific security needs of elections
Advanced e-voting security The Saeima shall be elected in general, equal and direct elections, and by secret ballot based on proportional representation Article 6 of the Constitution of Latvia 29
E-voting risks to consider 30
31. Unauthorized voters casting votes Voter impersonation / Ballot stuffing Voter privacy compromise Voter coercion and vote buying Vote tampering Vote deletion Intermediate results Election boycott-denial of service Innacurate auditability General security risks of remote voting E-voting risks to consider
How can we proof voter identity in a remote way? Username and password methods: Username and password values are stored in the voting server to verify voter identity: they are vulnerable to credential stealing. High Risk: Unauthorized voters, voter impersonation and ballot box stuffing Digital certificates Digital certificates and digital signatures: provides strong authentication. No personal credentials are stored on the voting server and (encrypted) votes can be digitally signed. Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering Voter authentication risks E-voting risks to consider Pnyx
How can we proof voter identity in a remote way? Supervised kiosk: Voter is identified in-person by poll workers at a supervised center Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering E-voting risks to consider Voter authentication risks Pnyx
How can we protect a vote from eavesdroppers? Network encryption: Voting options are only encrypted while transmitted over the network but processed in clear at the voting server: they are vulnerable to attackers that have access to the server. High Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion Application level encryption: Voting options are encrypted at the voting terminal and remain encrypted until the electoral board decrypts them: they are not vulnerable to server attacks. Low Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion E-voting risks to consider Vote secrecy Pnyx
How can we protect votes from being modified? MAC functions: Vote integrity is protected by means of a voter/server shared MAC key stored in the voting server: they are vulnerable to key stealing. Medium Risk: Vote tampering and vote impersonation/ballot box stuffing Digital signatures and Zero knowledge proofs of origin: Private values needed to perform digital signatures and ZK proofs are not stored on the server. Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering E-voting risks to consider Vote integrity Pnyx
How can we protect a vote from decryption? Access control: Access to the decryption key is protected by authentication and authorization (ACL) means: vulnerable to brute force attacks. High Risk: Voter privacy compromise, intermediate results and voter coercion Secret sharing schemes: Threshold cryptography is used to create and split the election key in shares without requiring to store the key as a whole anywhere. A minimum number of Electoral Board members must collaborate with their key shares to decrypt the votes. Low Risk: Voter privacy compromise, intermediate results, voter coercion and denial of service E-voting risks to consider Election Key Security Pnyx
How to preserve voter anonymity? Straight forward decryption: Clear text votes can be correlated with encrypted votes, which could be connected to the voters: voter privacy could be broken. High Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion Mixnets: Encrypted votes are shuffled and decrypted (or re-encrypted and decrypted) several times before obtaining the clear-text votes. Encrypted votes and decrypted ones cannot be directly correlated by position, preserving voter privacy. Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion E-voting risks to consider Voter privacy Pnyx
How to preserve voter anonymity? Homomorphic tally: Encrypted votes are not individually decrypted. The result is the decryption of the operation of all the encrypted votes. Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion E-voting risks to consider Voter privacy Pnyx
How to audit election fairness? Standard logs: Sensitive operations are registered in standard log files: logs could be altered without being noticed to hide malicious practices. High Risk: Inaccurate auditability, voter privacy compromise, vote tampering, ballot stuffing, voter coercion, etc. Immutable logs: All sensitive operations are registered in cryptographically protected logs and cannot be manipulated. Low Risk: Inaccurate auditability. Standard receipt: Voters receive a proof of casting based on non-cryptographically protected information (i.e., does not provide counted as cast features). High Risk: Inaccurate auditability. E-voting risks to consider Election auditability Pnyx
How to audit election fairness? Individual voter verification - cast as intended: Voter is able to verify that the vote recorded by the voting server contains the voting options originally selected by herself. (E.g., Return Codes). Low Risk: Inaccurate auditability. Individual voter verification - counted as cast: Voters are able to verify that their votes have been included in the final tally. This verification can be complemented with the Universal verifiability Low Risk: Inaccurate auditability. E-voting risks to consider Election auditability Pnyx
How to audit election fairness? Universal verifiability: Allows observers or independent auditors to verify the proper decryption of the votes by means of using cryptographic proofs (e.g., ZKP) generated by the decryption process. Low Risk: Inaccurate auditability. End-to-end verification: Combination of individual and universal verifiability Lowest Risk: Inaccurate auditability. E-voting risks to consider Election auditability Pnyx
Typical questions Implementation FAQ 42
Implementation FAQs How much time it is needed to implement Internet Voting? Is it a reduced pilot recommended, or a country roll out? Is it better to start using the system on an Election or on a referendum or consultation? Is the legislation ready? What is the certification of the system be in Latvia? How are citizens going to be authenticated? How much does it cost? Typical questions
Latvia Current schema discussed
46. Voter registrationConfigurationVoting Counting & consolidation Reporting Our solutions portfolio In order to carry out Internet voting, voters must be correctly authenticated before they can access the system. Several options are available: Pnyx has been designed so that it can be easily integrated with existing voter registration systems and processes. Existing digital certificates (e.g. an e-ID) Voting credentials subject to physical identification Special credentials sent by mail or online credentials Personal data available to the EA. No credentials Existing credentials used to access other government systems Voter registration
47. Once the election is configured, a Electoral Board is created before the e- voting process starts. Each of the members is given a share of the election key used to open all of the digital votes. A threshold is required to reconstruct the key at the end of the e-voting process. Our solutions portfolio Voter registrationConfigurationVoting Counting & consolidation Reporting Voting periodElectoral modelElectoral rollCandidatesBallotsVoter credentialsElectoral Board Scytl allows you to configure electronically any aspect of the electoral process, including: Electoral Board Election configuration
48. Our solutions portfolio Voter registrationConfigurationVoting Counting & consolidation Reporting Scytl offers groundbreaking and highly secure electronic voting solutions for both remote and on-site voting: Remote eVoting On-site eVoting Casting of votes through any device (PC, mobile phone, PDA, etc.) with an Internet connection Casting of votes from electronic voting terminals located in polling stations Controlled environment Uncontrolled environment Phone Voting Un- & Controlled environments Casting of votes from a land line or mobile phone, from a polling station or any place with coverage eBallot Delivery Uncontrolled environment Voters receive their ballot electronically, mark it online, return it by mail, fax or and at any point check its status Voting process
The decrypted ballots are tallied and the results are provided to the Electoral Board Our solutions portfolio Voter registrationConfigurationVoting Counting & consolidation Reporting The digital ballot box is downloaded and transported to an isolated environment under the control of the Electoral Board The Electoral Board rebuilds the election key using their shares A Mixing process is started that decrypts the votes and breaks any correlation between the ballot and elector Step 1Step 2 Step 3 Step 4 Ballot counting and consolidation 49.
Election results broadcast on the web Maps, Bar charts, Downloadable reports RSS, and Social Media integration City, County & State-wide presentation Benefits: Improves the dissemination of information to the public Increases transparency and public outreach Voter registrationConfigurationVoting Counting & consolidation Reporting Our solutions portfolio Reporting 50.
51. Our solutions portfolio Multiple factors can have an influence on the cost of an election, including but not limited to: The number of voters that are eligible to participate with an election. Sizing and other requirements for Hardware and Network infrastructure. Hosting of the solution. Support requirements. Helpdesk and/or call center needs. Electoral requirements. Voting channels that will being used. Voter authentication mechanisms. Potential voter registration and election administration requirements. Customization requirements, potential integration with existing solutions. Additional solutions and services that may be needed. Pricing policy