Internet voting in France under question

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

France has tried to implement an Internet voting system that should have
allowed French citizens living abroad to vote during the presidential
elections in 2007. However, the system has been criticized and has not been
proven to be reliable.

The French living abroad are represented by the AFE (Assemblée des Français
de l’Étranger), a consultative body which elects 12 senators (out of 331).
Half of the AFE was replaced in June 2006. Votes could be cast either in
embassies (in a traditional way), by regular mail or Internet.

In 2003, Internet voting had been used for the first time and it was then
restricted to voters living in the USA. This time, all the 525 000 voters
were concerned. The purpose was to allow afterwards these expatriates to use
the Internet for the 2007 presidential election; a bill has been submitted.

28 138 voters had registered to use the Internet and as the typical turnout
is low (less than 20%), this represented about a third of expected voters.
The procedure was complicated: during the week before the election, the
voter had to confirm his/her registration and had to test his/her computer’s
compatibility and especially the Java virtual machine. Only 10 201 people
finally voted.

EADS was the company that produced the software named Cybervote and
Experian was the company that actually ran the election. Servers were
located in the south of France. The replication of the operation of a normal
polling station was attempted. During a week in Paris, the poll clerks (in
French assesseurs) sat in front of computer screens showing how many people
had voted, if the electronic ballot box was consistent, and transmitting
images from a camera located in the servers room.

The real polling stations organized the traditional vote and counted the
mail voting. In each country in Europe and Asia, there were from one to
seven of them. They also received the results of the Internet voting,
together with the list of the actual voters. In several countries, only one
or two voters had opted to use Internet, so a breach of vote secrecy was
thus inevitable which, curiously, had not been anticipated. In the middle of
the election period, it was decided to block electronic voting concerning
these countries. How that was done is unclear and most of the poll clerks
had not been informed before the final day of election.

Will this poor organization turn one’s attention away from background
problems ? Three computer scientists doing research made each a report on
this election. Two of them had been commissioned by the two main political
parties during the election. The three reports express many common concerns.
They all remind why many safeguards exist in the normal voting procedures:
“when the poll workers and assesseurs report results at the end of the day,
these results are accepted as legitimate because everyone can see and
understand every part of the process. There are many safeguards in this
process, every safeguard is there because without it there was cheating in
the past, and every safeguard is one in which the assesseur participates
directly. In contrast, the process of an Internet election – this Internet
election for the Assemblée – has no safeguards that the assesseurs can
assess directly.”

All three reports question the reality of the poll clerks’ control:
“Computers can be programmed to simulate almost any phenomenon. A computer
program can conduct an accurate election or a fraudulent one. The assesseurs
have no way of knowing what program is installed on the computers […] that
run the election, because EADS guards that program as a trade secret and
will not show it to the assesseurs. Even if EADS showed them the program,
the assesseurs have no way of knowing whether the program showed to them is
the same one that is installed on the computers.”

SERVE was a system aimed to allow the U.S. soldiers abroad to vote by
Internet. The three reports remind that the Pentagon abandoned SERVE without
using it, on the basis of an alarming experts’ report. Andrew Appel,
Professor at Princeton University, comments on this abandonment: «As an
expert in computer security and in voting technology, I believe that this
was a wise decision.».

In his report, Bernard Lang, from INRIA, the French national
computer-science research laboratory, analyses the decree that organizes
this election. He reminds the poll clerks that they commit to a greater
responsibility than they realize, because what they are asked is unspecific,
or very technical. He formulates a long list of questions and reservations.
For example, when the decree says: “The electronic polling station staff
states that the electronic ballot box is empty”, Bernard Lang recommends:
“It is important to clarify that you state that the provided monitor screen
shows that the electronic ballot box is empty. Never assert that it is
actually empty.”

Andrew Appel concludes: “the French people and the assesseurs that represent
them will have no way to be confident that the election was conducted
accurately and without fraud. Internet elections are not possible to conduct
in a way that ensures legitimacy.”

Does the CNIL, the French Data Protection Authority, back these hazardous
experiments against its own advice ? The CNIL published in 2003 a
recommendation – a requirement list to be fulfilled by an Internet
election process.

The CNIL also examines most of the projects at the beginning of their setup.
An officer from the CNIL explained in April 2006: “in all electronic voting
operations, there are things that do not go well. There are lost votes,
votes impossible to decipher, votes that do not work at all. It happened
these last years, it has to be said.” The election organizers – the Ministry
of Foreign Affairs as well as the companies – constantly emphasised that
everything complied with the CNIL’s recommendations. However, the CNIL had
already «emphasised» the «succinct character» of the provided technical
documents, allowing it “to assess only partially if the […] specifications
[…] were fulfilled.”. The CNIL had also «deplored» the absence of an
expert’s report. According to the draft of the decree organizing the
election, the CNIL was to receive this expert’s report commissioned by the
Ministry of Foreign Affairs at some later time. This requirement vanished
from the published version of the decree. As usual, the expert’s report was
not published.

One week before the election, the CNIL published an overview of Internet
voting around the world. It reminded that the USA, the UK and Spain have
abandoned their projects. Only three countries have significant projects:
Estonia, Switzerland and South Korea. In the middle of the election period
every reference to this overview vanished from the CNIL’s website.

On the Internet vote for the Assemble des Francais de l’etranger – Andrew W.
Appel (14.06.2006)
English version
http://www.cs.princeton.edu/~appel/papers/urne.pdf

French version
http://www.recul-democratique.org/appel-afe.pdf

Report on the usage of Internet voting for the elections at the Assemblée
des Français de l’Étranger in June 2006 – Bernard Lang (in French only,
23.06.2006)
http://traitdunion.homeip.net/ELECTIONS-AFE-2006/COMMPRESS/c1.html#rapport

Observations report – François Pellegrini (in French only, 12.06.2006)
http://www.recul-democratique.org/pellegrini.pdf

A Security Analysis of the Secure Electronic Registration and Voting
Experiment (SERVE) – David Jefferson, Avi Rubin, Barbara Simons and David
Wagner (20.01.2004)
http://servesecurityreport.org/

(Contribution by Pierre Muller, founder of recul-democratique.org)