Kommunaludvalget 2012-13
KOU Alm.del Bilag 70
Offentligt
1225809_0001.png
1225809_0002.png
1225809_0003.png
1225809_0004.png
1225809_0005.png
1225809_0006.png
1225809_0007.png
1225809_0008.png
1225809_0009.png
InternationalExperiences andDenmark'sOpportunityParliament speech on bill L-132Prof. Joseph KiniryTechnical University of Denmark
I am an internationally-recognized expert in electronicelections, software engineering of critical systems,information security, and logic. I have ten yearsexperience in electronic elections across four countries.Virtually all public experts like myself are highly critical ofthe introduction of technology in elections, both inpolling booth for supervised elections, and for remoteelections over the telephone or internet.I believe that technology does have a role to play inelections, but only to solve specific problems, and only ifsaid systems are developed in a public, open, transparentfashion where correctness and security are firstprinciples. We call this methodology Trust-by-Designwithin DemTech.2
Elections must have public control. This means that
(1) the general public must understand and trust theelectoral apparatus and (2) if IT is introduced intothe election, it must be developed in a public, open,and transparent fashion.against public, open, and transparent IT systems.Their main argument for being proprietary, closed,and opaque is for the sake of security.systems are the cornerstone of secure onlinesystems, including virtually all online commerce,secure data transfers, email, etc.3
Corporations in electronic voting are universally
This is a false claim. Public, open, and transparent IT
Election IT systems must be correct and secure.No corporate, and very few academic electionsystems, are developed against such standards.such election systems engineering.
This means that they must be developed accordingto the highest levels of international standards incorrectness and security.
My group is one of the few in the world that does4
“Hacktivists” like myself analyze corporate andacademic electronic elections hardware andsoftware for correctness and security flaws.
All systems we have analyzed have egregious,
fundamental correctness and security flaws thatmake them unfit for use in local or nationalelections. Moreover, their architectures are typicallyso flawed that they cannot be “fixed”.principles (public, open, and transparentdevelopment and have correctness and security asmandatory requirements) and technologies have achance at being fit for local and national elections.5
Only systems developed from scratch with the right
Some academic experts in election systems createdemonstration IT systems as case studies in newmathematics, security, and engineering techniques.governments and corporations that engineeringelection systems to the highest internationalcorrectness and security standards is possible.currently working on, several such systems. Ourfocus is on processing voter lists, tallying ballots,rigorously validating tally systems, and a supervisedVVPAT ballot printer and tally system.6
These systems are also created to show
In my research group we have created, or are
Denmark has an opportunity to learn from others’mistakes and wisely use IT for democracy.
I recommend that the Ministry amend L-132 basedupon the criticisms and suggestions of IT andelection experts.
In particular, trials must be scientifically conducted
by independent agents, international IT standardsof quality and security must be mandated, and all ITsystems must be developed in a public, open, andtransparent fashion, preferably using a process akinto DemTech’s Trust-by-Design methodology.7
I recommend that computers are used for electionmanagement: the creation and maintenance ofvoter lists, generation of ballots and voter cards,polling lists, and reporting results.
I recommend that computers are used to tally
ballots, so long as risk-limiting post-election auditsare used.kiosk-based electronic voting systems toindependently and cast traditional secret ballots.8
I recommend that only the disabled use supervised
I recommend that ballot design is changed, throughthe introduction of an explicit box where a votercan mark their vote, to decrease the number ofspoiled ballots.
I recommend that computers should be used to
analyze and optimize existing manual electionprocedures to increase accuracy and security, anddecrease the cost, of current elections.via an optimized sorting process followed by aweighing, rather than counting, sorted ballot piles.9
I recommend that manual tallying of ballots is done