E-Voting System
Introduction
Many of us have dealt with electronic commerce transactions. This is already a part of everyday life. However, e-voting is not yet an obvious method for voting. The construction of electronic voting system is one of the most challenging security-critical tasks, because of the need for finding a trade-off between many seemingly contradictory security requirements like privacy vs. auditability. Thereby it is difficult to adopt ordinary mechanisms of e-commerce. For example, in e-commerce there is always a possibility to dispute about the content of transactions. Buyers get receipts to prove their participation in transactions. E-voters, in turn, must not get any receipts, because this would enable voters to sell their votes.
In 2003, Estonia initiated the project of e-voting. The aim was to implement e-voting in the elections of the local government councils in 2005. In January 2004, a group of
American security experts revealed the security report of Secure Electronic Registration and Voting Experiment (SERVE) [1]. The SERVE system was planned for deployment in the 2004 primary and general elections and allows eligible voters to vote electronically via Internet. After examining the security of SERVE, the group of security experts recommended that SERVE should be shut down. They also declared that they do not believe that differently constituted projects could be more secure than SERVE. Their conclusion was that the real barriers to success in e-voting are not skills, resources, etc; it is the fact that given the current Internet and PC security technology, e-voting is an essentially impossible task.
The SERVE project was terminated indeed in January 2004. At the same time, Estonia continued to develop an e-voting system and implemented it according to the plans. The
Estonian security experts published their security analysis [2] at the end of 2003. They declared that in practical sense the Estonian e-voting system is secure
Many of us have dealt with electronic commerce transactions. This is already a part of everyday life. However, e-voting is not yet an obvious method for voting. The construction of electronic voting system is one of the most challenging security-critical tasks, because of the need for finding a trade-off between many seemingly contradictory security requirements like privacy vs. auditability. Thereby it is difficult to adopt ordinary mechanisms of e-commerce. For example, in e-commerce there is always a possibility to dispute about the content of transactions. Buyers get receipts to prove their participation in transactions. E-voters, in turn, must not get any receipts, because this would enable voters to sell their votes.
In 2003, Estonia initiated the project of e-voting. The aim was to implement e-voting in the elections of the local government councils in 2005. In January 2004, a group of
American security experts revealed the security report of Secure Electronic Registration and Voting Experiment (SERVE) [1]. The SERVE system was planned for deployment in the 2004 primary and general elections and allows eligible voters to vote electronically via Internet. After examining the security of SERVE, the group of security experts recommended that SERVE should be shut down. They also declared that they do not believe that differently constituted projects could be more secure than SERVE. Their conclusion was that the real barriers to success in e-voting are not skills, resources, etc; it is the fact that given the current Internet and PC security technology, e-voting is an essentially impossible task.
The SERVE project was terminated indeed in January 2004. At the same time, Estonia continued to develop an e-voting system and implemented it according to the plans. The
Estonian security experts published their security analysis [2] at the end of 2003. They declared that in practical sense the Estonian e-voting system is secure