Abstract
When computing scientists speak about electronic voting, it is often in terms of trust. But there are two contradictory statements. First, they argue that it should not be necessary to trust e-voting systems, which would be the case if they are provably secure. Second, for an e-voting system to be successful, the public must trust it. When we unravel the confusing concept of trust, we find that there are two quite different meanings: relying on something that one does not understand and does not really choose (confidence), or relying on something that one does understand and has consciously chosen (trust). The distinction is due to the German sociologist Niklas Luhmann. In this contribution, we analyse how this distinction can help in analysing the controversies around electronic voting. It is argued that because of the controversy, paper voting and e-voting now tend to be seen as radically different alternatives, which require comparison and a conscious decision. Trustworthiness, as opposed to reliability only, has thereby become a major requirement of electronic voting systems, leading to the implementation of various verification options. This increasingly applies to other systems that handle sensitive data as well. We will discuss the various types of verifiability in electronic voting systems, and how these can contribute to trustworthiness of data processing in general.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
The function of trust as a means for reduction of complexity seems to be known in computing science. For example, Nikander and Karvonen (2001) mention this aspect. However, this paper does not refer to the work on trust by Luhmann.
- 3.
One may argue instead that the reason is not that they are not used to them, but rather the fact that it is harder for them to learn new things. Yet this is precisely one of the conditions that invites relying on familiarity rather than trust.
- 4.
This general approach is not without exceptions; cf. Nikander (2001).
- 5.
Reliability is used in the more limited sense of continuity of correct service in Avižienis et al. (2004). Our notion of reliability roughly corresponds to the “alternate definition of dependability” in their taxonomy, whereas trustworthiness corresponds to the “original definition of dependability”.
- 6.
Much depends on the interface. Before RIES was actually used in an election, a trial session revealed that too difficult a verification procedure decreases trust in the system among voters. The user-friendliness of the verification procedure was improved after the trial.
- 7.
Some systems introduce “practice ballots”, or similar measures, to prevent such attacks. However, these measures severely limit verifiability, because the tallier still needs to be able to distinguish real ballots from practice ballots, whereas the attacker should not be able to detect this via the means of verification offered to the voter. See e.g. http://zoo.cs.yale.edu/classes/cs490 / 03-04b/adam.wolf/Paper.pdf, consulted December 9, 2005.
- 8.
If a system is resistant against coercion even if the coercer can interact with the voter during voting, the term coercion-resistance is sometimes used instead of receipt-freeness (Juels et al. 2005). In order to avoid confusion, we consequently use the term receipt-freeness here.
- 9.
Equivalently, one shows that the negation of the formula does not hold for all instances.
- 10.
The analogy does not hold for computational issues around finding a witness. Still, we think that it is useful for understanding what the difference is between the two types of verifiability.
- 11.
Equivalently, one shows that it is not the case that one’s vote has not been counted.
- 12.
All types of proof discussed in this section may be relative to cryptographic assumptions.
- 13.
In public key cryptography, a secret message can be composed by encrypting it with the public key of the recipient, which is publicly known. The recipient can then recover the contents with her private key, which only she possesses.
- 14.
A hash function produces a fingerprint (hash) of the input, such that it can be checked if a new input matches the original one by comparing the hashes. The original input value should not be recoverable from the hash.
- 15.
Cf. Dutch constitution Article 3.2 and Dutch election law (“Kieswet”) Article J 15.
- 16.
Cf. Dutch election law (“Kieswet”) Articles 1, 8 and 9.
References
Avižienis, A., J.C. Laprie, B. Randell, and C. Landwehr. 2004. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1 (1), 11–33.
Baiardi F., A. Falleni, R. Granchi, F. Martinelli, M. Petrocchi, and A. Vaccarelli. 2004. SEAS: A secure e-voting applet system. In Software security: Theories and systems, eds. K. Futatsugi, F. Mizoguchi, and N. Yonezaki, 318–329. LNCS, vol. 3233. Berlin: Springer.
Baiardi F., A. Falleni, R. Granchi, F. Martinelli, M. Petrocchi, and A. Vaccarelli. 2005. SEAS, a secure e-voting protocol: Design and implementation. Computers & Security 24, 642–652.
Benaloh, J.C., and D. Tuinstra. 1994. Receipt-free secret ballot elections (extended abstract). In Proceedings 26th ACM symposium on the theory of computing (STOC), eds. J.C. Benaloh and D. Tuinstra, 544–553. New York: ACM.
Berlin, I. 1969. Four concepts of liberty. Oxford: Oxford Univ. Press (1958).
Brusco, V., M. Nazareno, and S.C. Stokes. 2004. Vote buying in Argentina. Latin American Research Review 39 (2), 66–88.
Chaum, D. 2004. Secret-ballot receipts: True voter-verifiable elections. IEEE Security & Privacy 2 (1), 38–47.
Cunningham, F. 2002. Theories of democracy: A critical introduction. London: Routledge.
Evans, D., and N. Paul. 2004. Election security: Perception and reality. IEEE Security & Privacy 2 (1), 24–31 (January/February 2004).
Hermans, L.M.L.H.A., and M.J.W. van Twist. 2007. Stemmachines: Een verweesd dossier. Rapport van de Commissie Besluitvorming Stemmachines, April 2007. Also available online at http://www.minbzk.nl/contents/pages/86914/rapportstemmachineseenverweesddossier.pdf. Consulted April 19, 2007.
Hildebrandt, M. 2008. Defining profiling: A new type of knowledge? In Profiling the European citizen: Cross-disciplinary perspectives, eds. M. Hildebrandt and S. Gutwirth, 17–45. Berlin: Springer.
Hirt, M., and K. Sako. 2000. Efficient receipt-free voting based on homomorphic encryption. In Advances in cryptology EUROCRYPT 2000, ed. B. Preneel, 539–556. LNCS, vol. 1807. Berlin: Springer.
Hubbers, E., B. Jacobs, J. Kiniry, and M. Oostdijk. 2004. Counting votes with formal methods. In Algebraic methodology and software technology (AMAST’04), eds. C. Rattray, S. Maharaj, and C. Shankland, 241–257. LNCS, vol. 3116. Berlin: Springer.
Hubbers, E., B. Jacobs, and W. Pieters. 2005. RIES—Internet voting in action. In Proceedings 29th annual international computer software and applications conference, COMPSAC’05, ed. R. Bilof, 417–424. IEEE Computer Society, July 2005. ISBN 0-7695-2413-3.
Ihde, D. 1990. Technology and the lifeworld. Bloomington: Indiana Univ. Press.
Jefferson, D., A.D. Rubin, B. Simons, and D. Wagner. 2004. Analyzing internet voting security. Communications of the ACM 47 (10), 59–64.
Joaquim, R., A. Zúquete, and P. Ferreira. 2003. REVS: A robust electronic voting system. IADIS International Journal of WWW/Internet 1 (2), 47–63.
Juels, A., D. Catalano, and M. Jakobsson. 2005. Coercion-resistant electronic elections. In Proceedings WPES’05. Alexandria: ACM.
Kim, S., and H. Oh. 2004. A new universally verifiable and receipt-free electronic voting scheme using one-way unwappable channels. In AWCC 2002, eds. C.-H. Chi and K.-Y. Lam, 337–345. LNCS, vol. 3309. Berlin: Springer.
Luhmann, N. 1979. Trust and power: Two works by Niklas Luhmann. Chichester: Wiley.
Luhmann, N. 1988. Familiarity, confidence, trust: Problems and alternatives. In Trust: Making and breaking of cooperative relations, ed. D. Gambetta. Oxford: Basil Blackwell.
Malkhi, D., O. Margo, and E. Pavlov. 2002. E-voting without ‘cryptography’. In Financial cryptography’02, 1–15. Berlin: Springer.
Mercuri, R.T. 2002. A better ballot box? IEEE Spectrum 39 (10), 26–50.
Neff, C.A. 2001. A verifiable secret shuffle and its application to e-voting. In Proceedings of the 8th ACM conference on computer and communications security, ed. P. Samarati, 116–125. New York: ACM.
Nikander, P. 2001. Users and trust in cyberspace (transcript of discussion). In Security protocols: 8th international workshop, Cambridge, UK, April 3–5, 2000, revised papers, eds. B. Christianson, B. Crispo, J.A. Malcolm, and M. Roe, 36–42. LNCS, vol. 2133. Berlin: Springer.
Nikander, P., and K. Karvonen. 2001. Users and trust in cyberspace. In Security protocols: 8th international workshop, Cambridge, UK, April 3–5, 2000, revised papers, eds. B. Christianson, B. Crispo, J.A. Malcolm, and M. Roe, 24–35. LNCS, vol. 2133. Berlin: Springer.
Pieters, W. 2006a. Acceptance of voting technology: Between confidence and trust. In Trust management: 4th international conference (iTrust 2006), proceedings, eds. K. Stølen, W.H. Winsborough, F. Martinelli, and F. Massacci, 283–297. LNCS, vol. 3986. Berlin: Springer.
Pieters, W. 2006b. What proof do we prefer? Variants of verifiability in voting. In Workshop on e-Voting and e-Government in the UK, eds. P. Ryan, S. Anderson, T. Storer, I. Duncan, and J. Bryans, 33–39. Edinburgh: e-Science Institute, Univ. of St. Andrews (February 27–28).
Pieters, W. 2008. La volonté machinale: Understanding the electronic voting controversy. PhD thesis, Radboud University Nijmegen, January 2008.
Pieters, W., and M. Becker. 2005. Ethics of e-voting: An essay on requirements and values in Internet elections. In Ethics of new information technology: Proceedings sixth international conference on computer ethics: Philosophical enquiry (CEPE’05), eds. P. Brey, F. Grodzinsky, and L. Introna, 307–318. Enschede: Center for Telematics and Information Technology.
Randell, B., and P.Y.A. Ryan. 2006. Voting technologies and trust. IEEE Security & Privacy 4 (5), 50–56.
Saltman, R.G. 2006. The history and politics of voting technology. New York: Palgrave Macmillan.
Selker, T., and J. Goler. 2004. Security vulnerabilities and problems with VVPT. Caltech/MIT Voting Technology Project, Working Paper 16, 2004. Also available online at http://www.vote.caltech.edu/media/documents/wps/vtp_wp16.pdf. Consulted February 10, 2006.
Storer, T., and I. Duncan. 2004. Practical remote electronic elections for the UK. In Proceedings of the second annual conference on privacy, security and trust, ed. S. Marsh., 41–45. Canada: National Research Council Canada.
Verbeek, P.P.C.C. 2005. What things do: Philosophical reflections on technology, agency, and design. Pennsylvania: Pennsylvania State Univ. Press.
Winner, L. 1980. Do artifacts have politics? Daedalus 109 (1), 121–136.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Pieters, W. (2010). Verifiability of Electronic Voting: Between Confidence and Trust. In: Gutwirth, S., Poullet, Y., De Hert, P. (eds) Data Protection in a Profiled World. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8865-9_9
Download citation
DOI: https://doi.org/10.1007/978-90-481-8865-9_9
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-8864-2
Online ISBN: 978-90-481-8865-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)