Establishing a Legal Framework for E-voting in Canada
Appendix A – International Standards and Reports
In conducting our research on what an ideal legal framework for Canada would be, we consulted with major reports on e-voting produced by government agencies as well as guidelines produced by international election observers. This is an overview of the key findings and criteria synthesized from those reports.
A.1 Council of Europe
The Council of Europe (COE) has released the only set of specific Internet voting standards that are valid and approved at an international level (Smith 2006). In 2004, the COE released the Legal, Operational, and Technical Standards for E-voting (Recommendation Rec (2004)11) (COE 2005), which was a guide to the legal, operational and technical standards for e-voting. Canada currently holds observer status to the COE. In addition to the recommendations, the COE has also released handbooks on implementing e-voting.
The COE's main recommendations comprise 121 requirements that serve as a checklist for implementing e-voting and that have been highly referenced by member nations, including Norway and Switzerland, in implementing their e-voting systems.
The COE framework itself is light on legal specifics, recognizing the wide range of national electoral legislation. Instead the focus is on specific best practices such as accessibility, security and practical elements of e-voting. The purpose is to encourage its member states to counter low voter turnout by embracing informational and communication technology used in day-to-day life. The council recommends that public confidence be built by ensuring that e-voting systems are "secure, reliable, efficient, technologically robust, open to independent verification and easily accessible to voters" (COE 2005, 7). To encourage this, the COE recommends that members change domestic legislation to meet the criteria, as well as ensure e-voting elections are as reliable and secure as those that do not use electronic means.
The recommendations are divided into three components: the legal, operational and technical steps that must be taken. The legal component embraces some general principles such as universal suffrage, equal suffrage and free suffrage, as well as the protection of election results. Many of the recommendations echo features that transcend voting methods, such as preventing a voter from voting multiple times, not disturbing freedom of choice and properly preparing registration lists.
- Principles (universal suffrage, equal suffrage, free suffrage)
- Procedural safeguards (transparency, verifiability and accountability, reliability and security)
- Notifications, voting, results
- Accessibility, interoperability (ability of various technical components to operate together), system operation, security, audits, certification
- Make interfaces clear and useable (recommended standard number 1)
- Ensure the systems' use is maximized by the disabled (standard number 3)
- Keep e-voting as an additional and optional means of voting (standard number 4)
- Ensure users can cast a blank ballot (standard number 13)
- Allow voters to break off voting at any time (standard number 11)
- Protect user privacy (various recommended standards)
- The public should be educated and be confident (recommended procedure number 20)
- Information should be publicly available (procedure number 21)
- Advance testing and trial by voters is recommended (procedure number 22)
- Observers should be permitted to observe and comment on elections (procedure number 23)
- Independent testing should be conducted before the system is used (procedure number 25)
- Steps should be taken to prevent fraud or unauthorized intervention (procedure number 29)
- All changes to the system should require teams of two (procedure numbers 32 and 33)
- Remote voting should not end at a later time than poll stations (procedure number 45)
- Steps should be taken to prevent linking voters with the votes (procedure number 48)
Much of the report is very specific, containing steps to ensure that privacy, security and systems are adequately tested; that proper audit methods are in place; and that backup plans are in place in case there are any hardware failures. It is now becoming common for election observers to use the COE's recommendations as a report card to test system requirements and procedures, and we would recommend that election officials in Canada consider referencing this checklist as well.
Not all of the recommendations are universally adopted. For instance, there is debate on whether a voter should be able to get a receipt for having voted, as some feel it can lead to voter coercion, while others feel that a paper trail of some sort may help voter confidence. Nor are the recommendations entirely complete. They do not address specific laws that should be in place to prevent election fraud or what is the best way to distribute tasks in an electronic voting system.
A2 United States Election Assistance Commission
The United States Election Assistance Commission has released comprehensive guidelines for the use of controlled e-voting systems, but has yet to release the same requirements for Internet voting. The commission was created in 2002 through the Help America Vote Act of 2002, a bill passed by the US Congress to encourage states to replace outdated punch card and lever-based voting systems that were controversial in the 2000 presidential election, particularly in some of the Florida counties. The Help America Vote Act of 2002 legislates some minimum standards, while the National Institute of Standards and Technology advises the commission on a set of specific guidelines.
Voluntary Voting System Guidelines is a set of criteria governing the use of controlled voting machines that use direct-recording electronic technology.Footnote 12 While each US state independently administers federal and state elections, states that comply with the minimum requirements of the Help America Vote Act of 2002 are eligible for federal funding toward the purchase of voting machines. Some states have adopted the Voluntary Voting System Guidelines certification requirements directly, while others have set their own guidelines.
- Creation of an independent Election Assistance Commission
- Requirement for one direct-recording electronic or assisted voting machine to be at each polling place
- Requirements for a paper ballot
- Ability for voters to verify their choice before voting
- Stipulation that the Election Assistance Commission creates voluntary guidelines, but states are free to choose their own means
- Functional requirements
- Usability and accessibility (including colour, contrast, test size)
- Hardware, software and telecommunications requirements
- Quality assurance and configuration management
- Functionality testing
- Hardware and software testing
- System integration and quality assurance
The Help America Vote Act of 2002 also requires the Election Assistance Commission to conduct a study of Internet-based voting, but this appears to be a subset of other studies. We have found a general survey of Internet voting, but no detailed guidelines to the extent of the Voluntary Voting System Guidelines.
Some criticism has been levelled against the Voluntary Voting System Guidelines criteria, because once technology is certified, there was no requirement that recertification would have to happen, and the guidelines have been slow to adapt to new threats. Some states such as California have adopted additional requirements that any errors or problems that become known must be immediately reported on threat of substantial fines.
A.3 Organization for Security and Co-operation in Europe
The Organization for Security and Co-operation in Europe (OSCE) is a European-based oversight group that, among other things, sends election observers to almost every major European election to provide a report card and review of election procedures. The OSCE's reports are excellent for providing independent information on how elections take place in practice. We used its reports on Norway, the Netherlands, Estonia and others to identify areas and deficiencies that other jurisdictions came across in running their e-voting elections.
The OSCE's Election Observation Handbook (OSCE 2010) instructs its observers to observe practices in how nations conduct their voting, which is useful for observers examining both paper balloting as well as Internet voting. The handbook notes that some of the following steps are the best way to ensure voter confidence in any electoral system.
- Transparent certification of systems and reporting of results
- Independent testing by academics or certification bodies
- Regulations to avoid conflicts of interest with third parties
- Strong auditing methods at defined times
- Divided responsibility among officials, vendors and testers
- Lack of an adequate legal framework
- Lack of manual-audit capacity
- Lack of access to the source code
- Lack of public confidence in the integrity of electronic-voting equipment
- Insufficient training of election officials
- Lack of information provided to voters
- Lack of transparency in the certification process
- Lack of division of responsibility among vendors of equipment, certification agencies and election administration
- Lack of clear guidance or regulations in cases of equipment failure
The OSCE's early reports strongly recommended paper ballots, but this was for stand-alone kiosks in a controlled environment where there was a concern with tampering of individual voting machines.
A.4 International Foundation for Electoral Systems
The International Foundation for Electoral Systems (IFES), a non-governmental organization, has long been an expert in reviewing elections law, on topics including proportional representation, voter fraud and e-voting. IFES consists of academics and other experts in legal affairs who routinely consult and work with developing nations to implement election laws. It has released excellent handbooks on conducting feasibility studies for e-voting elections, as well as implementing solutions. In its recent report, International Experience with E-Voting (Barrat i Esteve et. al, 2012b), the IFES presented a broad survey of many of the considerations that are needed for e-voting, which was invaluable for our research. The foundation conducted an in-depth study on the recent Norwegian pilot projects. In its 2011 report, Electronic Voting & Counting Technologies: A Guide to Conducting Feasibility Studies (Goldsmith 2011), the IFES highlighted the importance of reviewing existing legislation and recommending changes to accommodate voting technology.
- Making changes to election laws to ensure observers can access all key components of the election administration process
- Implementing security mechanisms and safeguards to ensure accuracy and integrity of elections
- Putting in place requirements for initial and periodic certification of technology, including who can conduct it and what the consequences of failure would be
- Having legal contingencies for failure of an auditing mechanism or deciding which record takes precedent if there are differing records
- Specifying whether there are mandatory audits in place
- Considering the mechanism in place for challenging results
A.5 The Carter Center
The Carter Center, a US-based charitable organization, among other things sends election observers to many developing nations and helps to build civil society in many countries. The center has worked with the United Nations on developing an international framework for election observers. Because most of the elections it covered are in jurisdictions with little cultural similarities to Canada or were involving voting machines, we did not use its cases studies in our report. However, The Carter Center Handbook on Observing Electronic Voting (The Carter Center 2012) provides a guide for observers on what they should look at when examining a legal framework. While the handbook is not aimed at Internet voting, we found the considerations very helpful in designing a comprehensive legal framework for e-voting.
- How does the legal framework for e-voting protect fundamental human rights and support obligations for democratic elections (including whether secrecy is protected)?
- Is the legal framework clear and consistent regarding the use of e-voting technologies? (Is it in legislation or ad hoc?)
- Who are the key stakeholders related to the use of e-voting in this electoral process? What are their respective roles according to the law? (For example, is there a technical subcommittee or an independent technological advisory body?)
- Does the law allow independent, third-party inspection of the system and observation by domestic and international observers and candidates, parties and their agents?
- Does the law require a voter-verified paper audit trail, and what is the legal relationship of this record to other records of the vote?
- Does the electoral calendar allow enough time for all aspects of the process?
- What tests or certification of the system is legally required?
- What are the election day procedures as outlined in law?
- What security and contingency plans are prescribed by law? (Do the electoral offences cover e-voting?)
- What provisions are in place for the resolution of electoral disputes regarding the use of e-voting technologies?
- Are there major gaps or flaws in the legal framework regarding the use of e-voting?
Additionally, The Carter Center raised other issues about what steps are taken to inform the voters and increase their confidence. Was the technology tendering process open? Who has ownership to the intellectual property? Is there a contingency plan in place for technology failure?
A.6 Canadian Research
For the purpose of our recommendations, we think is it important to also recognize some of the considerations that have begun to surface in other discussion papers regarding e-voting.
A discussion paper produced by Elections BC, the electoral authority in the province of British Columbia, identified seven criteria for e-voting (Elections BC 2011).
- Accessibility: This includes recommendations such as maintaining a user-friendly interface, promoting public access and not using the Internet as the sole means of voting.
- Equal voting power: This includes recommendations about centralizing lists of who has voted, as well having in place methods to allow multiple votes but only to maintain the last one.
- Secrecy: This includes recommendations on using cryptographic processes as well as allowing voters to vote multiple times to reduce voter coercion.
- Security: This consists of recommendations on identifying threats and designing technology to combat these threats.
- Auditability: This consists of recommendations to ensure that voters are able to verify that their votes were counted as they intended to. Additionally, this also refers to the ways in which the system and hardware are tested, certified and relied upon by experts.
- Transparency and simplicity: This includes recommendations that mainly involve ensuring that transparency, openness and simplicity are kept in mind and that as much of the testing, auditing procedures and implementation plans are available for public review.
Like some of the other sources, many of the considerations in the Elections BC report span both the legal and technical requirements.
Return to source of Footnote 12 Direct-recording electronic machines are one common form of controlled voting technology, and the one most commonly associated with electronic voting in the United States.