General elections over the Internet: what could possibly go wrong?

Sasa Radomirovic

University of Surrey, UK

Abstract

Online voting is seen as a way to include a wider demographic in the democratic process and increase voter turnout. But can we control the security risks? Election protocols and their security and privacy requirements have been studied for more than 40 years. The first democratic election with an option to cast a vote over the Internet took place in the year 2000. Since then several countries have trialed or repeatedly used online voting systems.

Due to the high stakes and high risks for fraud and foreign interference, the design, implementation, and operation of a country’s online voting system requires an extraordinarily careful examination. Switzerland’s approach to secure online voting has been to require formal verification of the voting system’s protocols, public intrusion tests, and published source code open to public scrutiny. This transparent approach offers a valuable case study on the deployment of a complex, security-critical system.

In this talk, I will review the security challenges for Internet voting systems with a focus on Switzerland’s approach. I will then discuss some of these challenges from the academic, formal verification perspective with a view towards the verification of security-critical systems in general.

Short Bio

Sasa Radomirovic holds a PhD from the Department of Mathematics at Rutgers University, NJ, USA. His research focus over the last 20 years has been on the application and development of formal methods for information security. He held postdoctoral positions at NTNU Trondheim in Norway, CRM Barcelona in Spain, and the University of Luxembourg. He was a senior scientist at ETH Zurich, his alma mater, in the Institute for Information Security. Before joining the University of Surrey in April 2022, he held faculty positions at the University of Dundee and at Heriot-Watt University.