Geneva Internet Voting system

Acronym of the case:

GIVA

Web address of the case:

http://www.ge.ch/evoting

Country of the case:

Switzerland

City/region:

Geneva

Posting Date:

25 October 2005

Last Edited Date:

21 July 2011

Author:

Michel Chevallier (State of Geneva)

referendum | vote | einclusion

Type of initiative

Project or service
Strategic initiative

Case Abstract

While electronic voting machines have been criticized for their lack of transparency, internet voting being centralized is easy to monitor and audit. The State of Geneva has developed under Swiss federal guidance a remote voting application using the web. It builds on a 16 years positive experience with paper-based remote voting (postal voting). Nineteen official ballots have been organized so far (August 2011), elections as well as referendum. We have created a controlled voting environment by uploading an applet to the voter's PC and reinforcing the SSL channel.

Description of the case

Domain

eGovernment

Topic

eIdentity and eSecurity | eParticipation, eDemocracy and eVoting | Multi-channel Delivery

Sector

Education, Science and Research | Local/Regional Community Development

Start date - End date

June 2001 (Ongoing)

Date operational

January 2003

Target Users

Administrative | Citizen

Target Users Description

We target all Geneva voters, that is 215,000 for cantonal and federal ballots, and 290,000 for municipal ballots, since foreign residents are allowed to vote in these. As our hope is to attract new voters to the polls, and as citizens below the age of 50 are underrepresented among active voters, we ambition to draw a fraction of them to the ballot. This age group encompasses some 110,000 citizens out of the 215,000 eligible to vote (foreign residents excluded), which is more than half of the total.

Scope

National | Regional (sub-national)

Status

Implementation

Language(s)

French

Policy Context and Legal Framework

In 2000, the Swiss governement launched an internet voting pilot programme that lasted to December 2005. Three cantons volunteered to develop eVoting, among them Geneva. The Confederation provided 80% of the development costs until 2005, in return for a free transfer of the system to any other canton that would request it. The idea is to offer the 23 remaining cantons, with different electoral laws and systems, a choice among three eVoting applications to disseminate eVoting in the whole country. In Switzerland, being federalistic, legal changes must also be made at the canton level. In Geneva, the citizens will vote in 2008 on a legal provision to make internet a regular voting channel. Internet voting will also allow for the enfranchisement of Swiss citizens living abroad (almost 10% of the electorate lives outside Switzerland). Postal voting is too slow, even within Europe. From an EU point of view, internet voting contributes to the freedom of movement of people within the EU and is a powerful tool for inclusion. This last statement is also supported by the socio-political findings made in Geneva.

Project Size and Implementation

Type of initiative

Participation

Overall Implementation approach

Public administration

Technology choice

Not applicable/not available

Funding source

Public funding national

Project size

Implementation: €1,000,000-5,000,000

Yearly cost:

€1-49,000

Implementation and Management Approach

The difficulty in the Swiss case lies in the fact that remote ballots - postal and internet - are open for 2 to 3 weeks according to the type of ballot. To make things more simple, remote voting closes the day before the polling stations open. Polling stations are only open for 2 hours on the ballot day itself. Voters can only cast a single ballot, and they may be prosecuted if there is evidence that they tried voluntarily to vote more than once. The central feature in this process is the voting card. To vote by post, one has to fill in his birthdate, sign it and send it back. To vote online, one has to use the voter's number and PIN code printed on the card. Since the PIN code is hidden behind a plastic field that must be rubbed away, polling station workers know when they see an unmasked PIN code that they must ensure that this given voter hasn't already cast a ballot. This can be done by checking the voters' database.

Technology solution

All the equipment relative to eVoting is connected to a specific strand of the State network and separated from it by a firewall. The machine structure is camouflaged. Direct access to the database servers containing the eBallot box is impossible. At the system's entry, a pair of machines distributes the load. If one server suffers power outage, the load is transferred to the remaining one. The system uses two types of servers: internet/application ones and database ones. Any specific equipment is placed under the control of a monitoring system which is itself cloned and self-checking. At the slightest sign of failure, a signal is transmitted to the operators who take the necessary measures. The monitoring system also checks the eVoting homepage: any modification attempt will trigger an alarm. The number of votes received is compared with the number of entries on the electoral roll; any discrepancies will set off an alarm.

Impact, innovation and results

Impact

Today, a ballot conducted over the three channels (polling station, post and internet) costs 7,5% more than a ballot without internet and another 5,5% of internal costs. Geneva counts 220,000 voters. Current turnout (without internet) is around 50%. 95% of all the casted votes are postal votes. The state pays the return stamp. In this context, 30,000 eVotes (27% of all the casted votes based on a 50% turnout) are enough to offset the extra costs generated by internet voting. Any vote beyong this figure helps us saving money. We are already at 22%-25% eTurnout and we expect this share to grow quickly to 30%. Security is and always was our priority. We established an 11-rules long catalogue based on the international and national law covering elections. Voter ID must be protected, voters must have a single vote, etc. The challenge was to create a controlled area that would be as wide as possible, to recreate the polling station environement. SSL over HTTP offers an unsafe protocol implementation: in this configuration, the browser running on the client's computer (an unsafe place) initiates the communication and defines the key length and the algorithm used. It has been shown that SSL is vulnerable to â€œman-in-the-middleâ€ attacks. Interception and modification on the fly were easily performed. We developed an approach in which, when a browser wants to establish a communication with our server, it has to do it according to our conditions and following our security rules. The server sends an obfuscated applet to the client PC. We control the applet and can know whether the client's environement has altered it or tried to do so. This is what we call the "secure channel". The applet's unique role is to encrypt and decrypt the HTTP flow. Computers are completely deterministic and the fundamental bases in cryptography is the need for randomness. Therefore, we use True Random Number Generator using Quantum principles to define the encryption key, thus reaching an unprecedetnd level of encryption in order to protect only the necessary data embedded on the standard HTTP flow.

Track record of sharing

The developments conducted in Geneva have been shared and some have been implemented elsewhere: -The single voting card for the three voting channels and the hidden PIN code have been implemented by Zurich (pilot canton), -The secure channel using quantuum encryption is currently evaluated by NeuchÃ¢tel (pilot canton) and will probably be implemented there. We also receive on a regular basis foreign delegations and share our experience in the framework of the Council of Europe working group on electronic voting, which has been active since 2002. We are now working on packaging our solution in a way that it would make it transferable and tailorable to the needs and electoral legislation of the interested public authorities. This takes place at the request and with the support of the federal authorities, since we commited ourselves to make the solution freely available within Switzerland.

Lessons learnt

Lesson 1 - It is usually believed that universal suffrage has been achieved in Western Europe. Yet, voters' abstention is not only linked to a disinterest in politics, it is also linked to a lack of appeal of the existing voting channels. Internet voting appeals to "new" voters. Its impact on turnout will differ from country to country according to the various histories or institutions (representative or participatory democracy). In Estonia, online turnout reached 2% to 5%. In Geneva, more than 20%. As a share of these used to be abstainers, the impact on turnout will be bigger in Switzerland than in Estonia. Lesson 2 â€“ e-Voting may be the most difficult online transaction to realize (because of the anonymity requirement linked with traceabilty and auditability), but as it manages to solve all the hurdles one has to deal within eGov, it helps to boost its implementation rather than slowing it. Lesson 3 - Internet voting cannot be implemented in any kind of context. Beyond its technical aspects, internet voting is almost more a cultural project than a technical one. The context is essential.

Multimedia Content Select a Tab

There isn't any image for this case

There isn't any Video for this case