Understanding Biometrics – E-Voting and E-Count Security [opinion]

Research analysts at Biometric Research Laboratory (BRL) are keen to outline some of the most important criterions when implementing electronic voting (e-voting) systems.

BRL is the research group at Namibia Biometric Systems (NBS), which conducts applied research in the implementation of biometrics-based solutions for both government and commercial applications.

Implementing e-voting technology is more complex than most governments anticipate and therefore neglects vital requirements such as comprehensive research and consultations. In addition, electoral commissioners too often assume that e-voting systems are secure, while other electoral stakeholders often have greater distrust in technologies. Thus, electoral commissioners need to take security concerns extremely seriously. The security of e-voting and e-counting systems is critical to ensuring public confidence and overall electoral integrity.

It is important to realise that numerous security flaws have been detected in voting and counting machines in many countries. Public debate on and scrutiny of the security of such technologies has increased.

E-voting and e-counting systems are inherently less transparent than the use of paper ballots, where all steps of the voting and counting process are observable. If an e-voting or e-counting system is to be trusted by electoral stakeholders, it is important that the security challenges presented by the use of the technologies are understood and addressed.

Testing and Source Code Review: This is vital in ensuring that the e-voting system functions correctly and generates accurate results based on the votes cast. All key electoral stakeholders must conduct this so that they will trust and accept the results.

E-voting is unlike other electronic transactions, the voter cannot check afterward that his or her vote was recorded correctly. For example, with electronic banking, people can check their statements to see if any incorrect transactions were made and can have mistakes corrected.

The need for a secret vote denies the possibility for this level of transparency. More often, governments are not aware of the need to test the e-voting machines and what tests can be performed. The test must include acceptance testing, performance testing, stress testing, security testing, and usability testing and source code review. Historically the source code for e-voting was seen as proprietary in nature, exclusively owned by the supplier and not provided for any independent review.

Certification: In addition to comprehensive testing of e-voting machines prior to Election Day, it is good practice to have these systems certified prior to Election Day. The purpose of certification is similar to testing in that it determines whether the e-voting machines operate effectively. The difference is that an independent expert or organisation conducts certification.

Election Day: Election staff must ensure that sufficient resources are in place at every polling station to receive and properly operate e-voting equipment on Election Day. The resources must include sufficient personnel including technicians and procedures to address any issues that may arise with the operation of the electronic equipment on Election Day.

Observers must assess whether all procedures are appropriately followed in the setup, operation and closing of electronic voting equipment at the polling station, whether the technologies are usable and accessible for all voters and whether sufficient measures are taken to ensure election security.

Dr Risco Mutelo studied Biometric Engineering at the New Castle University in United Kingdom.

Source : New Era