eDemocracy: Digital Rights and Responsibilities (I). Stakeholders and tech companies

Notes from the eDemocracy: Digital Rights and Responsibilities conference, organized by the Government of Catalonia and held in Barcelona, Spain, on 16 November 2018. More notes on this event: edemocracybcn.

Panel of stakeholders and tech companies
chaired by Joana Barbany

Municipalities and technology: more political participation?
Cllr. Jennifer Layden, Convenor for Equalities and Human Rights of the Glasgow City Council

Being involved in new media and social media enables administrations to engage with citizens.

There still is the challenge how technology can help to bring better outcomes, to bring increased access to democracy and participation. So far increased access is quite a success, as many people that cannot attend face-to-face meetings do participate online.

Enabling access to participation through online technologies should not be in detriment of excluding people for just the opposite reason: they cannot use online tools.

Working with local communities with participatory budgeting.

Technology and participation, one more step towards democratic pedagogy
Arnau Mata, tinent d’alcalde de Comunicació, Participació Ciutadana i Sistemes TIC, i portaveu de l’Ajuntament de Sant Vicenç dels Horts

The general context of political corruption is affecting all the institutions, regardless whether they or their members are corrupt or not. This is putting a stress on daily governance.

Some participatory processes where put to work, to let citizens have their say, and enable new ways so that institutions could speak with the citizens.

They are using Decidim, Barcelona City Council’s participatory platform.

Online participation allows monitoring of participatory processes, helps people to participate, empowers minorities in the public agenda, legitimates civic organisations, etc.

Open government and citizen participation channels in the digital era
Carles Agustí, Open Government Director at the Barcelona Provincial Council

Unlike preceding times, now citizens have lots of information, usually much more than governments themselves. Adaptation to this new reality is compulsory.

Open Government is the answer to the demands of change of the people in the way to do governance and politics. But it is not only a mere website, but a whole new strategy, a deep cultural change.

Technology is absolutely changing the landscape:

  • Open data would simply not exist without technology.
  • Civic platforms can better organize with technology.
  • e-Participation opens new channels, ways and methodologies for participation.
  • And, last but not least, more and different individual citizens can gather thanks to technology.

It is important to acknowledge that data have a lot of public value when they become open as open data. And that it is not only about giving data away but also about listening to citizens.

On-line voting: a security challenge
Jordi Puiggalí, Head of Research and Security Department, Scytl

There are no secure channels: it’s security measures that you implement that make voting secure. This includes on-site voting or postal voting.

Cryptographic protocols can guarantee privacy and integrity of voting processes.

Cryptography also allows to audit voting processes.

Discussion

Jordi Puiggalí: Blockchain can provide identity, but not integrity nor privacy.

Arnau Mata: the best way to convince people to participate is showing that it does work, that the government cares about what is being said and applies the general agreements.

eDemocracy: Digital Rights and Responsibilities (2018)

Jordi Puiggalí: Citizen security in electronic environments. The case of electronic voting

Notes from the research seminar Citrizen security in electronic environments. The case of electornic voting, by Jordi Puiggalí, held at the Open University of Catalonia, Barcelona, Spain, on January 28th, 2010.

Citrizen security in electronic environments. The case of electornic voting
Jordi Puiggalí, Scytl

Electronic voting is the natural evolution of the electronic count in elections. Two main kinds:

  • Face to face: people still go to polling stations, but vote in polling machines
  • Remote voting: you vote from home

Advantages

  • Count of votes is faster and exact
  • Cost saving in paper and printing (though there are added costs, especially in face to face electronic voting)
  • Increase of accessibility for disabled people. Also avoids identifying who was the voter (e.g. there’s only one blind voter in town: the ballot-paper in Braille is theirs)
  • Flexibility to include last-minute changes
  • Support for multiple languages. This, at its turn, avoids errors and avoids identifying who was the voter (e.g. there’s only one voter in town that speaks arabic: the ballot-paper in arabic is theirs)
  • Prevents involuntary errors that can end up in spoiled ballot-papers
  • Economies of scale (specific of remote voting)
  • Eases citizen participation (specific of remote voting)
  • Increases the mobility of the voter, as they can vote from anywhere (specific of remote voting)
  • Eases access to the voting process thus increasing participation (specific of remote voting)

Security threats

In traditional polling, the voter has a direct relationship with their vote and the polling station, committee, etc. Electronic voting adds an infrastructure layer that implies that the relationship between voter and vote becomes indirect/mediated. This mediation poses 4 security risks

  • The digital nature of the votes means that they can be easily added, erased, manipulated, and the privacy of the voter compromised at large scale;
  • The complexity of the systems at use, with the possibility of hardware functioning errors, bugs in the software, etc.;
  • Lack of transparency, as the technological infrastructures are more difficult to audit (e.g. how can you tell whether someone cracked the system?);
  • The introduction of new actors with privileges in the voting process, like system and platform administrators that can have privileged access to the voting process.

Side note: these threats can be extrapolated to the case of health records and many other cases.

How to address risks?

Physical measures

  • Avoid physical access to the protected device
  • This cannot be done in remote voting, at least not in the whole process

Organizational measures

  • Who has access to what
  • They necessarily have to be accompanied by monitoring measures (intensive log recording)
  • Intensive monitoring can lead to knowing who’s voting what

Logic measures

  • Automatic security measures
  • Easier to audit
  • Logic measures can, at their turn, be attacked themselves
  • Logic measures must not interfere (or even alter) the normal voting process

Security services

  • Information privacy: guarantee that no one knows what you did (e.g. your vote)
  • Information integrity: guarantee that information is not altered
  • Non-repudiation: avoid that you cannot deny having done something that you actually did
  • Authentication: ensure that the person that claims to have done something is that person
  • Authorization: you can do what you are allowed to do
  • Auditability: be able to track the system and assess its performance
  • Availability: always available.

One of the big differences between circumventing security in off-line voting and online voting is that scalability of the attack is much higher in online environments. E.g. identity theft in the offline world can be easy to do once, but not several times in the same polling station, but if done once in the online world, it is very likely that it can be done again, and very quickly, ad infinitum.

Electronic voting can identify which votes are valid and which ones not. You need not invalidate the whole polling station, but only the invalid votes.