10 July 2020, Tony Rutkowski, e-Voting Cybersecurity Group Technical Lead, ETSI
e-Voting Risks
All voting systems consist of the same architecture and three process modules:
- voter identity, registration, and database integrity;
- notice; and
- balloting systems – vote capture, tabulation, and reporting. Tamper proof auditing is essential for all processes. There are risks associated with each of these processes, and when they are enhanced by electronic systems the risks usually increase due to the complexities and vulnerabilities of all electronic systems. Connecting any of the modules to a network at any point, dramatically increases the risks.
The ETSI work is designed to understand all these risks and develop sets of best practices and controls to minimize them. Those best practices include both technical ones such as the use of blockchain technology, as well as non-technical ones such as the use of only authorized, certified software, auditing and monitoring, and undertaking risk assessments.
