Dutch govt seeks to explore security of current internet-based e-voting services by end of 2016

On May 19th 2015 the Dutch Minister of the Interior informed (.pdf, in Dutch) the parliament about the intent to carry out security tests of internet-based voting services, so as to examine whether internet voting can be facilitated to Dutch voters abroad. No reference is made to ongoing investigations/study into (domestic) electronic voting — although a system suitable to allow internet-based voting to voters abroad may also be suitable to voters located inside the Netherlands (depending on the costs involved in sufficiently securing the voter’s side). Here is a translation of the Minister’s letter:

Introduction

In the letter of September 17th 2014 I announced my intent to carry out a test with internet voting for voters abroad, and my intent to further inform you about this in the first half of 2015. I hereby fulfill that promise.

First, I want to memorize the background. In 2014, the cabinet found that the time has not (yet) arrived to facilitate internet voting to voters abroad. The reason for this is that this way of voting has too many risks and is too expensive. Because technology is developing, and the cabinet wants to make voting easier for voters abroad, I find it useful to monitor those developments. The test that I intend to carry out is a means to that end. The test, so I have informed you, will not take place before 2016.

The test relates to security and focuses on the following issues:

  • What does internet voting require from the voter. How can the voter have sufficient trust in a voting service he/she used to vote, and what is needed to achieve optimal reliability at the side of the voter;
  • How reliable are current internet voting services that are (or have been) used for elections of representative bodies.

Setup

Because it explicitly is not intended that the Ministry of the Interior will commission the development of an internet voting service for this test, the first step to take is examining whether vendors exist of internet voting services that are (or have been) used in elections, and who are willing to subject their service to the test — and if so, under what conditions. After all, they must be willing to accept the risk that the test shows that the security of the voting service(s) is not adequate.

If it would turn out that vendors exist who are prepared to participate in the test, and financial means for the test are available, then in the spring of 2016 the plan will be made for organizing and carrying out the test. The test can then take place at the end of 2016, and as mentioned before, will consist of a simulated election that will take a few days. During the simulation, the security tests will take place.

For the second aspect of the test, being what internet voting requires from the voter, two actions are foreseen. An exploration of the technical possibilities to reduce the risk at the side of the voter, and a survey among Dutch citizens who may vote from abroad to determine what level of security those voters believe are necessary to vote via the internet. Both actions will also take place at the end of 2016.

I promise to inform you in December 2015 about the results of the first step that is now taken, to examine whether vendors exist of internet voting services that are (or have been) used in elections who are willing to subject their voting service to the test.

EOF