International regulation of e-voting

The Council of Europe’s Recomendation Rec2004(11): a brief recapitulation

The Recommendation Rec(2004)11 of the Council of Europe on legal, operational and technical standards on e-voting already has almost a decade of life. Its broad scope encompasses both internet voting procedures and local voting machines. Although e-voting mechanisms are still depicted as modern and innovative solutions, it would be better to assume that we are dealing with a mature technology that has been implemented in several countries since at least the nineties. Belgium or Netherlands started using it in that decade, the 1995 Catalan elections included an e-voting pilot as the first Spanish experience, and France uses voting machines since 2003. Obviously each country may provide its own successful or negative experience (e.g. Ireland, Germany), but the overall scenario is consolidated and the best evidence can be found in the fact that nowadays we are already talking about a second generation of e-voting procedures. The technical, social and legal debates have been evolving identifying new analytical patterns.

Taking into account such an evolution, the CoE’s Recommendation becomes even more important. In 2004, when it has been approved by the Committee of Ministers, internet voting was at a very initial stage and voting machines only had a limited historical perspective. The Recommendation pointed out some essential e-voting features and namely it provided a systematic approach on which requirements had to be met in a correct e-voting implementation.

Almost a decade afterwards, it is time to evaluate the actual usefulness of this text. First of all, it is worth stressing that it still is the only transnational document aiming at writing down e-voting standards. Some countries, as the United States, have their own internal guidelines, but there is no other document with such an international scope. Only IDEA issued last year a text regarding e-voting observation, but it has a different format, closer to a white paper and not to a real international regulation.

Second, the Recommendation constituted a great institutional effort in order to adapt traditional electoral principles, such as the secrecy, the freedom or the universality, to the new scenario created by e-voting devices. However, the document payed less attention to some procedural aspects that became afterwards cornerstones for a successful implementation of e-voting solutions. The increasing maturity of these technologies revealed that e-voting entails  a major change on how citizens supervise the electoral procedure and therefore only a procedural approach can guarantee substantial electoral principles. Electoral observation and the overall transparency had to adopt new methodologies. Certification mechanisms became essential as well. Although the Recommendation did include some points regarding both observation, transparency and certification, it did not contain a detailed approach. Actually the Council of Europe itself detected such weakness and promoted two specific developments of the Recommendation that led to guidelines both on transparency and certification that have been approved in 2010.

The Recommendation has been increasingly accepted as an effective international benchmark, that is, a document that has to be taken into account for domestic e-voting developments. It is a positive signal of its actual usefulness. Belgium, for instance, asked the Council of Europe to analyze whether the BeVoting study complied with the standards set up by the Recommendation. Such a study intended to update the Belgian e-voting system and proposed up to five solutions. Finally, last year Belgium started using a new e-voting platform (see link to the CoE’s report),

Norway also adopted the Recommendation as a benchmark and it even included a mention in its internal legislation as it states that the compliance with the CoE’s Recommendation is a legal requirement to be met by any internet voting system deployed across the country: “The Council of Europe’s REC (2004) recommendations relating to legal, operational and technical standards for e-enabled voting (e-voting) shall form the basis of these trials, unless otherwise specified in these regulations” (art. 3 / Regulations to trial electronic voting … at the 2011 municipal and county council elections).

Finally, other countries, like Estonia or Switzerland, also payed attention to the Recommendation in order to adapt their internal procedures. In the case of Switzerland, the federal ordinance on internet voting introduced in 2002 already contained very similar provisions.

Once assumed the role played by the Recommendation during the last decade, it seems obvious that e-voting still is an evolving topic. Different successes and defeats provides enough data for identifying the weakest elements and there are several ongoing projects trying to fix such problems and launching a new generation of e-voting mechanisms. Given that next reviews of the Recommendation will have to take into account these new e-voting challenges, let me propose three pending legal debates:

a) End-to End (E2E) verification uses to appear as the perfect solution for verifiability problems, but there still are a number of unsolved issues to be addressed and such a statement is also true for those countries with excellent E2E approaches. Although E2E is normally applied in conjunction with software independent verification methods, that is, procedures opened to be verified by any expert with any software, that theoretical principle might be implemented in such a way that few people or even none actually assume the verification tasks. From a legal point of view, we would be dealing with a formal guarantee with a minimum real (material) impact and probably a mere non-used chance to conduct an E2E verification would not be legally enough. We should also wonder whether it is correct to officially invite specific groups in order to balance the absence of spontaneous verificators, as happened in Norway.

Moreover, what will legally happen if there is a discrepancy between to E2E verifications? There are no easy solutions since new technical reports nor new elections seem good options. A judicial decision would also be extremely difficult given that the technical basis of the dispute.

b) as already reported in another post, mathematical assumptions on election integrity might become an important procedural benchmark to stop fraud, but it is worth wondering how we can translate these algorithms to legal regulations. Even if we obtain a mathematical evidence of a fraud, probably we will never have real data to link such a fraud with given polling stations and even given people. We would only have a logical assumption and it is still doubtful how such mathematical conclusion will operate at the courts. Certainly logical assumptions use to play an important role within the legal reasoning, but electoral matters normally need empirical data. Accepting a mathematical assumption as a legal evidence would be a major change in case of electoral disputes and therefore it needs deeper legal analysis.

c) finally, we already have a significant number of judicial decisions on e-voting mechanisms and such material could be very useful to improve the Recommendation itself. Their analysis will help us to reduce the gap between theory (the CoE’s document) and the praxis (judicial decisions). Normally the latter have a nuanced approach that provide insights about the real meaning of the legislation and its consequences. Such a dialogue between two types of legal documents is even more important when we address still evolving problems, as it happens with e-voting.

This entry was posted in controls, e-election, e-voting, legislation, transparency, verifiability. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.