Statement of Internet Society Poland concerning e-voting in general elections

[Polish version ]

Statement of Internet Society Poland

concerning e-voting in general elections




October 2007


Abstract:


Mass media have been recently publishing information on initiatives for introduction of common electronic forms of voting (including via the Internet). Internet Society Poland1 has analysed them in the light of requirements of transparency of voting procedure and of hope to improve votingturnout. Selected reports of cases of fraud concerning election results and of failures of electronic voting machines have been presented. Examples of increasing lobbing by producers of solutions supporting e-voting have also been indicated. On such background, in the opinion of ISOC, postulates for modification of election procedure in the direction of admitting voting through the Internet are burdened with risk of threat for democracy and elimination of voters from voting process.




  1. Introduction

E-voting makes honesty of democratic process depend on complicated computer systems available for inspection for a small group of experts only. Therefore, e-voting considerably reduces transparency of election procedure in comparison to traditional voting. Cases of other countries prove that such manner of voting does not considerably influence the level of turnout.

Elections are one of the most important institutions in democracy. For every citizen, manner of holding them must guarantee their honesty, which is the basis of correct functioning of a democratic state.

The election system is an axis of democracy and its even slightest changes should be analysed with utmost carefulness. Our opinion is based on professional experience of members of the Society and on international experience collected from publicly available sources.

Constitution of the Republic of Poland guarantees that election to Parliament, Senate and presidential elections are common, direct and are held by way of secret ballot (articles 96, 97 and 127). As far as technical side is concerned, the following conditions should be fulfilled by voting procedures: anonymity and secrecy of voting, lack of possibilities of vote selling, correctness of results and verifiability of results by voters2.

E-voting is a term covering a broad range of applications of IT technology in referenda and general elections. Specifically, in media it's being used in the following meanings:

  1. Electronic visualisation of voting results - computer systems play an auxiliary role during presentation and visualisation of voting results, with voting itself held in a traditional way.

  2. Electronically supported voting - computer systems are the main tool for accepting and calculation of ballots. Ballots are cast by voters personally in voting locations on dedicated voting machines.

  3. Voting via the Internet - ballots are cast remotely, from any location via the Internet, and a central computer voting system is responsible for accepting and calculation of ballots.

It is already for a few years that Polish National Election Bureau has used visualisation and computer aided transfer of results from local voting places to national central location. Nevertheless, IT systems are not the only mechanism of casting and calculating ballots, or a main one - this is the task of electoral committees. Binding results of elections are ones published by the National Election Bureau on the basis of manual calculation of ballots by every committee3, while computer network is used only for data transfer (of the Law4.

Some European countries and the USA implemented various ways of electronically supported voting or voting via the Internet. Most of them implemented only electronically supported voting, i.e. voting with use of computers with touch screens placed in voting location (USA, Brazil, Belgium). Only very few (Estonia) implemented voting via the Internet.




  1. Transparency of Voting Procedure

Experience from the communist times ("3xYES"5), election fraud in the Ukraine in 20046, in some republics of Russian Federation (Chechnya7) and numerous voting problems in the USA8 demonstrate that independent audit of work of electoral committees is critical for honesty of elections.

In Polish election system, audit of election process is guaranteed by the institution of poll watchers whose qualifications make it possible to verify work of electoral committee. The institution of poll watcher is to guarantee independent audit and transparency of committee's work in order to prevent abuse. As a result of the right to appoint own poll watcher by every interested party (a political party, a candidate) and placing such poll watcher in every committee, change of election results on the level of electoral committees is considerably hindered9.

In case of traditional voting with use of voting cards, ballot boxes and manual calculation of ballots, poll watchers can inspect the whole work of the committee. Every poll watcher, irrespectively of his or her education or experience can check the ballot box, voting cards and result reports, as well as observe the committee's work. Thanks to easy verification procedure it is possible to delegate sufficient number of poll watchers in order to control every electoral committee. Therefore, thanks to these features, in traditional elections the voting procedure is almost entirely transparent.

In case of electronically supported elections or voting via the Internet, i.e. where IT systems are responsible for accepting and calculation of ballots, transparency of the voting process for poll watchers is close to zero. They cannot monitor the process of collecting and calculation of ballots, as it is done in "black boxes", i.e. voting machines as perceived by them. Obviously, analysis of operation of such system is theoretically possible, but it is available to a narrow group of qualified specialists only, is extremely time-consuming, expensive and always leaves certain margin for doubt.

Cases of fraud in e-voting prove that this procedure costs much more than it was assumed before, and nonetheless still has severe flaws (Irish case, Ciber Inc case - discussed below). Moreover, it is extremely difficult to verify the voting process without violating voting secrecy. Therefore, e-voting means considerable limitation of transparency of voting process as compared with traditional voting, and thus - serious threat for honesty of voting10.

  1. Internet Voting and turnout

One of main arguments put forward for e-voting is hope for radical increase of voting turnout thanks to easier availability of voting tools, increased attractiveness of voting act and making citizens interested in such manner of voting. Voting "via the Internet" as a certain formula for increase of voting turnout is supported by Polish Institute of Public Affairs11, introduction of such voting manner is also postulated by Dariusz Bachalski, a senator from Platforma Obywatelska1213, as well as by Polska Młodych Association which has started campaign for collecting 100 000 signatures under a civil project of amendment of Electoral Law in order to introduce
regulations that make it possible to vote via the Internet14.

The only European country that introduced general voting via the Internet is Estonia. Experience of this country proves that despite huge cost, availability of electronic voting increased turnout only by a small extent - 5,4% ballots were cast electronically (however, there's noticeable increase of e-votes from 2005 to 200715).

Most probably the reason for such low interest were extremely high requirements towards computers and persons wishing to vote electronically. These high requirements are omitted in most publications referring to "Estonian success". Confirmation of voter's identity had to be done with a cryptographic card, which required a special reader and additional software (about 80% of Estonian citizens already have the card16).

These requirements are much above the standard to which Internet users are used, for instance in Internet banking. Probably it is for this reason that in Estonia only 5,4% voters voted electronically, although general support for this idea was declared by over 85% of respondents.

On the other hand, requirements for authentication of voters must not be lowered, if voting is to be safe. Frauds in e-banking systems (e.g. phishing17) are a common phenomenon (only in 2004 in the USA USD 80 million were stolen18) and such losses are covered from insurance created on the basis of risk analysis19. Consequences in case of fraud in election system are permanent and irreversible. They are also difficult to be evaluated for needs of possible financial indemnity20.

  1. Remote Voting and Vote Selling

In every case of e-voting - whether by mail or via the Internet - secrecy of ballot and independence of voters are jeopardised, and moreover a problem occurs with authentication, i.e. confirmation of voter's identity, which is always done in traditional voting place by checking identity documents. Worldwide experience proves that in case of voting by mail such abuse can take place - e.g. during election in Birmingham21 peddlers bought mail voting cards for £1.

The Internet gives greater possibilities of protection thanks to application of strong mechanisms of qualified electronic signature that are included in legal system. Nonetheless, their use generates additional measurable costs at the client's side (PC, software, cryptographic card, reader and the certificate itself) and creates another technological barrier against execution of civic rights.

Estonian practice referred to above shows that this barrier virtually eliminates the sense of Internet voting as a tool increasing accessibility of elections. In Estonia almost 80% of the 1,3 million population have got ID documents with qualified certificate (comparing to Poland, with 38 million citizens, only about 20 thousand certificates have been issued22). Thus, costs incurred to create an internet voting system parallel to the traditional one seem incommensurate with the result obtained, i.e. less that 5,4% of votes cast via the Internet.

  1. Irregularities in Electronic Voting

Charges concerning falsification of election or possible irregularities in electronic voting have been raised several times in the USA and in other countries where elections are supported by voting machines (Holland, Ireland, Italy).

Examples of irregularities occurring during electronic voting presented below indicate that lack of certainty concerning precision of calculated ballots, suspicions of manipulation with voting results and lack of transparency of voting procedures have still been a standard rather than an exception. In case of doubts, verification of voting results (recalculating) is seriously hindered.

Clinton Curtis Case

In 2000 an American programmer Clinton Curtis23 was commissioned by Yang Enterprises - a producer of voting machines - to create a trojan type of software used for untraceable falsification of results collected by a particular machine. Curtis published a statement on this issue in December 2004.

Cosmic Rays?

In May 2003 during voting with DigiVote voting machines in Belgium one of candidates received extra 4 thousand votes not cast by any voter. Officially this phenomenon has been explained by a "random spontaneous bit inversion" in a counter in computer memory for reasons that were not explained - later it was also explained by operation of cosmic rays24.

Report of Scientists Concerning Diebold Machines

In September 2003 a SAIC25 commission appointed by the state of Maryland published a report indicating numerous problems with security of DIEBOLD machines26.

Journalists and Sources

In 2003 Bev Harris, a journalist, found on DIEBOLD website source code of AccuVote TS 4 voting machines. In summer 2003 a group of scientists (including a renowned cryptologist Avi Rubin), having analysed the disclosed code published a bulky report in which they revealed severe flaws in security of elections and privacy of voters27.

Random Number Generator

The 2004 independent audit of Belgian DigiVote software revealed several programming errors, including errors in random number generator, which could violate voters' privacy28.

Belgian Reports

In 2004 two Belgian associations - Pour EVA and Université Libre de Bruxelles published statements concerning electronically supported voting in Belgium. The first association criticised the fact of making democratic election depend on honesty of one private company. The second association indicates that occurrence of errors in voting machines is still possible, despite declarations of producers submitted prior to elections29.

4,4 Thousand Votes Lost

In 2004 in Carteret county, North Carolina, 4,4 thousand votes were irrevocably lost by UniLect Patriot voting machines with just updated producer's software30.

Controversial Presidential Elections in the USA

The 2004 presidential elections in the USA raised much controversy in connection with reported and alleged irregularities in operation of electronic voting systems31.

No Guarantee from a 52 Million Euro System

In 2004, preparing for European Parliament elections, Irish authorities bought NEDAP voting machines for EUR 52 million. Later, under pressure of non-governmental organisations and opposition, Commission on Electronic Voting (CEV32) has been appointed, whose job was to assess the selected solution. The Commission decided that the system did not guarantee secrecy and precision of voting required by electoral ordinance, and therefore use of the system in elections was abandoned. From that time on, about EUR 800 '000 are spent annually for maintenance of useless machines33.

Demonstration of Fraud

In June 2005 Jon Sancho, poll watcher in Leon county, Florida, with Harry Hursti, expert, demonstrated voting fraud in practice on DIEBOLD voting machines with appropriately fixed voting cards. According to the producer such fraud was supposed to be impossible34.

Great Britain Abandons Plans of Introduction of E-Voting

In September 2005 the government of Great Britain declared it abandoned plans of introduction of remote voting via the Internet and through SMS, justifying it with bigger costs and bigger risk of abuse than in case of traditional voting, bigger even than in case of voting by mail35.

We Will Not Show Source Codes

In December 2005 DIEBOLD refused to submit source codes of their voting machines to commission appointed by the state of North Carolina in order to perform an independent audit36.

Polish Science and E-Voting

In June 2006 in Freiburg the team lead by professor Mirosław Kutyłowski37 demonstrated methods of viral attacks on software for casting ballots via the Internet, so that in a manner imperceptible for voters and without generating additional communications information about the cast vote were available for the hacker. The attack concerned renowned cryptographic protocols that were considered to be secure38.

Testing Procedures and Certification

In summer 2006 American Election Assistance Commission deprived Ciber Inc. of their certification. The company dealt with security testing of American voting systems. The reason for revoking of certificates was negligence in testing procedures that guarantee voting honesty. However, the decision on revoking certificates has been made public only in January 200739.

Unauthorised software

In August 2006 the Open Voting Foundation40 revealed that DIEBOLD voting machines enable to easily load unauthorised software41.

Scientists Make Movies Showing Discredit of Voting Machines

In September 2006 a team lead by professor Ed Felten from Princeton University published an extensive report concerning security of DIEBOLD AccuVote-TS voting machines, prepared on the basis of analysis of a manufactured machine, without access to source code. The team indicated several errors in security that made it possible to, among others, install in machines unauthorised software that modified voting results42.

Anonymous Sources Provide Disks

In October 2006, Cheryl C. Kagan, an activist employed in Freeman Foundation (earlier connected with Clinton's administration) received from anonymous source a source code of DIEBOLD BallotStation voting machines' software with a note criticising security of these systems and producer's policy. Sending disks to foundation lead to initiation of FBI investigation43.

Installation of Unauthorised Software in TV

In October 2006 Dutch association WVSN44 demonstrated in a TV show installation of unauthorised software and falsification of voting results in NEDAP voting machines45.

Which Country Controls Voting Process?

In November 2006 Washington Post published an article indicating that the owner of Smartmatic company which produces popular Sequoia voting machines is Venezuelan group called Bizta, which in turn is owned in 30% by Venezuelan government. This raised doubts concerning possible manipulation of voting results, which could be performed this way by Venezuelan government, openly hostile towards the USA46.

Lawsuit After Last Election to the USA Congress

On 29 December 2006 American court refused Christiane Jennings the right to inspect source code of machines used in e-voting in last elections to Congress in some counties of Florida, justifying it with necessity to protect the producer's trade secret. Christiane Jennings justified her request with extremely high number of empty ballots, which according to her suggests that machines "lost" some ballots. In these elections the Republican candidate, Vern Buchanan, won with only 369 votes more. The subject of the dispute are touchscreen voting machines that were used during voting in Sarasota county. In this county 18000 empty ballots were found (almost 15%), much more than in parallel elections to Senate and to the post of governor of the state47.

Organisations keep documenting

Only selected cases have been described above, in reality they were much more numerous:

The Campaign for Verifiable Voting in Maryland association documented several hundreds of cases of lost ballots or irregularities in voting results and several thousands of cases of freezing of, restarting of or lack of possibility to start voting machines in the USA in 2002-2006 period. As a result, thousands hours of work of electoral committees were lost48.

The Voters Unite association documented numerous cases of lost ballots and other flaws in voting machines of nine producers used in the USA - ES&S, Diebold, Sequoia, MicroVote, AVS/WINvote, Hart Intercivic, Unilect, Danaher, VTI. Almost all of them had security certificates required by law49.

With Bugging Scandals in the Background

This part is concluded with a remark concerning well-known scandals concerning confidentiality of electronic communications, which involved even such governments as government of Greece - a cradle of democracy. Thanks to bugging interfaces placed in Ericsson switchboards unknown perpetrators listened in to conversations held via mobile phones of Greek Prime Minister Kostas Karamanlis, several members of his cabinet, politicians of opposition and numerous entrepreneurs. Conversations of head of Greek Ministry of Foreign Affairs were listened in, and the list of bugged numbers included one belonging to the USA Embassy in Athens. Over 100 persons were bugged for one year. The perpetrators were not found. This case proves that in e-world it is extremely difficult to obtain a really confidential channel of remote electronic communication50.

  1. Lobbing of Producers of Voting Machines in Poland

The market of voting machines is nowadays just like any other market and strong competition makes producers fight fiercely for outlets. However, interest of these companies does not justify interference in such an important institution of a democratic country as general elections. This concerns in particular law-making bodies in Poland, which have been and will be subject to intensified lobbing aiming at showing real or alleged advantages of e-voting, omitting its disadvantages.

Primary European Referendum in Głuchołazy

In 2003 during primary European Referendum in Głuchołazy, companies: SAS Institute, Diebold Polska, Ośrodek Badań Wyborczych [Centre for Electoral Studies], Polska Grupa Badawcza [Polish Research Group] and MP Tadeusz Jarmuziewicz from PO presented Diebold AccuVote-TS voting machine. Marcin Palada from OBW: "Polish electoral ordinance is outdated and does not permit e-voting. Our voting system requires thorough reconstruction - it is still a heritage from previous era. We do not mean only technological novelties - the system is inefficient in terms of efficiency of a machine. I have high expectations with the coalition ready to gain power. Perhaps e-voting could be introduced already in four years time"51.

Proposition of Integration within e-PUAP

In 2004 consortium of companies: McKinsey and Infovide proposed introduction of voting via an Internet portal (PUB.O.17) within e-PUAP project. According to McKinsey's calculations, administration was supposed to save PLN 5,9 million, and voters - PLN 23,9 million, yet this calculation seems unreliable, as cost of creation and maintenance of e-voting system as well as costs of authentication at the voters' side, e.g. qualified signature , were not included at all52.

Let Us Show Candidates Machines in Their Voting Places

In October 2005 in two voting places in Warsaw and Sopot, iPOS voting machnes produced by Wincor Nixdorf with software by Suport were presented. The initiator of this experiment was Polska Grupa Badawcza. Most probably it was not a coincidence that such electoral commissions were chosen in which two candidates for the post of President: Lech Kaczyński i Donald Tusk were to vote in these presidential elections53.

How Did Voting Via an Internet Portal Found Its Way to a Note from a Meeting of the Council of Ministers?

In a note describing meeting of the Council of Ministers that was held on 1 August, when the Council of Ministers accepted the decree concerning the Plan of IT Development of the State for 2006, "voting via an Internet portal" was mentioned, although the Plan of IT Development of the State for 2006 itself does not mention such voting54.

A Commentary to Voting in Brazil

In October 2005, taking opportunity of commenting elections in Brazil, Unisys Polska presented their voting machines55.

Conference Presentations

In February 2006 during the Computerworld conference "Państwo w mikro i makroskali" [Micro and Macro scale of the State] Dutch NEDAP voting machines were presented56.

Let Us Do Some Testing in Częstochowa

In April 2006 the Municipality of Częstochowa organised test voting with use of NEDAP voting machines57.

  1. Conclusions

Taking the above into consideration, Internet Society Poland believes that:

It is in the interest of Polish democracy to keep hitherto system of direct elections, held in voting locations, without introducing experiments with voting via the Internet.

Application of IT systems in electoral procedure should be limited to auxiliary functions, such as visualisation of elections, which is in the interest of transparency of voting process.

Use of voting machines is unnecessary expenditure and a serious threat for transparency and honesty of voting process.

Investment funds should be devoted first and foremost to streamline procedures of electronic visualisation of results, to additional mechanisms for verification of traditional voting procedures with cryptographic technology (e.g. Punchscan58) and to procedures that enable verification of a ballot cast by a voter.

Inalienable, necessary requirements for any future changes in electoral procedures should be the following: anonymity, secrecy, vote selling made impossible, correctness of results and verifiability of results by voters. Postulates for introduction of e-voting in general elections, including voting via the Internet, cannot ignore current state of the art and threats indicated by scientists59.

We are familiar with examples of groups composed of persons with high technical qualifications who created efficient and secure internet voting procedures within their own group - the most renowned example is the community of creators of Debian system. We believe that experience gathered by such communities and the following growing number of persons understanding all practical procedural requirements connected with such voting will with time lead to creation of generally renowned and proven rules of democracy based on voting via the Internet in general elections. This, however, will be a slow process, including parallel education of voters as well as organisers and administrators of electoral procedure.

Internet Society Poland declares its will to cooperate with everyone interested in development of civic society with use of the Internet. The Internet can be a very convenient tool for leading public debates, including social consultations, it can also be used to make public information available.

Although we are Internet enthusiasts, we believe that it is still too early for electronic voting or voting via the Internet.




This opinion has been prepared by a group of Internet Society Poland members: Marcin Cieślak, Józef Halbersztadt, Krzysztof Kowalczyk, Paweł Krawczyk, Jarosław Lipszyc, Władysław Majewski and Piotr Waglowski as a summary of community discussion held for several last months.

Contact information:

Marcin Cieślak, President of the Management Board of ISOC Polska

saper@isoc.org.pl




Paweł Krawczyk, Member of the Management Board of ISOC Polska

kravietz@post.pl

http://www.isoc.org.pl

1.The Internet Society (ISOC) is a professional membership society with more than 150 organisation and over 20,000

individual members in more than 180 countries. It provides leadership in addressing issues that confront the future of the Internet, and is the organisational home for the groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB). The Polish Chapter can be reached at http://www.isoc.org.pl

2.See table "Porównanie procedur wyborczych w wybranych krajach, z uwzględnieniem zastosowania elektronicznych metod głosowania" [Comparison of voting procedures in selected countries, including electronic voting methods applied], 2 January 2006, http://www.computerworld.pl/artykuly/50398.html; the table takes into account the following parameters: Trust model, Verification, Possibility of adding ballots, Possibility of nullification of ballots, Anonymity level, Selling ballots, Susceptibility to DOS/DDOS attack, Virus threat.

3.in case for elections to Parliament and Senate of the Republic of Poland: article 70, passage 1 of the Electoral Law to Parliament of the Republic of Poland and Senate of the Republic of Poland, Journal of Laws Dziennik Ustaw of 2001 No 46, item 499 as amended

4.article 41, passage 1,ibidem

5.Propaganda slogan from 1946 faked referendum - http://en.wikipedia.org/wiki/Polish_people%27s_referendum%2C_1946

6.According to official results of the Ukrainian Central Election Committee, first round held on 31 October 2004 was won by Viktor Yushchenko with 39,87% votes, while Viktor Yanukovych received 39,32% votes then. Yanukovych won the second election round with 49,42% votes (Yushchenko 46,7%) and became the President elect of the Ukraine. However, these results were far different from the results of exit polls and were not recognised by the opposition nor by OSCE international observers.

7.On 27 November 2005, elections to bicameral parliament of Chechnya were held, which according to the Kremlin were the last stage of formation of legal authorities of the republic. According to initial results they were won by One Russia party, winning over 60% ballots. The elections were not recognised by Chechen separatists who stated they were travesty. See "Czeczenia: wybory pod dyktando Ramzana Kadyrowa" [Chechnya: elections dictated by Ramzan Kadyrov], Ośrodek Studiów Wschodnich, 1 December 2005, http://osw.waw.pl/pub/koment/2005/12/051201a.htm

8.Description of selected cases further in the report.

9.It is also much more difficult to manipulate elections in numerous electoral committees that in a centralised electronic system of ballot collection.

10.Available studies still do not include analyses of influence of the so-called "retention of telecommunication data" on free execution of voting right in possible elections held "via the Internet"; Retention of telecommunication data results from, without limitation, Polish Telecommunication Law, which in article 165 passage 1 provides that: "operators of telecommunication networks or providers of publicly available telecommunication services who process transmission data concerning subscribers and end-users are obliged, due to performance by eligible authorities of tasks and duties for the benefit of state defence and safety as well as public safety and order, to store these data for 2 years...". Ministry of Justice postulated earlier to introduce a 15-year-long period for retention of telecommunication data, which, however, was criticised by the opposition in
Parliament. It is also worth mentioning that in the European Union on 15 March 2006 the controversial Directive 2006/24/EC of the European Parliament and Council concerning retention of data generated or processed in connection with providing generally available services of electronic communications or with availability of public communications networks; and changing the Directive 2002/58/EC. Information concerning retention of telecommunication data are stored at the address: http://prawo.vagla.pl/retencja_danych and others.

11.D. Uhlig, Internet i centra handlowe zwiększą frekwencję? [Internet and Shopping Malls to increase turnout?] 28 October 2005, http://serwisy.gazeta.pl/wyborcza/1,34513,2989687.html; includes the issue of voting by mail and via the Internet: "according to Kazimierz Czaplicki this is not utopia - he estimated the cost of preparation of electronic register of voters necessary for introduction of e-voting to be PLN 1,6 million"; see also A. Stankiewicz, e-wybory czyli głosowanie przez Internet [e-voting, i.e. elections via the
Internet
], Rzeczpospolita, 28 October 2005; the author writes, among others, that "for instance Brits, Belgians, the Swiss, Americans and Estonians already vote via the Internet", which in our opinion is a highly imprecise statement.

12.Komputer jak długopis w wyborach. [Computer as a pen in elections] Życie Warszawy. 29 August 2006. The article also quotes Robert Sobiech, PhD, a sociologist, who indicates studies according to which reasons for low voting turnout do not result only from lack of possibility to access voting places. The article also discusses the idea put forward by the Collegium Cogitantium association (see further)

13.Remote voting was also mentioned by Donald Tusk, president of Platforma Obywatelska party in September 2007, during his voting campaign visit in London.

14.The Polska Młodych association in their materials connected with the campaign for e-voting in Poland (published on website http://www.polskamlodych.pl/) write: "In Poland there are 7 565 006 Internet users eligible to vote. Over 2/3 of them declare they use their voting right. If virtual reality is such a popular medium, why not use it in public life?". Elsewhere: "Solutions suggested by us are based on technologies used by internet banking, which is extremely popular in Poland. Experts say that they are absolutely safe". Further in the report we will show that e-voting is based on different rules than e-banking, and that e-banking is not free from threat, i.e. is not as safe, as representatives of the association would like it to be. The Polska Młodych association is connected with the already referred to Collegium
Cogitantium association.

15.In 2005 local voting in Estonia had turnout of 47% with 1,8% e-votes, while 2007 general voting had turnout of 61% with 5,4% e-votes http://www.vvk.ee/english/Ivoting%20comparison%202005_2007.pdf

16.Estonia, as the only country in Europe, has issued electronic identification cards to more than 80% of its 1,5 million population (http://www.pass.ee/ )

17.Identity stealing, fraudulent acquisition of confidential private information such as password or details of a credit card, e.g. by pretending to be a trustworthy person.

18.P. Krawczyk, Ukradli 3 mln zł przez internet [PLN 3 million stolen via the Internet], 1 March 2006, http://www.idg.pl/news/89746.html; the article also speaks about theft of PLN 3 million from one of Polish banks. Twenty inhabitants of Szczecin were charged in this case.

19.Responsibility of user and bank for unauthorised transactions, including transactions concluded via the Internet, is regulated by the Act of 12 September 2002 r. on electronic payment instruments. If due to insufficient technical security somebody succeeds at committing electronic fraud, clients of banks are entitled to demand return of stolen money from the bank. Only during the week preceding publication of this opinion, media informed about numerous errors in Polish e-banking services: M. Bednarek, PKO BP też mógł mieć problem z hakerami [PKO BP Bank could also have problems with hackers], Gazeta Prawna No 7 (1877) 2007-01-10: "...the bank informed that the described case does not concern PKO Inteligo e-banking, but information bulletin on the bank's internet portal"; M.
Bednarek, Bank Millennium: nasz system jest bezpieczny [Millennium bank: our system is secure], Gazeta Prawna No 6 (1876) 2007-01-09: "...according to iHACK.pl site - it allows to steal information concerning the bank's client who currently uses on-line banking"; Earlier, the Hacking.pl site published reports on flaws in e-banking system of mBank: Bezpieczeństwo klientów mBanku zagrożone! [Security of mBank's clients jeopardised!] , 3 January 2007, http://hacking.pl/6351; mBank reacted to these reports with a statement according to which "provided that certain circumstances occur, there was some possibility for Internet fraudster to use a certain field for fraud purposes, consisting in making it possible to browse the clients' data".

20.See also Report of PSNC Security Team entitled "Bezpieczna" E-Bankowość ['Secure' E-Banking], 20 February 2006, http://security.psnc.pl/reports/e-banking_polska_ssl_report.pdf

21.B. Mason, Voting scandal mars UK election, 5 April 2005, http://news.bbc.co.uk/2/hi/uk_news/4410743.stm

22.See opinion of ISOC Polska concerning barriers for electronic signature in Poland of 18 May 2006, http://www.isoc.org.pl/bariery_podpisu_elektronicznego

23.Clint Curtis, entry in Wikipedia, the Free Encyclopedia: http://en.wikipedia.org/wiki/Clint_Curtis

24.Electronic Voting Random Spontaneous Bit Inversion Explained, http://wiki.ael.be/index.php/ElectronicVotingRandomSpontaneousBitInversionExplained, see also RAPPORT CONCERNANT LES ÉLECTIONS DU 18 MAI 2003, http://www.poureva.be/IMG/pdf/RapportExpert20030605.pdf and Le Ministre DEWAEL reconnait la faillibilité du vote électronique grâce a un rayon cosmique complice! Zoé GENOT (Ecolo) nous communique sa question orale au Parlement, "en-GB">http://www.poureva.be/article.php3?id_article=36

25.Science Applications International Corporation, http://www.saic.com

26.Risk Assessment Report Diebold AccuVote-TS Voting System and Processes, September 2, 2003, http://www.verifiedvoting.org/downloads/votingsystemreportfinal.pdf

27.T. Kohno, A. Stubblefield, A. D. Rubin, D. S. Wallach, Analysis of an Electronic Voting System, February 27, 2004; a report published as part of IEEE Symposium on Security and Privacy 2004 and at the website: http://avirubin.com/vote.pdf

28.Report "Both 2003 and 2004 versions of Digivote contain major errors that compromise the anonymity of the voting procedure", http://www.afront.be/lib/vote.html

29.BE: E-elections 2004: Belgium's e-voting operations considered successful, eGovernment News - 16 June 2004 - Belgium - eDemocracy & eInclusion; materials published in European bulletin of the IDABC group on the website http://ec.europa.eu/idabc/en/document/2634/358

30.Response to Jim Dickson's Recent Statements to Authorities, http://www.votersunite.org/info/responsetodickson.asp; Jim Dickson acted then as Deputy President of Governmental Affairs of the American Association of People with Disabilities (AAPD, http://www.aapd-dc.org).

31.2004 United States presidential election controversy, voting machines, entry in Wikipedia, the Free Encyclopaedia: http://en.wikipedia.org/wiki/2004_United_States_presidential_election_controversy%2C_voting_machines

32.Commission on Electronic Voting, http://www.cev.ie

33.Electronic voting in Ireland, entry in Wikipedia, the Free Encyclopaedia: http://en.wikipedia.org/wiki/Electronic_voting_in_Ireland

34.A collection of letters sent by Diebold to Ion Sancho is available on the website: http://www.bbvforums.org/forums/messages/2197/10535.html

35.P. Waglowski, Rząd brytyjski porzuca plany zdalnych wyborów - jeszcze nie czas na e-voting [British government Abandons Remote Voting Plans - Too Early for E-Voting], 8 September 2005, http://prawo.vagla.pl/node/5474; see also a section devoted to elections on the VaGla.pl Prawo i Internet website: http://prawo.vagla.pl/wybory

36.P. Krawczyk, Diebold nie odda źródeł [Diebold will not give sources], 1 December 2005, http://security.computerworld.pl/news/85762.html

37.Documentation connected with work of scientists from Wrocław is available in a dedicated bulletin of Institute of Mathematics and Information Technology of Wrocław University of Technology: http://e-voting.im.pwr.wroc.pl/

38.M. Gogolewski, M. Klonowski, P. Kubiak, M. Kutyłowski, A. Lauks, F. Zagórski, Kleptographic Attacks on E-Voting Schemes, June 2006, http://zagorski.im.pwr.wroc.pl/felippo/papers/Kleptographic_Attacks_on_E-Voting_Schemes.pdf

39.C. Drew, U.S. Bars Lab From Testing Electronic Voting, The New York Times, January 4, 2007: http://www.nytimes.com/2007/01/04/washington/04voting.html

40.Open Voting Foundation, http://openvotingfoundation.org/

41.A. Dechert, Worst ever security flaw found in Diebold TS Voting machine, 6 August 2006, http://openvotingfoundation.org/tiki-read_article.php?articleId=1

42.A. J. Feldman, J. A. Halderman, E. W. Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine; http://itpolicy.princeton.edu/voting/, an integral part of the report is a video movie which shows possibilities of manipulation of voting machines.

43.L. H. Lamone, At the Center of the Election Maelstrom. State Elections Chief Draws Array of Critics, Washington Post, 22 September 2006, http://www.washingtonpost.com/wp-dyn/content/article/2006/09/21/AR2006092101594.html; P. Waglowski, Kody źródłowe maszyn wyborczych Diebolda w rękach demokratów [Source codes of Diebold voting machines in hands of Democrats], 23 October 2006, http://prawo.vagla.pl/node/6761

44.WVSN is an acronym from the name of the group, which is: "Wij vertrouwen stemcomputers niet" (we do not trust voting machines); http://www.wijvertrouwenstemcomputersniet.nl

45.P. Krawczyk, Dziura w komputerach do głosowania NEDAP [Flaw in NEDAP voting machines], 9 October 2006, http://security.computerworld.pl/news/100729.html; NEDAP voting machines hacked, 5 October 2006, http://connect.educause.edu/taxonomy/term/2801; TV reports and other video mateiral devoted to activity of WVSN group are available, for instance on YouTube website, see: AT5 item about SDU newvote voting computer back to use, "en-GB">http://youtube.com/watch?v=DNkdIOKItgk

46.Z. A. Goldfarb, Voting Machine Firm Denies Chavez Ties. Smartmatic Asked for Federal Review; The Washington Post, 31 October 2006, http://www.washingtonpost.com/wp-dyn/content/article/2006/10/30/AR2006103001224.html

47.Judge rules against Jennings, Democrats to seat Buchanan, 29 December 2006, http://www.heraldtribune.com/apps/pbcs.dll/article?AID=/20061229/BREAKING/61229007; see also: P. Waglowski, Po wyborach w USA walka o źródła oprogramowania iVotronic [Battle for source codes of iVotronic software after elections in the USA], 31 December 2006, http://prawo.vagla.pl/node/6922

48.State Board of Election's Documents Detailing Diebold's Questionable Ability to Count Every Vote, http://truevotemd.org/content/view/430/61/

49.Malfunctions and Miscounts, Sorted by Vendor, http://www.votersunite.org/info/messupsbyvendor.asp

50.see P. Waglowski, Jak podsłuchiwano polityków w Grecji [How Greek Politicians Were Bugged], 16 March 2006, http://prawo.vagla.pl/node/6072; for details on similar bugging scandal in Italy see: P. Waglowski, Tąpnięcie podsłuchowe we Włoszech [Bugging Bump in Italy], 29 September 2006, http://prawo.vagla.pl/node/6684 "en-GB">and others

51.A. Maciejewski, Jak to się robi w Głuchołazach [How They Do It in Głuchołazy] , 16 September 2005, http://www.computerworld.pl/news/83131.html

52.A. Maciejewski, Kiedy zagłosujemy przez internet? [When Will We Vote via the Internet?] , 16 September 2005, http://www.computerworld.pl/news/83119.html

53.A. Maciejewski, Warszawa i Sopot głosowały elektronicznie [Warsaw and Sopot Voted Electronically] , 24 October 2005, http://www.computerworld.pl/news/84427.html; P. Waglowski, Elektroniczne testowanie kandydatów na Prezydenta [Electronic Vetting of Candidates for Presidential Elections], 24 October 2005, http://prawo.vagla.pl/node/5659

54.Announcement of the Chancellery of the Prime Minister of 01.08.2006: http://www.kprm.gov.pl/441_18118.htm

55.A. Maciejewski, Brazylia pionierem e-votingu? [Brazil - an E-Voting Pioneer?] 16 September 2005, http://www.computerworld.pl/news/83134.html

56.P. Gamdzyk, Powyborczy e-horyzont [Post-electoral E-Horison], 27 January 2005, http://www.computerworld.pl/news/74883.html

57.A. Gontarz, Częstochowa głosowała elektronicznie [Częstochowa voted electronically], 5 April 2006, http://www.computerworld.pl/news/91529.html

58.See http://punchscan.org/

59.See International Association for Voting Systems Sciences - IAVOSS, http://www.iavoss.org/; see also M. Kutyłowski, F. Zagórski, "Szansa czy zagrożenie - wybory elektroniczne" [Opportunity or Threat - E-Voting], Computerworld, 2 January 2006, http://www.computerworld.pl/artykuly/50392.html

strona: 12 z 12


isoc_stanowisko_wybory_20070110-eng.odt (46.28 KB)
isoc_stanowisko_wybory_20070110-eng.pdf (225.62 KB)