In this paper, we aim at finding a cultural explanation of the controversy around the introduction of electronic voting, especially Internet voting. In her PhD thesis, Martijntje Smits (2002b) argues that controversies surrounding the introduction of new technologies can often be explained in terms of a clash between cultural categories. Whereas traditional cultures may for example see twins as an unacceptable mixture between human and animal that has to be destroyed, we may think of genetically manipulated food as an unacceptable mixture of nature and culture. These "monsters" come into being when cultural categories are inadequate to fit new phenomena. We argue that Internet voting can be considered a "monster" that does not fit the two separate categories of democracy and technology. Whereas some proponents of Internet voting are fascinated by the clashing categories and embrace the monster, others do everything to expel the monster by claiming the impossibility of implementing a secure Internet voting system. A third approach is to adapt the monster to existing categories. Examples of this strategy in electronic voting are the inclusion of a paper trail in electronic voting machines, and limiting the implementation of Internet voting to citizens staying abroad, who were already allowed to vote via postal ballots. The fourth strategy that Smits mentions, and which she characterises as the most promising one, is a pragmatic assimilation, in which both the technology and the cultural categories are being adapted. We argue that such an approach is advisable to avoid the irreconcilable positions of monster embracing and monster expelling, and the limitations of monster adaptation. This seems to be relatively easy in cultures where the cultural separation of democracy and technology does not have a long tradition, such as Estonia.
In this paper, we discuss one particular feature of Internet voting, verifiability, against the background of scientific literature and experiments in the Netherlands. In order to conceptually clarify what verifiability is about, we distinguish classical verifiability from constructive veriability in both individual and universal verification. In classical individual verifiability, a proof that a vote has been counted can be given without revealing the vote. In constructive individual verifiability, a proof is only accepted if the witness (i.e. the vote) can be reconstructed. Analogous concepts are de- fined for universal veriability of the tally. The RIES system used in the Netherlands establishes constructive individual verifiability and constructive universal verifiability, whereas many advanced cryptographic systems described in the scientific literature establish classical individual verifiability and classical universal verifiability. If systems with a particular kind of verifiability continue to be used successfully in practice, this may influence the way in which people are involved in elections, and their image of democracy. Thus, the choice for a particular kind of verifiability in an experiment may have political consequences. We recommend making a well-informed democratic choice for the way in which both individual and universal verifiability should be realised in Internet voting, in order to avoid these unconscious political side-effects of the technology used. The safest choice in this respect, which maintains most properties of current elections, is classical individual verifiability combined with constructive universal verifiability. We would like to encourage discussion about the feasibility of this direction in scientific research.
In this paper, we investigate ethical issues involved in the development and implementation of Internet voting technology. From a phenomenological perspective, we describe how voting via the Internet mediates the relation between people and democracy. In this relation, trust plays a major role. The dynamics of trust in the relation between people and their world forms the basis for our analysis of the ethical issues involved. First, we consider established principles of voting, confirming the identity of our democracy, which function as expectations in current experiments with online voting in the Netherlands. We investigate whether and how Internet voting can meet these expectations and thereby earn trust, based on the experiments in the Netherlands. We identify major challenges, and provide a basis for ethical and political discussion on these issues, especially the changed relation between public and private. If we decide that we want to vote via the Internet, more practical matters come into play in the implementation of the technology. The choices involved here are discussed in relation to the mediating role of concrete voting technologies in the relation between citizen and state.
This report deals with the testing of eSTV software from ERS, Electoral Reform Services. The purpose of the test is to determine the conformance of eSTV to the WIG-rule [1]. In order to determine conformance we have created a new implementation of the rule in the functional programming language Clean [4]. Since this language uses a different programming paradigm and the implementation is made completely independent from the software to be tested it is extremely unlikely that both implementations contain the same error. Testing is done by computing the election result for a given set of votes with both programs. The results of both programs are compared to the level of votes numbers after each selection and elimination step in the algorithm. This has shown to be a very sensitive test for very small variations in the algorithm used in the programs. These tests are executed for 808 standard test cases. These test cases are partly handcrafted or the vote distributions in real elections for similar voting rules. Each of these sets is computed with 4 different elimination orders. In addition the results of 5000 generated data sets and a number of hand crafted data sets covering border situations in the algorithm are compared. Both test sets have shown to be very effective to identify even the smallest changes in the algorithm to compute the result of the election. Testing of preliminary versions of eSTV showed some small inaccuracies in the program as well as some small space for different interpretation of the rules. The Scottish Executive provided the final interpretation of the rules (as detailed in section 7.1) and all test where repeated for eSTV version 2.0.16. In these final tests there was an exact match for each of the 4 × 808 + 5000 = 8232 test cases.