“Internet Voting: Formulating Structural Governance Principles for Elections Cybersecurity”

Candice Hoke has posted this draft on SSRN. Here is the abstract:

    In Europe, the U.S., and Asia, political and market forces seek regulatory approval for Internet-based voting and electoral administrative tasks. Governmental responses have differed, but commonly governments omit Internet and computer security experts from exercising decisive weight in such policy decisions. Given its current architecture and engineering, the Internet provides neither high assurance data security and integrity, nor reliable information transmission protected from denial of service and other attacks. Nevertheless, pressures to expand Internet-based election functions continue. This paper proceeds from the premise that democratic nations have not yet posed the question of what foundational features should be required in an elections governance system that is using (or is pressured to deploy) computer and network technologies. The paper submits that election administrative policy decisions are gravely affected by an information gap regarding both Internet security risks and the availability of effective mitigations for these risks. The paper recommends disaggregating election tasks so that nuanced policy decisions can issue approving the Internet and other computer technologies for specific electoral tasks. It presents seven core understandings that election policymakers must master for capacity to evaluate the relative risks and benefits of proposed computer-based election technologies, including the Internet. It reviews exemplar vendor claims and marketing strategies that misinform policymakers, leading to porous balloting and the possibility of skewed or fraudulent election results. The risks to and profound need to safeguard democratic legitimacy where critical functions are conducted on computers or the Internet thus warrant transnational elections regulatory reassessment. The paper concludes by recommending that revised governance structures incorporate three fundamental principles: expertise in computer and network engineering and security, as well as election administration; transparency and public accountability, in order that the election system and reported results have legitimacy; and transnational cooperation among democratic republics, to facilitate prompt mitigations and criminal prosecution for attacks on election information systems.

Share this: