Internet Voting: Structural Governance Principles for Election Cyber Security in Democratic Nations

Document Type


Publication Date


Publication Title

Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies


internet, voting, elections, governance, transparency, security, assurance, integrity, cybersecurity, mitigations, threats


In Europe, the U.S., and Asia, political and market forces seek expanded use of the Internet for voting and election administrative functions. Governmental responses have differed, but commonly governments omit qualified computer security experts from exercising decisive weight in policy decisions. Given its current architecture and engineering, however, the Internet generally provides neither high assurance data security and integrity, nor reliable information transmission protected from denial of service and other attacks. Nevertheless, pressures to expand Internet-based election functions have intensified. This paper explores the foundational questions and features of a governance system that has the capacity to safeguard democratic elections where Internet-facing technologies will be deployed. The paper recommends that each nation include a policy board with appropriate computer and network security expertise, election administrative knowledge, and public accountability and transparency structures that mandate end-to-end auditability. It further recommends that the national regulatory apparatus not rely predominantly on issuance of rules and technical standards to be met, or particular product design. Owing to dynamic cyber threat environments, the board--whose majority should consist of computer and network security professionals--should issue particularized decisions. They should assess whether an election office proposal for using Internet transmissions for a specified election task is prudent in light of all factors relevant to security based on layered defense. Democratic nations should collaborate in alerting one other to election information system threats and attacks, for mutual aid and maximally robust mitigations.


Original URL