From Certification and Audit to Disclosing the Source Code: Can Public Intrusion Tests Enhance Trust in Election Technology?

The introduction of technology in electoral processes poses different challenges: from guaranteeing secret suffrage to how Electoral Management Bodies (EMB) are growing dependent on private vendors, and including how to ensure that technologies work in the way that they are expected to. When the technologies introduced allow voters to cast a vote from a non-controlled environment, the stakes are even higher because the EMB cannot guarantee that the devices used to cast a vote are not infected with malware. In the case of Internet voting (i-voting), end-to-end encryption and verifiability mechanisms have been suggested to tackle some of these challenges. But how can these mechanisms be, in turn, verified? Disclosing the source code for public audit, as it was done in Norway already in 2011, is one possibility. For this reason, several countries introducing i-voting (including Estonia, Switzerland and Australia) have adopted it. In 2019, Switzerland went a step further and, to certify a new system, the authorities organised a Public Intrusion Test (PIT): a mock election in which any third party could try to hack into the system. While the exercise was aimed at enhancing trust in i-voting, it may well have had the opposite effect. In this context, the paper analyses how different countries have set up requirements for the publication of i-voting solutions’ source code and for the conduct of a PIT. Adopting an interdisciplinary perspective drawing from political science, computer engineering and cryptography, we identify common challenges in these experiences and best practices for future ones.