Just as is the case with manual voting systems, e-voting systems have to able to be audited, i.e. it must be possible to examine the processes used to collect and count the votes and to re-count the votes in order to confirm the accuracy of the results. The greatest danger to e-voting systems is if external interference on systems is possible and can go undetected affecting the results of the voting. This is why independent and extensive security monitoring, auditing, cross-checking and reporting need to be a critical part of e-voting systems.
There are different mechanisms to audit an e-voting system. Some systems include a so-called ‘voter verified audit trail’ (VVAT), also known as ‘voter verified paper ballots’. These systems include paper records of the vote, which have been verified by the voter at the time of casting the vote and can be used for a recount at a later date. VVAT can only be used in non-remote e-voting systems (polling place e-voting), since the voter has to be physically present at the place where his/her vote is actually recorded and printed for control.
Other e-voting systems include a ‘voter verifiable audit trail’. The difference between the first systems and the latter is that in the first case, it is mandatory that the voters check their vote before they cast it. In the second case, voters may check their vote but they don’t have to. In some systems, the ballots are printed only after they have been cast and are stored in a closed area. These ballots can also be used for a recount. But it has to be noted that the voters did not verify these printed ballots.
Other systems include the disclosure of the source code and/or documentation on the e-voting system, so that voters or / and representatives of political parties and civil society organizations have the opportunity to examine its accuracy.
Whichever approach to auditing is chosen, it is crucial that the e-voting system has audit facilities for each of the main steps of the voting operation (voting, counting). The audit system should also provide the ability for independent observers to monitor the election or referendum (without revealing the potential final count/result). The audit system has to be able to detect voter fraud and provide proof that all counted votes are authentic.
Audit systems by their very nature gather a lot of information. However, if too much information is kept, the secrecy of the vote may be compromised. A voting audit system should maintain voter anonymity and secrecy at all times. In all cases the information gathered by the audit system has to be protected against unauthorized access.
Next: Opportunities, risks and challenges of e-voting
