Election Technology and Cyber Security: Standards, Good Practice and Guidelines —
English
 
Subscribe to ACE Newsletter
These topic pages provide a quick overview and easy access to all content that can be found on ACE for any give topic of interest - weather encyclopaedia files, electoral materials, comparative data, consolidated replies, case studies, or other.

ELECTORAL FRAMEWORK

Legal Framework Boundary Delimitation Electoral Systems

ELECTORAL PARTICIPATION

Gender and Elections Parties and Candidates Disability and Elections Media and Elections Civic and Voter Education Direct Democracy

ELECTORAL MANAGEMENT

Electoral Management Cost of Elections

ELECTORAL INTEGRITY

Electoral Integrity Campaign Finance Measuring Electoral Quality Election Observation Electoral Assistance

ELECTORAL OPERATIONS

Voter Registration Voting Operations Voter Identification Results Management Out of Country Voting Elections and Technology Elections and Security
Countries
Encyclopaedia Electoral Materials Comparative Data Election Calendar Observation Portal BRIDGE Extended Learning Latest Updates
Ask the Experts Consolidated Replies Find An Expert Access ACE Practitioners' Workspace
About ACE The History of ACE Contact ACE ACE Partners Practitioners' Network FAQ

Election Technology and Cyber Security: Standards, Good Practice and Guidelines

April 2018

Increasing reliance on complex data management systems in elections has left troves of sensitive information vulnerable to bad actors. Protecting electoral data requires a holistic approach that considers the legal, regulatory, and operational environment in which data management systems are being deployed, not simply the technology being utilized. As part of its ‘Driving Advancements in Transparency and Accountability in Elections (DATA Elections Project), the International Foundation for Electoral Systems (IFES) has been conducting a literature review to identify and collate existing resources on data security in elections.

 

This preliminary resource guide is currently in development and is divided into six categories: 1) current election standards relating to data security; 2) international and regional good practice guidelines; 3) non-election specific information security/cybersecurity frameworks; 4) election observer guidelines for monitoring technology; 5) academic literature; and 6) relevant jurisprudence.

 

This is not an exhaustive list and represents initial research on this topic. As part of the DATA project, IFES is partnering with the ACE Electoral Knowledge Network to collect a living, curated list of resources that will be provided on a dedicated portal on the ACE practitioners website, to ensure there is one place where practitioners and academics can go for resources and discussion on data security in elections. For more information please contact [email protected]

 


Standards 

  1. Universal Declaration on Human Rights (Article 21)
  2. ICCPR (Article 25)
  3. Council of Europe e-voting standards (2017): Section VIII. Reliability and Security of the System
  4. Open Government Declaration (2011)
  5. UN General Assembly Guidelines for the Regulation of Computerized Data Files (1990)
  6. UN Privacy and Data Protection Principles (2016)

 

Good Practice Guidelines: 

  1. IFES and NDI, Implementing and Overseeing Electronic Voting and Counting Technologies (2013)
  2. IFES, Civil and Voter Registries: Lessons Learned from Global Experiences (2011)
  3. IFES, Electronic Voting & Counting Technologies: A Guide to Conducting Feasibility Studies (2011)
  4. IFES, Direct Democracy: Progress and Pitfalls of Election Technology (2010)
  5. International IDEA Electoral Management Design Electoral Technology chapter, “Accountability and Integrity” section (2014)
  6. European Commission and UNDP Procurement Aspects of Introducing ICT Solutions in Electoral Processes: The Specific Case of Voter Registration (2010)
  7. European Commission Methodological Guide on Electoral Assistance Section 3.7: Embracing Appropriate Technology for Electoral Processes (2006)
  8. Council of Europe, E-voting handbook, Key steps in the implementation of e-enabled elections (2011)
  9. Council of Europe, “Guidelines on Certification of E-voting Systems” (2011)
  10. Council of Europe, “Guidelines on Transparency of E-enabled Elections” (2011)
  11. Council of Europe “Recommendation CM/Rec(2017)5[1] of the Committee of Ministers to member States on standards for e-voting” (2017)
  12. Council of Europe “Explanatory Memorandum to Recommendation CM/Rec (2017)5 of the Committee of Ministers to member States on standards for e-voting” (2017)
  13. Council of Europe “Guidelines on the implementation of the provisions of Recommendation CM/Rec (2017) 5 on standards for e-voting” (2017)
  14. European Commission for Democracy through Law (Venice Commission) “Report on the Compatibility of Remote Voting and Electronic Voting with the Standards of the Council of Europe” (2004)
  15. OSCE Guidelines for Reviewing the Legal Framework for Elections (2013), Chapter 15: Use of New Voting Technologies

  

Non-election specific info security / cyber security frameworks

  1. Information Systems Audit and Control Association (ISACA), Information Systems Security Audit: An Ontological Framework (2016)
  2. Information Systems Audit and Control Association (ISACA), COBIT 5 Framework for the Governance and Management of Enterprise IT
  3. NIST: All the 800-series publications are relevant:
  4. Computer Security Resource Center (CSRC) NIST 800-series publications
  5. Computer Security Resource Center (CSRC), Risk Management Guide for Information Technology Systems (2012)
  6. ISO/IEC, Information Technology, Security Techniques, Information Security Risk Management

 

Election observer guidelines 

  1. NDI Monitoring Electronic Technologies in Electoral Processes (2007)
  2. OSCE/ODIHR Handbook for the Observation of New Voting Technologies (2013)
  3. OAS Observing the Use of Electoral Technologies: A Manual for OAS Electoral Observation Missions (2010)
  4. Carter Center, Handbook on Observing Electronic Voting (2nd Edition, 2012)

 

Academic literature 

  1. Yale, The Law of Cyber Interference in Elections (2017)
  2. International Conference on System Sciences (ICSS), IT Governance: Reviewing 17 IT Governance Tools and Analyzing the Case of Novozymes A/S
  3. Nik Erleigh, University of Liverpool, "A Proposed Framework For Technology Selection In Order For Developing Countries To Execute Election Operations Efficiently" (2008)

 

Jurisprudence 

  1. Austria: Constitutional Court, Judgment of 13 December 2011 regarding the 2009 Federal Students’ Elections (V86-96/11)
  2. Estonia: Constitutional Review Chamber, Judgment of 1 September 2005, regarding Petition of the President of the Republic (3-4-1-13-05)
  3. Finland: Supreme Administrative Court, Judgment of 4 September 2009, regarding Finnish Municipal Elections 2008 (687/1/09)
  4. Germany: Federal Constitutional Court, Judgment of 3 March 2009 regarding the 2005 Federal Bundestag elections (2 BvC 3/07, 2 BvC 4/07)

 

Document Actions