To preserve the secrecy of the vote, the user-generated four-digit control code should
be eliminated, and the voter register component of the system should be separated
from the voting component.

Audits should be conducted at various stages of the process to ensure that adequate security procedures are being followed by local authorities.

Usability of voting machines should be improved, and more extensive voter education efforts should be conducted.

The OSCE/ODIHR recommends that the NEC review the process of counting internet
votes and announcing the results to ensure that all devices used are subject to adequate
security measures.

The OSCE/ODIHR recommends that in addition to the audits of the process now
conducted, all components of the system, including the source code, should be audited by an independent body in accordance with publicly available specifications, with all reports made public.

The OSCE/ODIHR recommends that monitoring and response to potential threats coming from the internet should be more systematic and include a plan to deal with such threats, with well-defined roles for each institution. In addition, the monitoring of the Vote Storage Server should be improved to provide greater assurance that no unauthorized access via the internet has affected the integrity of the data.

The OSCE/ODIHR recommends greater participation of parties and civil society in monitoring of the internet voting system to provide an opportunity to identify potential weaknesses and security concerns. The OSCE/ODIHR further recommends consideration of a more defined division of duties among the staff implementing internet voting such that no one person would be involved with the entire process.

A transparent process of testing and certifying voting systems should be required to
ensure integrity of voting systems.

Consideration should be given to the design of electronic voting equipment so that a
change or error in its software would not cause an undetectable change or error in the
voting results. This, for instance, can be ensured by using a voter-verifiable paper audit
trail or cryptography measures.

DREs and optical scan machines should be arranged in polling stations in a way to ensure the secrecy of the vote.

The trend towards the use of new voting technologies which use either VVPATs or hand- or computer-marked paper ballots is positive. Authorities could consider adopting federal legislation for the mandatory use of a paper trail in elections, including federal standards on mandatory hand-recounts of paper ballots and VVPATs.

Ensuring public funding of evaluation would enhance the credibility and independence of the certification process.

Before starting projects on remote electronic voting, federal evaluation and certification of remote electronic voting products should be intensified prior to public test or even use. Pilot projects should be given the necessary time and financial resources to be tested comprehensively to ensure reliability, security and integrity.

It is recommended that for internet voting, a body with the power to oversee internet voting is formalized. The authorities could determine the distribution of roles and responsibilities between stakeholders involved in internet voting.

The election authorities could consider producing and publishing command level protocols and appropriate instructions for installing and configuring all hardware and software components.

In order to enhance the integrity of the overall internet voting process, it is recommended that the printing process of polling cards be further tested and improved, allowing enough time for proper testing.

It is recommended to establish clear criteria for determining invalid votes in the electoral framework and that procedures are updated to ensure timely detection thereof.

It is recommended that strict separation of duties is defined and documented at all levels, and included in the electoral regulatory framework.

It is recommended that the ministry continues to improve the encryption model in order to further tighten the security and secrecy of the vote as well as to reduce complexity in set-up, configuration and testing.

It is recommended that election authorities consider collaboration with relevant agencies actively engaged in providing monitoring and general security of the internet connectivity and, include entities that own and operate major parts of the internet backbone in Norway.

The election authorities could consider delegating formal certification of the internet voting software to an independent competent third party to further increase accountability and transparency.

In order to formalize and ensure adherence to events in the conduct of elections, and in order to provide further transparency of internet voting, the election authorities could prepare a detailed election calendar in advance of the election period.

It is recommended that the election authorities conduct a full review of the impact of return codes on the security and secrecy of the vote, as well as the timeliness of the universal verification of the count, with the aim to allow for full end-to-end verifiability of elections.

In order to comply fully with paragraph 8 of the 1990 Copenhagen Document, the OSCE/ODIHR reiterates its recommendation that the electoral legislation should be amended to allow explicitly for international and domestic non-partisan observers. This should include specific provisions to ensure effective observation of internet voting.

In order to ensure data protection standards are adhered to, it is recommended that a formal procedure be developed on how to dispose of electronically stored personal data.