With a view of enhancing accountability of the internet voting process, a unified document containing all command-level procedural and operational details could be published in good time before elections.

It could be considered to establish by law clear, formal certification requirements, timelines as well as specifying procedural and operational aspects of such a certification process.

It is recommended that any procurement process for internet voting systems be conducted in the most transparent way possible, including tender documentation, and that feedback from political parties and the public be incorporated in future procurement documents for the internet voting system.

Consideration could be given to introducing measures to permit voters to recast their votes in case of error and to limit possibilities of voter intimidation.

Given that weak Estonian language skills may present an obstacle to national minorities’ participation in the election process, OSCE/ODIHR recommends that consideration is given to offering the Internet voting application in Russian and expanding the amount of information on voting procedures available in Russian.

The OSCE/ODIHR recommends that further measures are taken to enhance the transparency of the Internet voting process, possibly through providing additional materials and training that are readily comprehensible by all interested actors and the public even without special knowledge of IT.

It is recommended that an operation manual is consolidated in a single comprehensive
document and describes all Internet voting procedures.

The OSCE/ODIHR recommends that the NEC formalizes a disaster recovery plan for the case of system failure. This could include a mirrored operation in two data centres.

Consideration should be given to introducing legal provisions to bring specifications of
processing, storing and destruction of the data and equipment used in Internet voting in
compliance with the Personal Data Protection Act.

It is recommended that no maintenance of the Internet voting system servers is performed from the start to the end of the Internet voting process.

The OSCE/ODIHR recommends that the NEC issues formal reports on testing of the Internet voting system and publishes them on its website in order to further increase transparency and verifiability of the process.

The OSCE/ODIHR recommends that legal provisions with regards to all stages of the Internet voting, including conditions for invalidation of the Internet voting results, are further detailed and consolidated in the law.

To maintain the high public confidence in internet voting, further efforts should be made to exchange good practice amongst cantons, explain technical and operational elements, and ensure appropriate safeguards for transparency and accountability. The Federal Chancellery, possibly through the internet voting task force, could take a leading role in communicating information to political parties, civil society, and the general public.

In order to meet legal requirements and to ensure the integrity of internet voting systems, an independent body should be established to certify all systems, including through independent, third-party testing. Clear, written, and testable standards on certification should be developed and regularly reviewed and updated as the basis for the independent body’s work, covering such issues as security, transparency, reliability, ease of use, and protection of the secrecy of the vote.

It is recommended that all cantons adhere to good practice when handling cryptographic material, which provide that the private key be generated at a public meeting and that the key be divided in separate parts and shared by at least two people who are unlikely to collude. Preferably, this key should be generated and stored using secure cryptographic media (such as a smartcard). Essential procedures, such as the decryption of internet votes, could also take place at public meetings.

Most cantons already use a tamper-evident overlay to shield the password assigned to each voter. Adoption of this approach by all cantons would enhance security, as well as the secrecy of the vote.

The highest level of security available should be used for encryption and transmission of electronic votes to ensure the integrity of the process and the secrecy of the vote. The authorities should conduct a review of state-of-the-art cryptographic methods for internet voting with a view to addressing any potential security weaknesses in the systems.

The practice of printing polling cards should be reviewed to ensure security of sensitive data and protect against possible use of voter credentials by unauthorized individuals.

Regulations for internet voting should be further detailed in the law. This could include clarifying provisions regarding the procedural steps for internet voting, standards for cryptographic methods, testing requirements, operational duties and responsibilities, certification requirements, and aspects of law governing hosting by other cantons or outsourcing to private companies.

It is recommended that the election authorities conduct a full review of the impact of return codes on the security and secrecy of the vote, as well as the timeliness of the universal verification of the count, with the aim to allow for full end-to-end verifiability of elections.

In order to formalize and ensure adherence to events in the conduct of elections, and in order to provide further transparency of internet voting, the election authorities could prepare a detailed election calendar in advance of the election period.

The election authorities could consider delegating formal certification of the internet voting software to an independent competent third party to further increase accountability and transparency.

It is recommended that election authorities consider collaboration with relevant agencies actively engaged in providing monitoring and general security of the internet connectivity and, include entities that own and operate major parts of the internet backbone in Norway.

It is recommended that the ministry continues to improve the encryption model in order to further tighten the security and secrecy of the vote as well as to reduce complexity in set-up, configuration and testing.

It is recommended that strict separation of duties is defined and documented at all levels, and included in the electoral regulatory framework.