--- _id: '5621' abstract: - lang: eng text: Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we examine the public record of three recent elections that used Internet voting. Our specific goal is to identify any potential flaws that security experts would recognize, but may have not been identified in the rush to implement technology. To do this, we present a multiple exploratory case study, looking at elections conducted between 2006 and 2007 in Estonia, Netherlands, and Switzerland. These elections were selected as particularly interesting and accessible, and each presents its own technical and security challenges. The electoral environment, technical design and process for each election are described, including reconstruction of details which are implied but not specified within the source material. We found that all three elections warrant significant concern about voter security, verifiability, and transparency. Usability, our fourth area of focus, seems to have been well-addressed in these elections. While our analysis is based on public documents and previously published reports, and therefore lacking access to any confidential materials held by electoral officials, this comparative analysis provides interesting insight and consistent questions across all these cases. Effective review of Internet voting requires an aggressive stance towards identifying potential security and operational flaws, and we encourage the use of third party reviews with critical technology skills during design, programming, and voting to reduce the changes of failure or fraud that would undermine public confidence. author: - first_name: Guido full_name: Schryen, Guido id: '72850' last_name: Schryen - first_name: Eliot full_name: Rich, Eliot last_name: Rich citation: ama: 'Schryen G, Rich E. Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \& Security. 2009;4(4 Part):729-744.' apa: 'Schryen, G., & Rich, E. (2009). Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \& Security, 4(4 Part), 729–744.' bibtex: '@article{Schryen_Rich_2009, title={Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland}, volume={4}, number={4 Part}, journal={IEEE Transactions on Information Forensics \& Security}, publisher={IEEE}, author={Schryen, Guido and Rich, Eliot}, year={2009}, pages={729–744} }' chicago: 'Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \& Security 4, no. 4 Part (2009): 729–44.' ieee: 'G. Schryen and E. Rich, “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland,” IEEE Transactions on Information Forensics \& Security, vol. 4, no. 4 Part, pp. 729–744, 2009.' mla: 'Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \& Security, vol. 4, no. 4 Part, IEEE, 2009, pp. 729–44.' short: G. Schryen, E. Rich, IEEE Transactions on Information Forensics \& Security 4 (2009) 729–744. date_created: 2018-11-14T14:06:44Z date_updated: 2022-01-06T07:02:12Z ddc: - '000' department: - _id: '277' extern: '1' file: - access_level: open_access content_type: application/pdf creator: hsiemes date_created: 2018-12-18T13:16:07Z date_updated: 2018-12-18T13:16:07Z file_id: '6316' file_name: JOURNAL VERSION.pdf file_size: 1544790 relation: main_file file_date_updated: 2018-12-18T13:16:07Z has_accepted_license: '1' intvolume: ' 4' issue: 4 Part keyword: - e-voting - Internet voting - Internet election - security - verifiability - RIES - Estonia - Neuch{\^a}tel language: - iso: eng oa: '1' page: 729-744 publication: IEEE Transactions on Information Forensics \& Security publisher: IEEE status: public title: 'Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland' type: journal_article user_id: '61579' volume: 4 year: '2009' ...