FAQs about e-voting

Electronic voting consists in the casting of votes by electronic means rather than traditional means such as paper ballots or postal ballots.

2 – What are the types of electronic voting?

For large electoral rolls, the cost per voter in e-voting is lower than the cost per voter in traditional voting due to the economies of scale present in e-voting. With electronic voting, as the size of the electoral roll increases, the cost per voter decreases.

5 – Where is electronic voting currently being used?

Electronic voting is currently being used by many governments worldwide to carry out binding public elections (e.g., Switzerland, Finland, Brazil, United States, Australia, etc.). Additionally, many private sector organizations also use electronic voting in their internal electoral processes (e.g., labor union elections, shareholders’ meetings, professional associations, etc.).

6 – Is e-voting secure?

E-voting can be as secure as (or even, in many cases, more secure than) traditional paper-based voting provided that adequate security measures are adopted. Conventional security measures such as firewalls or SSL communications are necessary but not sufficient to guarantee the specific security requirements of e-voting. Besides these conventional security measures, it is also necessary to implement an additional layer of specialized security technology to address the specific risks posed by electronic voting and guarantee critical security requirements such as voters’ privacy, vote integrity and voter-verifiability.

FAQs about Scytl

Scytl Secure Electronic Voting (Scytl) is a software company specializing in the development of secure electronic voting solutions. Scytl has developed special cryptographic protocols to provide electronic voting with the highest standards of security, privacy and trust.

8 – What is Scytl’s background?

Scytl was formed in 2001 as a spin-off from a leading research group at the Autonomous University of Barcelona that had pioneered the research of security solutions for the electronic voting industry since 1994. This scientific group produced the first two European PhD theses on electronic voting security and numerous international publications in the field of application-level cryptography and e-voting. Scytl has capitalized on these 12+ years of research experience to develop groundbreaking cryptographic protocols to provide security to e-voting.

9 – Where is Scytl located?

Scytl is a Spanish corporation headquartered in Barcelona and with offices in Singapore and the United States.

10 – Who are Scytl’s shareholders?

Scytl is a privately-owned corporation. Scytl’s shareholders are two Spanish venture capital funds, Spinnaker and Nauta Capital, and a group of individuals, including Scytl’s founders and management team. None of Scytl’s shareholders or senior management members has any political affiliations in order to comply with Scytl’s strict political neutrality policy.

11 – What are Scytl’s products?

Scytl has developed a complete family of e-voting solutions around its core e-voting security technology. Scytl has e-voting products to carry out elections in the public sector and e-voting products especially tailored to the specific needs of private sector elections. Additionally, Scytl has Internet voting products and poll-site e-voting products (i.e., DREs).

12 – Where has Scytl done projects?

Scytl is a worldwide leader of e-voting solutions and has done projects for governments globally (Switzerland, Spain, United Kingdom, Philippines, Finland, Mexico, Argentina, Australia, etc.).

13 – Who are Scytl’s partners?

Scytl works with multiple partners in projects worldwide. Scytl maintains a strategic alliance with Hewlett Packard that has already led to customer wins in three regions (Europe, Asia-Pacific and Americas). Scytl has also worked with system integrators and IT companies such as Accenture, Oracle, Telefonica, TietoEnator, CIB, Ferey, etc.

14 – Is Scytl’s technology protected by patents?

Scytl has filed multiple international PCT patents to protect some of the unique features of its e-voting security technology. Scytl has also protected its technology and software by copyrights.

15 – Has Scytl received any awards?

Scytl has received numerous international awards for its innovative e-voting technology, including the ICT Prize granted by the European Commission, the RedHerring 100 by RedHerring magazine and the Global Innovator award by The Guidewire Group.

16 – Where can I find more information about Scytl and its technology?

You can find more information by visiting Scytl’s website at www.scytl.com.

FAQs about Scytl’s Internet voting security technology

17 – How does Scytl provide end-to-end security in the voting process?

Scytl’s solution provides end-to-end security (i.e., from the individual voters to the Electoral Board), preventing internal attacks from system administrators. Votes are encrypted and digitally signed by voters in the voters’ voting devices (e.g., PCs) before they are cast. The private key to decrypt the votes is divided in shares and these shares are distributed to the Electoral Board members before the election begins. The private key is destroyed in this splitting process and, therefore, does not exist during the election. At the end of the election, a pre-defined minimum number of Electoral Board members have to meet to reconstruct the private key and decrypt the votes.

18 – Are system administrators in control of the electoral process with Scytl’s solution?

Scytl’s Internet voting solution puts the control of the electoral process exclusively in the hands of the Electoral Board as it happens with traditional paper-based elections. The Electoral Board members are the only ones that can reconstruct the key to decrypt and count the votes. System administrators or any other actors with privileges in the system do not have access to the private key and, therefore, cannot see nor modify clear-text votes.

19 – How does Scytl guarantee voters’ privacy?

Votes are encrypted in the voters’ voting device before they are cast. Only the Electoral Board can decrypt the votes by reconstructing the private key. The decryption of the votes is carried out in an isolated and physically secured computer by applying a mixing technique that breaks the correlation between the voters’ identity and the clear-text votes in order to guarantee voters’ privacy.

20 – How does Scytl protect the integrity of the votes?

Votes are cryptographically protected (i.e., encrypted and digitally signed) while they are stored in the voting servers and, therefore, cannot be manipulated by anyone, not even system administrators with a privileged access to the system.

21 – How does Scytl prevent the addition of bogus votes?

Once encrypted, votes are digitally signed by individual voters. The digital certificates used by the voters to digitally sign their encrypted votes can be either pre-existing digital certificates or digital certificates generated “ad-hoc” for that specific election. Before decrypting the votes, the Electoral Board verifies that the digital signatures on the votes belong to valid voters. Votes with invalid digital signatures are “red-flagged” and put aside for further auditing.

22 – How does Scytl prevent the casting of multiple votes by a single voter?

There are two levels of security to prevent multiple vote casting. The first level is the electoral roll data base that marks the voters who have already cast votes to prevent them from casting additional votes. The second level is the verification of the digital signatures on the encrypted votes that the Electoral Board performs before decrypting and counting those votes. In case a voter had cast two votes, the Electoral Board would detect the duplication at this time.

23 – Can voters verify that their votes have been included in the final tally?

Voters are provided with a voting receipt that contains a unique identifier which is randomly generated in the voters’ voting device and, therefore, is only known to the voter. This unique identifier is encrypted with the vote in a digital envelope. Only the Electoral Board will be able to open the digital envelope and retrieve the vote and the unique identifier. At the end of the election, the Electoral Board publishes the list of the retrieved unique identifiers and voters are able to check that their individual votes have reached the Electoral Board and been counted.

24 – Does Scytl’s voting receipt facilitate voter coercion or vote selling?

Scytl’s voting receipt does not disclose the voting options selected by the voter and, therefore, does not allow vote selling or voter coercion.

25 – Can Scytl’s solution be audited?

Scytl believes that transparency is an integral part of security. This is why Scytl provides election authorities (and independent auditors designated by the election authorities) with access to the source code of the e-voting solution. Once audited, this source code is digitally signed by election authorities to make sure that the same source code is used in the election.

26 – Can election authorities audit the election results?

Scytl’s solution generates logs for all the actions taken during the election. These logs are cryptographically chained every time a new log is generated in order to prevent any tampering. These immutable logs allow an accurate audit of the election results by election authorities and third parties at the end of the election.