Security Requirements for Non-political Internet Voting

This paper describes the development of security requirements for nonpolitical Internet voting. The practical background is our experience with the Internet voting within the Gesellschaft fur Informatik (GI – Informatics Society) 2004 and 2005. The theoretical background is the international state-of-the-art of requirements about electronic voting, especially in Europe and in the US. A focus of this paper is on the user community driven standardization of security requirements by means of a Protection Profile of the international Common Criteria standard. An extended version of this article (20 pages) is published as technical report by the University in Koblenz (see reference list). 1 The GI and its election 2004 The Gesellschaft fur Informatik (GI) is a society for computer science with presently about 24.000 members mainly from Germany. The rules for elections of the bodies of the GI are formally specified by the GI [GI03; GI04]. Since July 2003, the article 3.5.4 of the constitution of the GI allows the application of Internet voting. Here the precondition is that the Internet voting system provides the same security level as postal voting. In all cases where postal voting is admitted the election committee can decide to give members also the possibility to use an Internet voting system – as long as it is comparably secure. In summer 2004, the chairmanship (Prasidium) decided unanimously to offer both, postal voting and Internet voting for the chairmanship elections in December 2004. The election was successful. As a consequence the persons in charge decided to apply Internet voting again in 2005 for the election of the chairmanship and of the executive board of the GI. Until now the GI has voted online twice and plans to do so again in 2006. After a market survey the GI chairpersons decided to use the POLYAS system [MM05] for Internet voting. The POLYAS system provides two authorization schemes, one based on authentication with digital signatures, the other employs PINs and user-ids instead. For better usability and simplicity, election PINs and personal user-ids were chosen for the GI election. Every GI member received a paper letter with the information material how to use the Internet voting system. In particular, the letter informed the member, that the user-id is the GI membership number. The PIN was printed on the letter and