Home

Other projects

E-democracy projects

Forum History

 

The Forum was established by the Third Summit of Heads of State and Government of the Council of Europe  (Warsaw, May 2005), to strengthen democracy, political freedoms and citizens' participation.

(...)

Forum previous sessions

2011

(Limassol, Cyprus, October)

Interdependence of democracy and social cohesion.

New: Proceedings

"Radical measures taken in many countries to try to balance public budgets are both necessary and understandable†but  “Countries are running a high risk of seriously undermining the European model of social cohesion.† declared Council of Europe Secretary General Thorbjorn Jagland while opening the Cyprus Forum.

2010

(Yerevan, October)

Perspectives 2020 Democracy in Europe - Principles and Challenges

Proceedings

 

''The Council of Europe has a unique strategic role to play in strengthening good democratic governance at all levels in the European space''. Democracy, or rather good democratic governance, is now not only intrinsically linked to the respect of human rights but is also recognised as the most effective form of governance to ensure stability, sustainability and well-being.

 That was the main message of the 2010 Forum.

(...)

 

2009

(Kyiv, October)

Electoral systems: strengthening democracy in the 21st century

(Proceedings)

 "In a genuine democracy, the citizen is sovereign and the voter decides" - that was the main message of the 2009 Forum, which highlighted the need for greater public involvement, with a view to increasing voter turnout and ensuring that all stages of public life are democratic..

(...)

 

2008

(Madrid, October)

"E-democracy: who dares?"

 

The discussions addressed the impact of information and communication technologies (ICTs) on democracy.

(...)

 

2007

(Stockholm, June)

"Power and empowerment - The interdependence of democracy and human rights"

 

This event addressed issues such as the role and responsibilities of the opposition, representative democracy at the local and regional level, empowerment of the individual and non-discrimination, respect for freedom of expression and association for civil society, and fostering democracy, human rights and social networks.

 (...)

 

2006

(Moscow, October)

"The role of political parties in the building of democracy"

 

The Forum reflected on  the role and responsibilities of political parties in finding democratic solutions to contemporary challenges, the interaction between political parties and with other actors in the democratic process, and the building and strengthening of democratic institutions.

(...)

 

Launch meeting (Warsaw, November 2005)

"Citizens' participation"

 

 

The discussions addressed the state of contemporary democracy in Europe.

(...)

Previous projects

("Making

Democratic institutions work")

 
  Print  
  
  Send  
  

Welcome to my talk and thank you very much fort he invitation and thus the possibility to present our work on the evaluation and certification of electronic voting systems and in particular remote electronic voting systems (also called online voting products). According to the document which will be introduced and proposed with this presentation, the talk has the title "Common Criteria Protection Profile -- a Basic Set of Security Requirements for Online Voting Products".

Those of you who joined the last Council of Europe review meeting two years ago in Strasbourg might remember that the idea of developing such a Protection Profile (PP) has already been presented there. Now, two years later, this project is finished and the Protection Profile can be downloaded from the web in German and since September 2008 also in English.

The PP project was funded by the German Federal Office for Information Security and accompanied by the German association of Computer Science and an advisory board with representatives from different universities, possible user groups, vendors, and organizations like the Council of Europe, the E-Voting Competence Center, the German Physikalisch-Technische Bundesanstalt (PTB) (the national metrology institute providing scientific and technical services, besides other one department evaluates the German voting devices), and the Austrian A-SIT (Zentrum für sichere Informationstechnologie – Austria). My co-author is Roland Vogt from the German Institute for Artificial Intelligence. The Protection Profile has been developed based on three existing requirement catalogues: the Council of Europe Recommendations and two mainly German specific requirement catalogues: the one from the PTB and the one from the German association for computer science (Gesellschaft für Informatik – GI).

The Protection Profile does not serve as a new requirement catalogue beside all this existing ones but as an improvement which overcomes the vulnerabilities of existing catalogues. These vulnerabilities result from the fact that existing requirement catalogues only provides different kind of requirements which the electronic voting system needs to ensure, while they do not specify how to evaluate that a system meets theses requirements. This means in particular that existing catalogues do not make the underlying trust model explicit – meaning the assumptions and conditions to the environment (in which the system is used) are not specified. Moreover, the existing catalogues do not define the evaluation depth. This means it is not clear whether the conformance decision should be based on conversation with the developers or a documentation and specification review, or it should be based on a source code analysis or even a mathematical proof. From these vulnerabilities result that the evaluation result is neither meaningful nor are the results comparable.

To overcome these problems, we propose the application of the Common Criteria – (CC) and, thus, translated existing requirement catalogues into a Protection Profile. The CC is an international standard for Information Technology Security Evaluation which is applied in many countries. Protection Profiles are one of the most important documents which can be developed based on the Common Criteria. They describe a system independent set of security requirements for a category of systems. Thus, a PP serves as quasi standard for a group of systems – here for different types of remote electronic voting systems.
However, we were not the first who had this idea to use the Common Criteria to evaluate electronic voting systems. Beside others the Council of Europe made in its recommendations a first step by defining assets and threats according to the PP/CC terminology.

When we started our project we believed that we can develop one general protection profile which is applicable for any kind of elections independent from the level and the country. But then we recognized that such a Protection Profile cannot exist – as the trust model and the required evaluation depth differs from election to election and probably also form country to country. Thus, we decided to develop a basis Protection Profile which needs to be ensured by all remote electronic voting systems but this basis can and should be extended by the election authorities.
This is one of the reasons why the PP is called basic. The second on is the fact that the Protection Profile only addresses requirements for the voting and counting phase while it assumes that the remote electronic voting system is successfully, properly and correctly set up.

Any PP needs to contain several different issues. For election authorities only two parts are important to know as they need to check whether they agree on these issues: There is on the one hand the security problem definition section describing the trust model and on the other hand the security assurance requirements defining the evaluation depth. The rest of the document is written in the Common Criteria language and needs to be extended – if necessary – by a Common Criteria expert.
With respect to the security problem definition it is important to know that a secure election with an evaluated system can only be provided if this system is used in an environment in which the assumptions defined in the security problem definition hold.
With respect to the evaluation depth it is good to know that the CC supports 7 different evaluation assurance levels (EAL) while level 7 requires the deepest evaluation and thus provides the most trust in an evaluated system.
For the basic Protection Profile we choose level 2 and added (augmented it with) four additional security assurance components.

We developed this Common Criteria Protection Profile describing a basic requirement. Now it is the responsibility of the election authorities to decide whether the defined trust model in terms of the security problem definition of the basic PP fit to their environment and the type of election they have in mind. Moreover, it has to be decided concerning the evaluation depth whether EAL 2+ provides enough trust in the evaluation system. If not they are free to extend this basic PP – either by shifting assumptions to threats and thus to demand more security functionality from the evaluated systems or by arising the EAL level. We look forward to the result of an extended version.
The next step from our point is then to integrate this basis PP or an extended version in the election regulations.

Finally, I would like to point out that we do not think that such a PP can replace the valuable recommendations from the Council of Europe, as it provides so much more requirements than only security ones related to the voting software. Thus, we see the Protection Profile as an add-on to guide the security evaluation of a remote electronic voting system.