Browse Books

Reviewer: Fjodor J. Ruzic

Electronic voting (e-voting) is an instrument of democracy in an information society; whenever used, it opens discussions on political, social, cultural, and financial issues. The important question is how to provide a trustworthy e-voting system that's secure, while preventing its accidental or malicious abuse. Part 1, "Fundamentals," introduces e-voting issues. After the introductory remarks, Volkamer introduces readers to e-voting as a valuable tool, when a comprehensive approach is used. This part also describes the methodology applied in order to develop a standardized and consistent requirements list. The methodology includes cross-checking existing catalogs, election principles, and possible threats. Furthermore, Volkamer explains the necessity of defining different lists for different categories of e-voting. The author presents these issues well, structuring them around the three fundamental categories of any e-voting system: requirements, evaluation, and application; Parts 2 to 4 nicely document these categories. Part 2, "Requirements," exposes a "standardized, consistent, and exhaustive list of requirements for e-voting systems." In the beginning, e-voting was limited to the use of e-voting machines; this was followed by the introduction of remote e-voting. The author gives a short overview of practical solutions and experiences, in various countries, regarding different levels and scopes of election processes that used e-voting. She also offers some insight into the literature in the field, particularly on technical, legal, and security issues. Volkamer answers important questions about which of the existing e-voting systems are secure and how to design a secure e-voting system. Part 3, "Evaluation," proposes and discusses a standardized evaluation methodology and certification procedure. This methodology accounts for the security, functional, and assurance requirements defined, but does not address operational and usability requirements. A further constraint concerns the type of e-voting system-the evaluation methodology was devised for remote e-voting systems. The author discusses a certification procedure called core protection profile. The common criteria, in combination with the common evaluation methodology, works best for the evaluation and certification of remote e-voting systems, according to the security, functional, and assurance requirements defined. Part 4, "Application," describes the application of two remote e-voting systems. It shows open points when applying the evaluation framework presented, and offers proposals for other aspects of practical application. Correspondingly, a proof of concept is executed to show the validity of the framework. Two remote e-voting systems are analyzed in the context of the previously developed core protection profile: the Polyas system, from Micromata, and the Estonian remote e-voting system. These systems were used in several European elections, and they are a valuable source for defining and evaluating any e-voting system. This point is of particular interest for the process of issuing a new set of Voluntary Voting System Guidelines (VVSG). Part 5 presents directions for further research in e-voting and concluding remarks. Part 6 consists of a number of appendices, including a list of acronyms, links used in the book's preparation, and a useful glossary of election terminology. The appendices help readers to better understand e-voting's principles and general issues. The book ends with a comprehensive list of references. There aren't many titles on e-voting available, especially on the evaluation of working systems; this book is a valuable contribution to the literature. I recommend it to readers who are interested in an electoral process based on information and communication technology, and students in the fields of sociology and policy. Information systems professionals may also find it to be a helpful resource on the electoral process and e-voting systems. Online Computing Reviews Service