Online voting requirements

Louise Upston has announced:

Councils now have the guidance they need to decide if they want to offer at the 2016 local body elections.

The Government has been looking into the feasibility of enabling local authorities to undertake an online voting trial in response to requests from councils, and a set of requirements for councils interested in undertaking a trial has been released today.

“Local authorities must show they can meet these requirements before the Government can give the go-ahead to trial online voting,” Associate Minister of Local Government Louise Upston said. …

The requirements document, which is available at www.dia.govt.nz/online-voting, was prepared in consultation with a range of stakeholders including the Society of Local Government Managers, Local Government New Zealand, election and online voting service providers, and online security experts.

The requirements are extensive. There are 125 specific requirements. Some of them are:

  • Online voting must only be made available as an additional option alongside postal voting.
  • Voters must be able to vote online using their own internet-capable device, and without any need to install additional software.
  • Electors must be able to vote online without being required to pre-register.
  • All electors in an election for which online voting is being used must be provided with an opportunity to sign up to receive confirmation that an online vote has been received and recorded under their name, and must be notified of this opportunity.
  • A valid voter ID and access code, enabling an elector to authenticate him or herself online, must be transmitted to electors by way of at least two separate transactions
  • Where an online voting document has been incorrectly marked, the online voting technology solution must inform the voter of the nature of the error that has been made and give them an opportunity to fix the error before submission of the voting document.
  • The design of the online voting system must guarantee that votes submitted online are, and will remain, anonymous, and that it is not possible to reconstruct a link between the content of the vote and the voter.
  • Online voting systems must be designed, as far as it is practicable, to maximise the opportunities that such systems can provide for persons with disabilities.
  • Decrypting required for the counting of the votes must not be carried out until the voting period has closed.
  • The online voting system must allow the voter to individually verify that his/her vote is recorded-as-intended.
  • The online voting system must allow for an observer or independent auditor to verify that votes are counted as recorded.
  • Online voting systems must comply with New Zealand Government standards and industry best practice for web and applications security, including, at a minimum: the New Zealand Information Security Manual (NZISM), ISO27001, ISO27002 and the OWASP Top 10; and should also meet other web security standards such as the ASD Top 35 mitigations and then SANS Top 25.
  • Territorial authorities must use an approved provider from the public service’s ICT Security and Related Service Panel to undertake all security testing, assessment, and certification and accreditation.
  • The online voting system must be auditable end-to-end.
  • The audit system must be designed and implemented as part of the online voting system. Audit facilities must be present on different levels of the system: logical, technical and application.

A very detailed and thorough list of requirements.

Comments (17)

Login to comment or vote