How to vote online according to law

La votazione online come nuova esperienza di voto: dalle caratteristiche organizzative, ai criteri di scrutinio, di trasparenza, sicurezza, segretezza e univocità. Un modello ispirato e fedele al sistema giuridico costituzionale del nostro Paese.

Electronic voting: the future is getting more remote

At a time in history of great change, the preference of the Internet medium over the physical one has become a new and valued custom.

From streaming to online shopping, from video calls with family members to Alexa, that world called the Internet has become more and more a part of our lives, making its way into our homes and even more into our workplaces.

Today the new normal consists of checking the privacy box, accepting cookies, and logging on to websites without even having to type in a username and password anymore, participating in video conferences and webinars, online hearings and condo meetings, all while sharing one’s face, voice, information and documents, with people on the other side of the screen.

It is not so absurd to ask whether these digital appointments in which we have become protagonists are actually safe.

Remote voting in Italy: a new reality

That the pandemic has affected our habits and influenced the functioning of democracies is nothing new.

Accomplice to Covid 19, telematic meetings, online assemblies, and remote voting have become an increasingly practiced and viable reality.

In fact, until the date of the end of the state of emergency, in order to counter and contain the spread of the virus as also regulated in Art. 106 of DL No. 18 published in the Gazzetta Ufficiale, the councils of municipalities, provinces and metropolitan cities, municipal councils, schools, companies, foundations and associations that have not regulated ways of conducting meetings by videoconference, can meet online in compliance with criteria of transparency and traceability, as provided by Art. 27 of the “Cure Italy” Decree, Decree Law No. 18/2020, converted by Law No. 27/2020, once again enshrining the sacrosanct right to vote. Remotely.

This provision was amended by Decree Law No. 77/2021 (Article 38-bis, Paragraph 10), which extended the experimentation of electronic voting to regional and local elections as well, subject to the necessary adjustment to be carried out by October 31, 2021 in order to allow experimentation for the election round of the year 2022.

The experimentation of online voting is limited to models that guarantee the concrete exercise of the right to vote of two specific categories of voters: Italians abroad and voters who, for reasons of work, study or medical treatment, are in a municipality in a region other than that of the municipality in whose electoral rolls they are registered.

The implementing procedures for the use of the Fund and its experimentation are referred to a decree of the Minister of the Interior, to be adopted in consultation with the Minister of Technological Innovation and Digitization.

Such a measure was adopted by the July 9, 2021 Ministerial Decree, which approved the Guidelines for the experimentation of ways of expressing electronic voting.

On Oct. 21, 2021, a new ministerial decree supplementing the previous one was issued in order to dictate the modalities for the application of experimentation to regional and local elections, as stipulated in Decree Law No. 77/2021.

According to the guidelines for the experimentation of digital voting expression modes, specifically the provisions contained in Article 5 “System Guarantees,” the electronic voting system will have to meet the following peculiarities:

  • Eligibility: only eligible voters can participate in electronic voting, through a secure authentication process.
  • Uniqueness: eligible voters can only vote once.
  • Secrecy: voting is secret, and no one involved in the election process, can discover a voter’s vote or link the vote to the voter.
  • Universal verifiability: any party, including a passive observer, can verify that the result of the election is correct.
  • Individual verifiability (alternative to the previous one): a voter is able to verify that his or her vote was counted correctly.
  • Inclusability: it must not be possible for any party involved in the system to forge a new vote that appears to be valid from a vote lawfully entered into the system.
  • Fairness: it must not be possible to have partial information about the outcome of the vote before the official count.
  • Incoercibility: the system for online voting must counter the possibility of coercion that an adversary might exert on a voter in order to force a particular vote or inhibit it.
  • Scalability and Reliability: the system must ensure efficient operation even with large numbers of participants and must ensure service even in the event of failures.
  • Robustness: all security properties must persist even in the event of malicious behavior by the parties involved, including collusion-based behavior of reasonable size.

How voting has changed in the time of the pandemic

As published by the International Foundation for Electoral Systems – IFES, there were more than 100 countries that called citizens to vote in 2020. And while some votes were indeed cancelled, those that occurred necessarily had to follow new guidelines and limitations, following the example of the Liberian Senate vote a few years earlier.

Indeed, in 2014, after two elections were canceled due to the Ebola virus, Liberia drafted a regulation of precautionary and exceptional measures that led the state to organize regular voting and also outline a vademecum of rules for voting in times of pandemic.

From the reorganization of polling stations to the provision of disinfectant material, from the adoption of specific procedures for the delivery of ballots to the spacing out of polling places to avoid gatherings, the new rules for accessing the ballot box also introduced a concept so topical that it could be considered obvious: the introduction of postal voting and especially electronic voting.

Online and offline voting. Historical background

In Italy as in the rest of the world, the constitutional legal system is the model for corporate, community or associational voting carried out electronically.

In physical assemblies as in virtual ones, the representative bodies replicate elected assemblies and must necessarily be composed in the following way:

Participants
Executive body
Legal representative

The same pyramidal scheme is found in other types of assemblies, such as in voting among condominiums, where the bodies are divided into Condominiums, Directors, Administrator; in companies composed of Members, Board of Directors, Chief Executive Officer; finally in associations composed of Associates, Board of Directors, President.

How to vote remotely?A quick analysis

In order to vote online in accordance with the law, it is necessary to adhere to specific management, convocation, and validity guidelines set forth in Article 97 of Legislative Decree No. 267 of August 18, 2000.

Beginning with the convocation of voters, which in an online meeting cannot consist of a posting on the premises, but must necessarily evolve into verifiable solutions, whether physical such as a common letter, or telematic such as emails or messages.

The specifics of the convocation are summarized as:

  • Date
  • Time
  • Agenda
  • Physical location of the meeting (as required by Civil Code Article 2366)
  • Mode of participation

In online elections, as in online voting for associations, corporations, and the like, it is necessary that the identification of the various members and the exercise of the right to vote be ensured, through the taking of minutes by a secretary or notary.

Thus, while it is not required that the chairperson, secretary, or notary be in the same place during the meeting, it must be legitimized by a legal representative capable of validating votes and decisions made outside the relevant body.

Identification in electronic voting

In assemblies as well as in online voting, each participant must and can access the session only if provided with credentials to access the platform.

The most advanced online voting platforms offer participants a virtual area commonly called an “identification room” within which the user, through facial recognition and with his or her ID, can validate his or her presence.

This is followed by strong authentication procedures, where in addition to the username and password, authentication of each subject via mobile is required.

Some telematic platforms make it possible to take advantage of attendance tracking tools, and in cases where consent to image processing by members is available, legal representatives can take screenshots of individuals present, to be attached to the minutes as an attendance record.

In order to prevent the meeting from being challenged verbally, verification and member access operations must be carried out in compliance with the rules.

For this reason, it is advisable that the managers and operators of the IT platform, the members assigned to control and organize the assembly, be at the physical location indicated in the official convocation.

Privacy, immodifiability and transparency: 3 must-have criteria for online voting

Our legal system sets a great example for everything related to online “life.” Of course, as far as online sessions are concerned, remote voting must be secret, unchangeable, non-replicable, and transparent.

Anonymity in virtual assemblies is guaranteed by the end-to-end cryptographic system, which makes it impossible to link the vote and the voter and, with the double-key system, prevents both the possibility of casting a second vote and changing the vote cast. Access to such a platform is recommended in VPN to avoid third-party attacks.

The voting platform should be equipped with a protective firewall and https protocol. For added security, it is advisable to carry out DPIA – Data Protection Impact Assessment, on the assembly process.It is also possible to record the sessions, preferably physically and without any network connection, protecting them with encryption.

No less important, to ensure lawful voting, the servers must be located in the European Union, in compliance with European Regulation 679/2016 for privacy.

How to vote online according to law? Practical tips

The word “ballot box” has always been synonymous with elections and referendums.

But in the absence of this, that is, when the same is not actually physical, its virtual variant can be considered not only a virus-prevention tool, but also an effective usable, safe and free alternative.

Whether for businesses, associations, cooperatives, universities, for virtual assemblies or online voting, with meeting and voting platforms anyone can create and manage elections remotely in accordance with the law.

The basic requirements that must be met in order to conduct a legally compliant online vote are:

  • Access credentials for individual users
  • Creation of several virtual rooms to allow proper identification of individual participants
  • Creation of a physical control station for those in charge of the session
  • Inability to identify the voter
  • End-to-end encryption of communications and local machine
  • Servers and data centers located within the European Union.

Are you an administrator? Find out how to kick off your virtual ballot or assembly

While a digital ballot box may indeed be more immediate for voters than a physical one, creating a digital polling place may also be easier for the administrator of the same, so simply:

  • Create the ballot
  • Indicate the information related to the ballot
  • Configure the ballot
  • Enter candidates
  • Enter the list of voters

Then the administrator will only need to take care of opening the ballot and closing it on the predetermined day to get the results of the ballot immediately.