(Dieser Artikel ist auch in deutscher Sprache verfügbar)

France has tried to implement an Internet voting system that should have allowed French citizens living abroad to vote during the presidential elections in 2007. However, the system has been criticized and has not been proven to be reliable.

The French living abroad are represented by the AFE (Assemblée des Français de l'Étranger), a consultative body which elects 12 senators (out of 331). Half of the AFE was replaced in June 2006. Votes could be cast either in embassies (in a traditional way), by regular mail or Internet.

In 2003, Internet voting had been used for the first time and it was then restricted to voters living in the USA. This time, all the 525 000 voters were concerned. The purpose was to allow afterwards these expatriates to use the Internet for the 2007 presidential election; a bill has been submitted.

28 138 voters had registered to use the Internet and as the typical turnout is low (less than 20%), this represented about a third of expected voters. The procedure was complicated: during the week before the election, the voter had to confirm his/her registration and had to test his/her computer's compatibility and especially the Java virtual machine. Only 10 201 people finally voted.

EADS was the company that produced the software named Cybervote and Experian was the company that actually ran the election. Servers were located in the south of France. The replication of the operation of a normal polling station was attempted. During a week in Paris, the poll clerks (in French assesseurs) sat in front of computer screens showing how many people had voted, if the electronic ballot box was consistent, and transmitting images from a camera located in the servers room.

The real polling stations organized the traditional vote and counted the mail voting. In each country in Europe and Asia, there were from one to seven of them. They also received the results of the Internet voting, together with the list of the actual voters. In several countries, only one or two voters had opted to use Internet, so a breach of vote secrecy was thus inevitable which, curiously, had not been anticipated. In the middle of the election period, it was decided to block electronic voting concerning these countries. How that was done is unclear and most of the poll clerks had not been informed before the final day of election.

Will this poor organization turn one's attention away from background problems ? Three computer scientists doing research made each a report on this election. Two of them had been commissioned by the two main political parties during the election. The three reports express many common concerns. They all remind why many safeguards exist in the normal voting procedures: "when the poll workers and assesseurs report results at the end of the day, these results are accepted as legitimate because everyone can see and understand every part of the process. There are many safeguards in this process, every safeguard is there because without it there was cheating in the past, and every safeguard is one in which the assesseur participates directly. In contrast, the process of an Internet election - this Internet election for the Assemblée - has no safeguards that the assesseurs can assess directly."

All three reports question the reality of the poll clerks' control: "Computers can be programmed to simulate almost any phenomenon. A computer program can conduct an accurate election or a fraudulent one. The assesseurs have no way of knowing what program is installed on the computers ... that run the election, because EADS guards that program as a trade secret and will not show it to the assesseurs. Even if EADS showed them the program, the assesseurs have no way of knowing whether the program showed to them is the same one that is installed on the computers."

SERVE was a system aimed to allow the U.S. soldiers abroad to vote by Internet. The three reports remind that the Pentagon abandoned SERVE without using it, on the basis of an alarming experts' report. Andrew Appel, Professor at Princeton University, comments on this abandonment: «As an expert in computer security and in voting technology, I believe that this was a wise decision.».

In his report, Bernard Lang, from INRIA, the French national computer-science research laboratory, analyses the decree that organizes this election. He reminds the poll clerks that they commit to a greater responsibility than they realize, because what they are asked is unspecific, or very technical. He formulates a long list of questions and reservations. For example, when the decree says: "The electronic polling station staff states that the electronic ballot box is empty", Bernard Lang recommends: "It is important to clarify that you state that the provided monitor screen shows that the electronic ballot box is empty. Never assert that it is actually empty."

Andrew Appel concludes: "the French people and the assesseurs that represent them will have no way to be confident that the election was conducted accurately and without fraud. Internet elections are not possible to conduct in a way that ensures legitimacy."

Does the CNIL, the French Data Protection Authority, back these hazardous experiments against its own advice ? The CNIL published in 2003 a recommendation - a requirement list to be fulfilled by an Internet election process.

The CNIL also examines most of the projects at the beginning of their setup. An officer from the CNIL explained in April 2006: "in all electronic voting operations, there are things that do not go well. There are lost votes, votes impossible to decipher, votes that do not work at all. It happened these last years, it has to be said." The election organizers - the Ministry of Foreign Affairs as well as the companies - constantly emphasised that everything complied with the CNIL's recommendations. However, the CNIL had already «emphasised» the «succinct character» of the provided technical documents, allowing it "to assess only partially if the ... specifications ... were fulfilled.". The CNIL had also «deplored» the absence of an expert's report. According to the draft of the decree organizing the election, the CNIL was to receive this expert's report commissioned by the Ministry of Foreign Affairs at some later time. This requirement vanished from the published version of the decree. As usual, the expert's report was not published.

One week before the election, the CNIL published an overview of Internet voting around the world. It reminded that the USA, the UK and Spain have abandoned their projects. Only three countries have significant projects: Estonia, Switzerland and South Korea. In the middle of the election period every reference to this overview vanished from the CNIL's website.

On the Internet vote for the Assemble des Francais de l'etranger - Andrew W. Appel (14.06.2006) English version
http://www.cs.princeton.edu/~appel/papers/urne.pdf
French version
http://www.recul-democratique.org/appel-afe.pdf

Report on the usage of Internet voting for the elections at the Assemblée des Français de l'Étranger in June 2006 - Bernard Lang (in French only, 23.06.2006)
http://traitdunion.homeip.net/ELECTIONS-AFE-2006/COMMPRESS/c1.html#rap...

Observations report - François Pellegrini (in French only, 12.06.2006)
http://www.recul-democratique.org/pellegrini.pdf

A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) - David Jefferson, Avi Rubin, Barbara Simons and David Wagner (20.01.2004)
http://servesecurityreport.org/

(Contribution by Pierre Muller, founder of recul-democratique.org)