Presentation of the Concept of the Green Paper on the Information Security of the Electoral Process at the Committee Hearings “Principles of E-Governance in the Election Process”

On December 14, 2017 Committee Hearings on “Principles of E-Governance in the Election Process” were held, during which the Concept of the Green Paper on the Information Security of the Electoral Process was presented.

The event was organized by the Agency for Legislative Initiatives in partnership of the Committee for Informatization and Communications and International IDEA.

Oleksandr Danchenko, Chair of the Parliamentary Committee for Informatization and Communications said at the Committee Hearings:

“As Ukraine is on the path of democratization, not only the society as a whole, but all its state institutions, need to make the appropriate changes. In particular, when it comes to the electoral process, it is expected that the use of modern information technology and the standardization of mechanisms during its conduct will be widely used.

The development of e-democracy and e-governance is impossible without the introduction of electronic will”.

Olena Matuzko, Secretary of the Committee for Informatization and Communications of the Verkhovna Rada of Ukraine mentioned:

“The current legislation of Ukraine does not yet support the introduction of electronic voting, but the foreign experience of democratic states regarding electronic elections should become the basis for the development and adoption of legislative acts aimed at developing e-elections and digitization of the electoral process.

The introduction of information technology in the domestic electoral process should take into account the best legal experience of the countries in the context of both progressive expression of will and protection of the results of expression of will during the electronic voting”.

Svitlana Matviienko, Chairwoman of the Agency for Legislative Initiatives, noticed that the changes which occur around the whole world induce developments also in Ukraine. In particular, this refers to the possibility of electronic voting to be implemented in Ukraine in 2024. Nonetheless, it is quite an exaggeration to insist on the preparedness of the state. The Green Paper on the Information Security of the Electoral Process, which will be finalized taking into account today’s discussion and recommendations, aims to accelerate this progress.

Oleksandr Iakymenko, Programe Coordinator in Ukraine, International IDEA:

“In our opinion, the introduction of electronic voting, the challenges and risks, which accompany this process, as well as a number of other related and important issues, is matter of great urgency in Ukraine.

Electronic voting is not only a tool to learn the results of people’s will. We believe that this is a tool that makes the election process more effective and increases confidence in it.

Appropriate decisions pertaining to electronic voting could improve security of voting, speed up vote counting, and simplify the voting process. Nevertheless, such decisions involve many problems. They need to be carefully planned and developed; otherwise, they will shatter confidence in the election process as a whole.”

Electronization of the electoral process: establishing an interinstitutional dialogue and developing common vision

Danylo Mialkovskyi, Head of the Department of the Administration of the State Service for Special Communication and Information Protection, spoke of up-to-date mechanisms for information security in the election process. Mr. Mialkovskyi emphasized the fact that the introduction of electronic voting could motivate youth to take part in elections, which indicates the stage of democracy development in the country. The introduction of electronic voting requires not only the reassessment of the election infrastructure but also revision of institutional and resource capabilities of Ukraine. Considering the practices for building confidence in electronic voting, Mr. Mialkovskyi claimed that it is very important to accurately identify a person who votes. This is possible to do by using the Ukrainian passport as ID-card as well as by implementing the technology of digital signing with mobile terminals – mobile ID. On the other hand, we need to pay special attention to the legal regulation of these technical tools.

Oleksandr Stelmakh, Director of the Disposer Service of the State Register of Voters, Central Election Commission, said that since 1998 the Central Election Commission has a data analytics system “Elections”, which embraces all stages of the election process. Mr. Stelmakh pointed at issues and challenges to the high-quality election process, which are the following: the replacement of the electoral legislation every election; the absence of regular election commissions; the neglect of new election technologies; unreasonable cutbacks to funding for information programs; the poor status on the state register data accumulation and ID-card distribution.

Yevhen Yakovenko, Deputy Head of the Division as part of the Department of the Counterintelligence Protection of the State Interests in the Field of Information Security of the Security Service of Ukraine, noticed that the Central Election Commission was one of the first institutions in Ukraine that built two of the most important information systems – a system of election automatization and system of the state register of voters. These systems are under constant cyberattacks of hostile intelligence agencies. Two main types of attacks are the following: information field, which is a creation of a bad reputation for the state, and intrusion into the work of these systems with the aim to block information or distort it.

Oleksandr Ryzhenko, Head of the State Agency on e-Governance of Ukraine, emphasized the importance of the adoption of the Law of Ukraine “On Electronic Trust Services”, which can help to introduce new election technologies and election services for citizens that will simplify the exchange of electronic documents for citizens. Nevertheless, there are some questions that persist. Those are the following: access to information; digital inequality between the citizens who live in big cities and those who live in Ukrainian regions; improvement of the electronic identification of citizens. Mr. Ryzhenko agreed with previous speakers on the fact that informatization needs citizens’ confidence.

International experience of using information and telecommunication technologies in the election process

Peter Wolf, Technical Manager and Expert on Elections, Constitution-building, ICTs in elections, International IDEA, gave attention to electoral technologies and main trends in cybersecurity. Peter Wolf named main problems with cybersecurity during elections, which are the following: DDoS attacks, web hacking and manipulation with content; system hacking; information leaks; information and data accumulation; distribution of disinformation. Appropriate measures to undertake would be national interdepartmental coordination, detailed analysis of all processes, resource enhancement for protection, control, detection and counteraction to dangers.

Prof. Carsten Schürmann, IT University of Copenhagen, told how to provide elections with information and communication technologies and how to protect election systems. Prof. Schürmann paid attention to the fact that it is necessary to carefully prepare legislature and technologies to make elections transparent and effective. In addition, he specially emphasized the fact that the very technical system of elections is vulnerable to cyberattacks, no matter how much it is protected from hackers. You need to have hard evidence, such as bulletins, which you can verify after the publication of results. It is usually best to use both technologies and bulletins because only technologies guarantee transparency, and confidence in elections is formed by a conducted audit.

Peter Erben, IFES Ukraine Senior Country Director, IFES Senior Global Electoral Adviser, laid bare the specifics of the use of electoral technologies in Ukraine. Mr. Erben pointed out that ten years ago people were optimistic regarding the use of technologies in the election process, while today they have become very sceptical because of constant cyber threats and attacks. There has been a regression in the use of electoral technologies because of the confidence issues. Thanks to technologies we can promptly process big data, but they cannot replace old ‘manual’ methods. They can only complement and improve them. Mr. Erben mentioned that the state register of voters in Ukraine is very good. And traditionally, it is the most problematic election tool in the whole world. Nonetheless, Ukraine is not up to speed on the election result management.

Oleksii Koshel, Head of the Committee of Voters of Ukraine, emphasized the importance of a high-quality and clearly spelled out legislative framework to avoid additional risks while using new technologies. Mr. Koshel indicated the risks for the Ukrainian electoral system, which are the following: constant Russian interventions and distrust in election results.

Roadmap for the introduction of the e-Governance in the election process

Yegor Aushev, Project Director at Cyber Guard, Co-founder of HACKEN, during the presentation of the conception of the Green paper for information security of the election process, made a point that this document is created to present some aspects of information security of the election process, detect problems, assess the scope, dynamics and acuteness of detected problems, and propose possible solutions.

“We can make a general conclusion that, despite risks, known technical solutions are confirmed in practice. In addition, after the systematic reviewing of all questions, it has become obvious that cyber threats which can influence the election process are only in part related to technical issues. Inadequate perceptions of threats and vulnerability are also dangerous and even more difficult to counteract”.

Ihor Malchenyuk, Technology Strategist, Microsoft, Associated Member, Ukrainian Information Security Group (NGO), Co-founder of City Innovation Platform (NGO), emphasized that the Green paper gave attention to the analysis of important components of the election process, such as the state register of voters, vote counting, personal data protection. Cyberattacks of foreign countries is a challenge to national sovereignty, and they are threatening the political system, ruining confidence, damaging data, and hindering the use of technologies.

Victor Zhora, Director of Infosafe IT, analysed the evolution of the “Elections” system; investigated into how the Ukrainian electoral system changed from 2002 till 2017; revealed main phases of attacks on the electoral system of Ukraine, such as non-sanctioned interventions, distortion of results, and DDoS attacks; in addition, told about ways how to make the election process in Ukraine safer. Mr. Zhora emphasized that Ukraine was a testing platform to cyberattack an electoral system. Cybersecurity is a stumbling block in regards to the confidence in the election process.

Volodymyr Flonts, Head of SCO “Electronic Democracy”, made a point that the term ‘Internet-voting’ is already present in the Ukrainian legislation. Mr. Flonts mentioned that there are no hindrances to introduce open Internet-voting. It is harder to implement ballot voting. Without trust in the voting process we do not have the legitimacy of election.

At the end of the committee hearings, prof. Carsten Schürmann showed an example of a cyberattack on the electronic voting system – hacking of a voting machine. With the help of his computer, information search in the Internet, and simple tricks, prof. Schürmann could enter in 5 minutes in the system of the voting machine and changed the saved data.