Voter Authentication in Remote Electronic Voting Governmental Experiences: Requirements and Practices

Abstract

How to ascertain that the person voting behind a computer or smartphone screen is actually who they claim to be remains one of the key challenges in remote electronic voting. Credentials to vote online can be shared, stolen, or traded. For this reason, it is generally argued that introducing remote electronic voting from uncontrolled environments for political public elections is only feasible as long as a robust infrastructure for the digital identification of voters (e.g., based on electronic identity documents, e-ID) is already in place. But is such a digital infrastructure for voter authentication a sine qua non condition for remote electronic voting? In this paper we assess how voters are authenticated in internet voting for political public elections in nine countries: Australia, Canada, Estonia, France, Mexico, Pakistan, Panama, Switzerland, and the United States of America (USA). To the best of our knowledge, this is the broadest comparative assessment of voter authentication methods in governmental remote electronic voting experiences. Our analysis reveals that the use of solely knowledge-based factors for voter authentication is the most common practice in these experiences. In most cases, a combination of several credentials is used (e.g., in Canada and Australia). Another alternative is to rely on a different combination of knowledge and ownership-based authentication methods that does not require neither e-IDs nor digital certificates (e.g., as in France and Mexico).