Data Privacy in Electronic Voting

Introduction 

Voting is a fundamental way in which people exercise their right of choice of leader in a democratic nation. Election systems have evolved systematically over the years from the use of manual ballot papers and optical scanners to the well-developed computer systems which use Biometric technologies. The bases of technological growth in the voting system are to achieve proper data storage, enhance anonymity in the voting process, and improve the speed of the voting process and to attain scalability in voting. Paper balloting system has been used for a long time; it involves marking on ballot papers and inserting them to the scanner. However, the process included several cases of errors affecting the credibility of the outcomes. Voting is a democratic practice that determines leaders of a specific region for a particular time; therefore privacy measure is a primary factor that determines credible elections. In electronic voting, an emphasis is placed on practical steps to promote privacy mechanisms which will be able to block cases of fraud. 

Thesis statement 

Electronic mode of voting is the most reliable form of an election process, it stresses on data privacy as the primary value of quality election (Gritzalis, D. A. 2012). This paper will address the security requirement of the electronic voting process such as: privacy, eligibility, free from intimidation accuracy among others. Also, it will discuss the concept of data privacy in the voting process using electronic voting systems. Similarly, this paper will explain privacy calculus theory and its effect on voting data privacy, as well as the impact of relationship on voting privacy. Lastly, this paper will provide a comprehensive explanation of factors influencing data protection in the voting process including legal regulations, technology, personal concerns and benefits associated with data sharing. 

The concept of Data privacy 

Voting is a vital process that requires appropriate boundaries to guide confidentiality of data. The election body is needed to design suitable voting mechanism like using an electronic system to provide sufficient management of data privacy. Similarly this will involve assessment of information system to prevent privacy invasion by malicious parties. Apart from technical measures, the managerial concept of election data privacy is vital since most of the election frauds are carried out irrespective of excellent technical support (Lubis, M. et al. 2017). Therefore, it’s crucial to examine relevant factors that are complementary or independent of each other to facilitate quality election outcome. Such factors depend on computer frameworks in use, people’s privacy policies, and behavior of people about their privacy concerns. Understanding these processes will provide background knowledge, which is essential in establishing technical and managerial enforcement to facilitate successful data protection in electronic voting. 

Privacy Calculus Theory 

This theory demonstrates the reasoning mechanisms that people use when deciding between the benefits and consequences of revealing personal data. According to Min, J., & Kim, B. (2015), people generally overlook the risks of revealing vital private data knowing that they won’t face the consequences. Many pieces of research have indicated that lower levels of willingness of people to provide personal information on the internet as well as perform sensitive transactions, is attributed to the risk associated with internet privacy hacking, (Lubis, M. et al. 2017). Individual’s privacy calculus is also applied in business when people weigh between disclosing personal information to buy products and services, and the potential risk associated with private information disclosure. During elections, voters risk their data to practice their democratic rights of choosing their leaders. Therefore the electronic voting system should provide end-to-end encryption of data to prevent information access by third parties (Lubis, M. et al. 2017). Similarly, the data should be protected from malicious parties who may change encoded data to benefit themselves. Due to vitality of election process, private data breach may result to serious negative consequences that should be avoided at all costs. Apart from privacy calculus theory, individuals may decide to reveal personal information or breach person’s private information due to trade-off benefits. 

Data privacy trade-off relations 

In some cases, people may be willing to reveal their personal information to strangers in return for credits. The government of the United States is only warranted to interrupt people's security when the breach is illegal. However, in cases where individuals consent to reveal their private information, the legal protection may be limited. On this account, individuals may be willing to give out their voting information to people who may use them to cause a security breach in the electronic voting system. Consequences associated with privacy breach are the significant challenges facing electronic voting system. Therefore, there should be sufficient data encryption measures to facilitate privacy in an election process. 

Security Requirements for e-voting process 

Due to technological advancement, cryptographic mechanisms have been widely used to facilitate the quality electronic voting process (Cetinkaya, O. 2008). This process has been able to fulfill peoples concern about security, privacy, and accuracy of the electronic voting techniques. Therefore a critical analysis of the e-voting program should be carried out to ensure that the voting protocol used can meet the requirements named above. Similarly, a comprehensive legal framework (democratic and constitutional framework) about the voting process should be laid as well as structural security framework and broad definitions outlined to the voters (Lubis, M. et al. 2017). The structure of the cryptographic voting protocol has been examined to meet the formal requirements of a secure election system. Characteristics of a secure voting system include accuracy, fairness, verifiability, privacy measures and eligibility, free from receipt charges, and lastly free from intimidation. 

Primary requirements for the electronic voting procedure 

Voter privacy - This is the most crucial factor that determines credibility in an election process. Therefore, a voter’s privacy should be enhanced during the election period and after the election. The voting mechanism should be designed in a way that no traces of voter’s information are left behind after voting process. In this regard, the two personal identity documents that should be protected are the voter’s registration identity and the public key; the electronic voting system should not provide any linkage between these two documents. Furthermore, the system should give useful data encryption to avoid access to voter’s IP address by unauthorized individuals. In general the electronic voting system should be untraceable to protect the voter’s privacy. 

Fairness - The voting process should be fair to every voter in every location. Also, tallying of votes should be done after the complete process of voting; the e-system should not leak early tallies before the whole process is completed. Lastly, the people responsible for the tallying process should not be granted insights to the results before the voting process is over; this will help to ensure that each candidate is given a fair decision (Cetinkaya, O. 2008). 

Accuracy - After voting, the tallying of votes should be accurately done from the votes casted correctly. The system should not allow formatting of the votes casts such as altering, deleting or copying; it should detect any attempt to format the votes cast. No voter should be allowed to vote in place of others who did not vote for some reasons or abandoned the voting process on the way. 

Eligibility - The system should only allow eligible voters to cast their votes. A qualified voter is one who registered as a voter before the voting process. 

Uniqueness – the e-system should allow voting once for every eligible voter. Also, only one vote per voter should be tallied at the end of the voting process. 

Free from intimidation – voters should be free from coercion from any party or authorities; other parties should not be able to intimidate the voter or extract the value of the votes cast, thus every voter should have freedom of voting. 

Receipt-free – the electronic voting system should not provide a confirmation notification of receipt of the vote since this may display its content leading to potential malware act; this will also prevent buying of votes by third parties (Cetinkaya, O. 2008). 

Verifiability – the system should be able to provide verification of the votes cast; the protocols used by voters should be able to prove the claims about the accuracy of the votes casted. 

Individual vote check – the e-system used should be subject to verification by the voter that indeed his vote was successfully cast and tabulated during tallying. In tradition ballot paper voting, voters were able to confirm their election by putting their votes into the correct ballot box. Therefore the electronic system protocol should be verifiable by the voter. 

Factors influencing personal data protection 

Government regulation 

The U.S. government has established rules of conduct that obligate election candidates from communicating directly to voters; as a result, they rely on mass media as a primary means of their campaign; this also reduces coercion of voters during the election period (Ansolabehere, S., & Snyder Jr, J. M. 2002). Similarly, clashes associated with election campaigns are reduced when campaign activities are limited to mass media. The government has also stipulated rules that govern the voting process; it has outlined comprehensive regulations associated with free and fair voting process. As a result, the state government publishes consequences related to election fraud before the election period as enshrined in the U.S. election act. Voters and candidates are supposed to adhere to these principles to facilitate quality election process. Data privacy is a sensitive concern that every party should subscribe to; as a result, the government ensures that all practices necessary to deliver free and fair voting process are in place. Such factors include efficient electronic voting systems with reliable protocols, sufficient security in votes tallying centers as well as voter training programs before the voting process. Lastly, the government ensures that parties which involve in voting fraud or fraud attempts are brought to justice, such policies help to facilitate privacy measure during the voting process. 

Technological solutions 

Electronic voting involves the transfer of a large volume of data from the voters to the tallying centers; this attracts a big deal for technical impacts, transparency principles and cybercriminals (Dunn, W. N. 2015). Therefore, the servers used in the voting process should be verifiable with adequate authentication policies to prevent election fraud, ensuring voter’s trust as well as safeguarding voter’s data. As explained above, data verifiability can be achieved by using protocols which enables voters to confirm successful votes casting and tallying. Furthermore, privacy in personal data and election data transmission can be enhanced be granting voter control over their voting information against access from unauthorized parties. 

Individual privacy concerns 

According to Whitley EA. (2009), the voting process is dependent on two elements namely, voters information about the voting process and the voter's perception of the information given. The body responsible for the voting process should provide information on the voting procedure and ensure such steps are adhered to during the election period. Before technology integration, the election procedure depended mainly on the administrators who supplied the paper to the polling stations and the personnel responsible for the tallying process (Whitley EA. 2009). In this regard, the personal privacy concern was a vital factor; as a result, the process required careful observation and administration mechanisms during the entire election process. However, voters were reported to reveal relevant personal information to strangers mainly due to lack of security awareness. The electronic voting system is strongly dependent on technology. Therefore voters understand the risk of revealing personal information to strangers. As a result, the electronic mechanism has incorporated cryptographic techniques which facilitate efficient data privacy. 

Benefits associated data sharing 

According to Blais & Loewen (2009), some voters may decide to engage in formal elections and fail to take part in elections. These two authors based their study in Canada in which they found that youths had neglected voting process while involving actively in other political activities. In addition, youths were willing to give out their private data in return of payments. This implies that, the votes cast were much less than the number of registered voters. Similarly, these activities made it possible to carry out multiple elections frauds whereby, various candidates were able to buy votes from youths to prohibit them from voting for the opposition candidates. In such cases, the government should take charge and prosecute specific candidates responsible for such activities in order to promote free and fair election. 

Conclusion 

An election is a means through which people express their freedom to choose their leaders a specific period in particular geographical area. Electronic polls involve the integration of technology into an election process; this advancement has offered an opportunity to reduce time and income costs required to carry out an election process. Besides, this technological advancement in election process has improved the integrity and credibility of an election. Similarly, this process has proved to be useful when compared to tradition systems which relied on ballot papers. However, the core challenge facing election process using electronic systems is data security; this is because this process involves the transmission of high volume of data through network protocols. As a result, voters are required to protect their data from access by unauthorized people which may be the basis of malicious intent into the systems. Besides, the federal government has established various codes of conduct outlining risks associated with private data violation. 

Reference 

Min, J., & Kim, B. (2015). How are people enticed to disclose personal information despite privacy concerns in social network sites? The calculus between benefit and cost. Journal of the Association for Information Science and Technology, 66(4), 839-857. 

Cetinkaya, O. (2008, March). Analysis of security requirements for cryptographic voting protocols. In Availability, Reliability and Security, 2008. ARES 08. Third International Conference on (pp. 1451-1456). IEEE. 

Lubis, M., Kartiwi, M., & Zulhuda, S. (2017). Privacy and Personal Data Protection in Electronic Voting: Factors and Measures. TELKOMNIKA (Telecommunication Computing Electronics and Control), 15(1), 512-521. 

Whitley EA. (2009) Informational Privacy, Consent and the „„Control‟‟ of Personal Data. Information Security Technical Report.; 14:154-159. 

Dunn, W. N. (2015). Public policy analysis. Routledge. 

Ansolabehere, S., & Snyder Jr, J. M. (2002). The incumbency advantage in US elections: An analysis of state and federal offices, 1942–2000. Election law journal, 1(3), 315-338. 

Blais A, Loewen PJ. (2009 Youth Electoral Engagement in Canada. Ottawa: Elections Canada: 13-16. 

Gritzalis, D. A. (2012). Secure electronic voting (Vol. 7). Springer Science & Business Media.