http://www.cd3wd.com/ - home
*** All Rights Reserved - Alex Weir 2006, 2007,
2008, 2009 ***
SEEV – SMS external encrypted voting
http://www.cd3wd.com/SEEV/SeevPpsHtm.htm
- a single file htm version of power-point
presentation of the SEEV System – this is the best and quickest way to grasp
what SEEV is about!... – for all users
http://www.cd3wd.com/SEEV/SeevPPT.ppt - a power-point presentation of the SEEV
System – this is the best and quickest way to grasp what SEEV is
about!... – for windows users only
http://www.cd3wd.com/SEEV/SeevPPT.htm
- a htm version of power-point presentation of the
SEEV System – this is the best and quickest way to grasp what SEEV is
about!... – for windows and Internet Explorer users only
Press Release 23 July 2006 – version 18 - with
revisions and additions as of 7 March 2007 and 4 January 2009
Low-cost Tamper-proof
electronic voting for the 3rd world - SEEV
Elections
in the 3rd world are a major problem. SEEV is a new innovative concept which uses
entirely existing technologies (mobile phone sms and
TAN-envelopes) in conjunction with an external international processing center
to ensure that phantom voters, ballot-box stuffing, count fraud etc are a thing
of the past. And the cost of this
electronic voting should be less than present-day paper voting systems. SEEV
could hold its first election within 6 months of project go-ahead.
http://www.cd3wd.com/SEEV/SeevPPT.htm
- a power-point presentation of the SEEV System – this is the best
and quickest way to grasp what SEEV is about!...
Postscript 7 December 2008
After the
electoral fiascos of Nigeria, Kenya and Zimbabwe, I had hoped that the
International Community, who love democracy so much, would
have fought their way to my doorstep bearing armfuls of money to fund this
project. But no….. Therefore I am requesting donations – http://www.cd3wd.com/donation/ - with
which this project can go forwards.
Without meaningful money, this thing will go nowhere….
UN
Declaration of Human Rights - http://www.un.org/rights/50/decla.htm
Article 21.
(1)
Everyone has the right to take part in the government of his country, directly
or through freely chosen representatives.
(2)
Everyone has the right to equal access to public service in his country.
(3) The
will of the people shall be the basis of the authority of government; this
shall be expressed in periodic and genuine elections which shall be by
universal and equal suffrage and shall be held by secret vote or by equivalent free
voting procedures. (my italics)
It is a
known but under-appreciated fact that corruption is a major obstacle to
economic, social and human development in the 3rd world. It is known also that most if not
all 3rd world elections are problematic, but Conventional Wisdom
dictates that the efforts of the Carter Center, EU and others in stationing external
election observers largely solves this problem;
It does NOT.
The only
way to ensure that 3rd world governments bow out when the will of
the people is against them is to make the election voting, vote counting and
vote count aggregation processes run wholly by external parties (e.g. a
UN-related or other independent Global Electoral Commission – GEC).
The problem
with that scenario is that the cost and logistics of a worldwide mobile caravan
could easily challenge the most organized organization and could break anyone’s
bank.
So why not
take advantage of modern technology to solve the problem, with the following
requirements:
-
the
national government must not have any idea of how any single individual voted
-
each
individual who voted must have some kind of confirmation that their vote for a
certain candidate was indeed processed as a vote for that candidate and not as
a vote for any other candidate
Of course
national governments will still try to cheat by not registering voters, by giving
their supporters multiple votes, by creating phantom voters, but even some of
these methods of cheating can probably be addressed by a high-tech, low-cost
solution.
A promising
technique is to use mobile phone SMS (text) messaging. My proposed system would work as follows:
-
each voter is issued a PIN- and TAN-number
envelope, with secret numbers inside which are valid for the impending election
only. On the outside of the sealed VE
(voters envelope) there is a unique voters ID number (e.g. for Zimbabwe it may
be like 263 999 999 999,
with 263 designating the country, and there being enough digits for about 200
times the actual number of registered voters).
Note that the VE has the UVN in normal number representation and also in
barcode format, so that it can be accurately read and logged at the time of VE
distribution.
-
the
candidates each have a 4-digit number, say 0001 through 9999 (in some elections
there may be that number of candidates; although in presidential elections the
candidates who matter are usually 2 in number).
The Candidate Number (CN) of each candidate is highly publicized and
cannot be changed by the sitting government at any time, and especially not
close to the election itself. Indeed the
CN will be prominently displayed on all election posters for that candidate.
-
On
the day of voting each voter uses his or her voter’s envelope (or better still,
a pen-and-paper copy of all or only part of that envelope’s contents). There is an encryption grid.
Unique
Voter Number = 263 925 837 169 (repeated from the outside of the
envelope)
SEND
RECEIVE
|
1st
digit |
2nd digit |
3rd digit |
4th
digit |
1st
digit |
2nd digit |
3rd digit |
4th digit |
||
|
0 |
217 |
174 |
131 |
288 |
248 |
205 |
162 |
319 |
|
|
1 |
947 |
904 |
861 |
818 |
978 |
935 |
892 |
849 |
|
|
2 |
833 |
790 |
747 |
704 |
864 |
821 |
778 |
735 |
|
|
3 |
267 |
224 |
181 |
138 |
298 |
255 |
212 |
169 |
|
|
4 |
183 |
140 |
997 |
554 |
214 |
171 |
128 |
585 |
|
|
5 |
569 |
526 |
483 |
440 |
600 |
557 |
514 |
471 |
|
|
6 |
933 |
890 |
847 |
804 |
964 |
921 |
878 |
835 |
|
|
7 |
102 |
959 |
916 |
873 |
133 |
990 |
947 |
904 |
|
|
8 |
384 |
341 |
298 |
255 |
415 |
372 |
329 |
286 |
|
|
9 |
778 |
735 |
692 |
649 |
809 |
766 |
723 |
680 |
The above
grid is used as follows:
If you
choose the candidate 0001, then send a message as follows:
263 925 837
169*217 174 131 818
Soon after
sending, you should receive a confirmation message which reads:
263 925 837
169*248 205 162 849
Similarly,
the codes for candidate 9531 are:
263 925 837
169*778 526 181 818 (send)
and
263 925 837
169*809 557 212 849 (receive)
Note that every
grid for each one of the 5 million or 50 million or 500 million voter’s
envelopes is different, and that these number grids are effectively
one-time-pad encryption pads. The origin
of these printed envelopes is a computer database table, which is stored under
extremely high security at the IPC (and which is used to process the incoming
SMS messages at the time of voting).
You get
access to a mobile phone, you send an international SMS to the service center
number at the IPC (which is in Norway or Sweden – as a convention we will used
Sweden elsewhere in this document).
Since you chose candidate #1, you send 263 925 837 169*217 174 131 818
Note that
any and all erroneous, false or bogus sms’s are
logged and stored for later analysis by the Global Electoral Commission. 217 174 131 818
is the encrypted
vote, which is de-encrypted on the database server in Sweden to read candidate
#1.
Within some
minutes the phone you used should get a message back which reads:
263 925 837
169*248 205 162 849
This is
confirmation that the remote system received your vote and processed it for
candidate # 1 – if you don’t get any message in return or you don’t get the
message content 925 837 169*248 205 162 849, then something went wrong
somewhere – possibly due to your government fiddling with the process. You can resend several times, and hopefully
after 2 or 3 tries you get a successful confirmation.
OK – that
is an overview of how things will work.
Here follows some FAQ’s (frequently asked questions):
Q. In a typical 3rd world country, only 5% of the population has
a mobile phone. How do you get around that?
A. Sharing of one phone inside a family
and extended family, a neighbourhood, and the use of
mobile payphones and phone shops and kiosks..(these are widely prevalent in 3rd world
countries). In some remote rural areas,
international NGO’s may be kitted up to provide sufficient mobile phone service
for the voting period only. Satellite
phones provided by international NGO’s can be used in very remote areas.
Q. The question of getting that return/confirmation message could be a problem if
there are a lot of people queuing up to make their outward voting sms..
A. It is possible to have a virtual
phone number for receiving sms messages – checkout the
whole SAM concept at http://www.cd3wd.com/SAM/index.htm
. Additionally, all results could be
displayed on a website on a series of static webpages,
maintained by the IPC; these results could be reprinted by national newspapers
if they so wished.
Q. There are whole rural areas and remote regions of some 3rd world
countries with no mobile phone system or reception?
A. International development donors
could provide funds for the necessary infrastructure to rectify that situation;
and/or a paper vote could be necessary for those areas only. It should be possible for voters to travel
(typically walk) up to 10 km to get to a mobile phone reception zone. Additionally, national government regulation
of MPP’s could require that between them the various MPP’s inside the country
should effectively subsidise remote communities from
the proceeds of their urban operations, so as to install the necessary
infrastructure for nationwide coverage.
Q. How do you handle a country like Malawi, where only 1% or less have mobile
phones, and despite concentrated populations, then reception away from main
roads does not exist?
A. This requires 2 parallel programs – Malawi
and similar countries require a ‘phone-aid’ program (similar to the 1985 BandAid) to donate ‘obsolete’ Nokia 3310 and 1100 phones
and similar from advanced countries like UK and Germany free of charge to rural
and urban communities and individuals.
This is a great cause for Bob Geldof and Bono,
especially when linked to democratic voting and to economic development. The other side is that donors and commercial
MPP’s must input funds to install infrastructure and mobile masts, which must
be network-independent – i.e. they must operate with all commercial networks… Note that the retail price of new handsets is
typically US$ 75 even for the most basic, whereas the cost of a mobile line SIM
card in most African countries is usually less than US$ 1; therefore the
handset cost is the bottleneck, not the line (SIM Card) cost.
Q. What about REALLY remote areas which cannot justify mast erection?
A. Use Thuraya, Iridium or other satellite or gsm/satellite
dual systems to effect the voting process – NGO trucks will turn up at voting
week with banks of these phones to allow the extremely remote areas to exercise
their democratic rights.. And here,
people must be prepared to walk 20 km (not the usual 10 km) in order to vote…
Q. What about the ability of old people to understand the grid concept to
do the ‘simple’ encryption?
A. Since voting will no longer be
location-dependent, and may be scheduled to take place over a 7-day period,
then it should be possible for the (grown-up) children and/or grandchildren to
travel to the grandparents to assist them in the voting process, even although
they are not in the same Constituency.
Alternatively, people from the rural areas can travel to their relatives
in the urban areas for the week of voting.
In any case, there will have to be some voter education prior to the
election (and maybe even a trial or pilot election with bogus candidates, in
order to determine the percentage of problems which would occur in the real
election).
Q. Why should we have the Norwegians or
Swedes run this system and not the
Americans or the British?
A. The Americans and British have a credibility
problem with some or even many 3rd world governments.
Q. Why is the encryption so simple? Can it
not be cracked by malicious governments?
A. It needs to be simple so that the codes can
be calculated by a person with low or zero education and low numeracy. It is uncrackable
because it is a ‘one-time-pad’ system.
Q. What happens if you do not after some time receive a returned code/ confirmation?
A. You should resubmit the same message again –
doing so may be logged as an error or a malicious action, but the system will
also send out a second confirmation message (identical to the first).
Q. What about the cost of all these SMS’s?
A. Sending all SMS to that IPC number will be
free of charge – that will be programmed into the national MPP (mobile phone
providers) systems… This will apply only for the day or the week of
voting. The GEC will of course fund all
confirmation SMS’s outgoing from the IPC.
Q. How
long should voting be allowed for?
A. If meddling and sabotage by the sitting
government is suspected/expected, then best to allow
several days or even one week for the process, with constant management of the
process by the GEC, mainly to make sure that enough people are seen to be
voting. If intimidation and vote-buying
is seen to be a serious threat then maybe allow voting to take place over a 3-6
month period (trickle-voting).
Q. Who
distributes the VE’s?
A. This could be a local operation of the GEC –
if the sitting government is judged hostile to a fair process, one of its tools
will be to make it difficult or impossible to get a VE, and/or they will mix-up
and/or sabotage the process of allocating VE against National ID Number. Therefore VE’s could be distributed
effectively by NGO’s against show of ID and against having the ID photo match
the person who presents it. When
National ID’s also have biometrics (e.g. fingerprint) then that could be used
by the VE issuing authority (VEIA) as a cross-check. I am planning that VE’s are distributed over
a 6-month period up to the election.
Ideally the staff who distribute the VE’s do not include even one
in-country national.
Q. What
about lost or compromised VE’s?
A. Cancel those on the computer and issue a
whole new VE (a different UVN - again against National ID Card). This should possibly be a chargeable process,
so as to discourage carelessness and time-wasting.
Q. What about intimidation to confiscate people’s VE’s, and attempts to buy
people’s VE’s?
A. We have excellent strategies for that, but
choose not to outline them at this point in time, so as to give the bad guys
more self-confidence (the strategy is actually outlined below towards the end
of this document).
Q. Technical
points regarding VE’s and UVN’s?
A. UVN’s do not become validated in the GEC
Computer System until they are linked to a National ID Card. Therefore there is less possibility of rogue
governments to grab wads of VE’s and submit them (probably electronically and
automatically) during the voting period.
For this reason, the scenario where VE’s are
distributed by the GEC or by GEC-related and GEC-vetted NGO’s is probably
critical to SEEV.
Q. What
about backward countries like the UK which
do not have National ID Cards?
A. Such countries might use their postal system
to distribute the VE’s.
Q. What
about the Privacy of the Vote?
A. The SEEV concept is flexible. It should be possible to organize polling
stations with polling booths, each with its captive (tied-down) mobile phone,
where voters can choose to go to vote ‘in secrecy’. But one must realize that in many countries,
and especially outside the main cities and towns, such a system would be abused
by the sitting government and their local representatives to force people to
vote for them. Note that this is only a
possibility, which should be decided against in any and every country where the
remotest whiff of electoral fraud hangs in the air.
Q. What
about the timing of the distribution of
the Voters Envelopes?
A. In theory (and once again, this is a sop to
the conservative elections experts), the VE’s could be distributed at the
polling stations by the ‘Independent’ National Electoral Commission. But I maintain that this opens the public yet
again to abuse by the sitting government; SEEV is designed specifically to
remove such abuses.
Q. How do we counter deliberate mistakes regarding constituency perpetrated by
the sitting government to disenfranchise voters?
A. We make it possible for voters to vote either
for a party or for a candidate. The parties standing will each have a virtual
candidate number, and these numbers will not be allocated to candidates as
such. Anyone voting for one of these
party numbers will then automatically have their vote allocated to the
candidate in the constituency to which the electoral register allocates
them. This will ensure that trickery and
voter movement by the electoral commission does not disenfranchise the
voter. Additionally, the electoral
register will be frozen and published several weeks before the election. Possibly an SMS-based enquiry and response
service should be set up and operated during those last few weeks after the ER
Freeze so that people can confirm the candidates for whom they are entitled to
vote.
Q. What other
measures should be taken by the GEC to ensure fairer elections?
A. Mass issue of free low-cost short-wave
transistor radios some weeks or months before the election; external broadcasts
by opposition candidates on short-wave radio; commandeering of the local radio
and/or TV network at certain week and daytimes by the GEC in the run-up to the
election; close scrutiny of the voters roll for months before the election;
putting the voters roll on the internet from Sweden; political radio and/or TV
phone-in programs, etc etc etc
Q. Can
SEEV handle spoiled votes?
A.
There can be one of the candidate numbers which is allocated to be a
‘virtual spoiled vote’ (VSV) – i.e. persons voting for that number will be
‘wasting’ their vote, but those VSV’s will be counted by the system and issued
with the election results. Similarly, in
the event that a popular candidate is disqualified for whatever reason (e.g.
imprisoned on charges of fraud or homosexuality, or killed by state agents or
unknown assailants), then the GEC will probably allocate a ‘virtual candidate
number’ (VCN) to that would-be candidate, and voters can vote for that person,
although their vote will once again be effectively ‘wasted’; however that candidates total of VCN
Votes (VCNV) will be announced by the
GEC with the election results. In
technical terms, all VCNV’s will be subsets of VSV’s.
Q. Who
processes the election results?
A. All processing is done at the GEC, with zero involvement
of any and all persons with nationality and/or other connections to the country
whose election is being processed.
Results are announced from the GEC through internet, television and
radio linkup to the subject country.
Probably a live televised press conference is run for every election
result announcement. Only enough
aggregate information is released to the government and to the people of the
subject country as is deemed necessary and/or reasonable (so as to avoid
revenge and/or attacks on certain towns and regions by a deposed government /
political party and their militias).
Q. Is the
vote processing auditable?
A. Yes –
the initial data file which corresponds to the numbers on the Voters’ Envelopes
can be copied and stored under high security with the chosen auditors (e.g. one
of the major international auditing companies such as Price Waterhouse
Coopers). The program(s) which processes
the data can also be copied onto CD or DVD or external hard drive and stored
similarly. Then, the file which is the
result of the distribution of the Voters’ Envelopes is also stored. Finally, the incoming sms
voting messages are stored in a giant text file, which can also be copied and
given to the auditors. The auditors can
then set up the program to run the incoming sms
voting messages against the Voters’ Envelope file, which should produce an
exact copy of the result as announced by the Data Processing Center of the
GEC. The program(s) can also be analysed by the Auditors to ensure that there is no false
code which favours any candidate or party over any
other.
Q. Does SEEV have advantages for conflict
areas?
A. Most definitely – in many conflict areas,
there are armed groups who are out to kill and/or maim those who dare to
vote. The act of physically going to a
paper-based voting center can be literally taking one’s life in one’s
hands. SEEV eliminates that process.
Q. Will
this scheme be welcomed by 3rd world governments?
A.