Recommendations to OSCE/ODIHR (on how to give better recommendations for Internet voting)

TL;DR

This paper critically evaluates OSCE/ODIHR's recommendations for Internet voting, highlighting issues with feasibility, trade-offs, and the need for clearer definitions and criteria for properties like end-to-end verifiability.

Contribution

It provides a detailed critique of existing recommendations and suggests improvements such as explicit trade-off positions and precise definitions for security properties.

Findings

Some recommendations are impossible to fulfill.

Fulfilling certain recommendations involves complex trade-offs.

Clearer criteria are needed for properties like end-to-end verifiability.

Abstract

This paper takes a critical look at the recommendations OSCE/ODIHR has given for the Estonian Internet voting over the 20 years it has been running. We present examples of recommendations that can not be fulfilled at all, but also examples where fulfilling a recommendation requires a non-trivial trade-off, potentially weakening the system in some other respect. In such cases OSCE/ODIHR should take an explicit position which trade-off it recommends. We also look at the development of the recommendation to introduce end-to-end verifiability. In this case we expect OSCE/ODIHR to define what it exactly means by this property, as well as to give explicit criteria to determine whether and to which extent end-to-end verifiability has been achieved.