INNOVATE

mGov4EU’s Pilot Project at Tartu University

Online Voting with eID and Wallet authentication

Having reached the last year of the EU-funded project mGov4EU, we are starting to conduct the pilots to demonstrate the technology that has been implemented during the project. At Scytl, as online voting experts, we are performing an online voting pilot together with a partner at the University of Tartu, in Estonia. The pilot has been divided into two phases, the first of which has already been conducted. In this article, we will explain the first phase and the lessons learned from it.

The online voting pilot integrates with several building blocks of the project. In the first phase we integrated the eID and Wallet authentication building blocks:

1. eID authentication: This building block enables a voter to authenticate themselves via eIDAS (electronic identification and trust services) using only mobile apps and a notified eID scheme. The standard procedure to authenticate with eIDAS is browser-based, thus the user is asked to select their country of origin and is then redirected to the identity provider of the user’s home country. Instead, with this building block, an app called eIDAS App pops up just when the authentication process starts and allows the user to select their country of origin. Then the eIDAS App appropriately redirects the user to its local identity provider. At that point, if the identity provider has an app, it also pops up seamlessly for the user.
2. Wallet authentication: This building block enables the voter to store several pieces of data, such as credentials, inside a virtual wallet implemented as a mobile app. The wallet complements the eID authentication building block; thus, a credential can be stored in advance within the wallet. In this case, the user can directly authenticate without the need to be redirected to the user’s local identity provider.

In the pilot there were some limitations that we knew about in advance. Namely that no real eIDs could be used, only the Android platform was supported, and that it was required to use biometrics.

We could not use real eIDs because it was not possible to integrate the system with a production Identity Provider, as it required changes to the production system that were not allowed. Consequently, we had to use a restricted number of test users for the participants of the pilot.

Concerning the limitation to only use Android, the reason behind it was that the integrated building blocks were only implemented as Android apps, thus only users with this platform could participate in the pilot. And regarding the biometrics, the apps included certain advanced security features to locally (in the phone) authenticate the user, i.e. the fingerprint reader and a hardware-backed keystore (a functionality of the smartphone used to securely store private information, such as credentials or cryptographic keys), that were only available in smartphones manufactured after 2018, approximately. This excluded some users that initially wanted to participate in the pilot, despite the fact that they had an Android smartphone.

In order to conduct the pilot, the following tasks, from technical to legal, had to be arranged:

• The aforementioned building blocks had to be integrated.
• The i-voting software had to be deployed in the cloud.
• Test users had to be setup (eID authentication) or created (wallet authentication).
• An election, with the questions, answers, dates, etc., had to be set up.
• An electoral roll, which is a list of users authorized to vote in the election, had to be created and uploaded.
• Consent forms for the user’s participation in the pilot needed to be written and then signed.
• Data protection agreements were written and signed among the partners that required them.

The first phase of the pilot finally took place in June 2023 at the University of Tartu, where a small election was organized among the university staff to decide on the preferred schedule of a regular departmental meeting. For this phase, the participants used their own personal phones. Some spare phones were also included as a contingency measure in case some of the personal phones did not work.

The participants were requested to come on a specific day and at a specific time to one of the university rooms where the pilot took place. The session started by linking test user identities with the actual smartphones of the participants. Two types of authentication were tested, some participants chose the eID-based authentication and others used the Wallet-based authentication. Later, after all the participants were authenticated, they could vote.

In conducting the pilot, we learned several lessons. The most relevant were the following:

• Not everybody uses smartphone biometrics: Initially we assumed that everybody would have the biometric features of their smartphones configured, or that the fingerprint of the user was set up to unlock their phone. But this was not a valid assumption. Several people did not have it enabled nor did they know how to use it. Thus, the general public cannot be assumed to have the knowledge of how to use these technologies, despite their usage being quite widespread.
• Not everybody agreed to use smartphone biometrics: Some people did not have biometrics enabled on their phones for privacy reasons. Biometric features are considered personal sensitive data by the EU GDPR. Thus, any user who does not want to use biometrics has arguments for their decision. However, it is also necessary to clearly explain to the users how their biometric features are used in these cases so they can make an informed decision. In this particular case, biometric features are only locally used. In other words, they are not stored in any server, just in the user’s smartphone for authentication purposes. Thus, despite the fact that they are sensitive personal data, they are never shared with anyone nor exported from the local device.
• Support had to be provided to the participants: The procedure to link the test user identities with the smartphones of the participants was not designed for the final user and it required support. This has to be improved or delegated to the staff in charge of doing the setup. In a real setting, this procedure is done by the issuers of the eIDs.

In summary, a first phase of the pilot with real users and test credentials was meant to demonstrate the eID and Wallet building blocks developed in the project. Overall, the pilot was successful, but some lessons need to be considered for the next phase.

This article was written by Jordi Cucurull (PhD), Cryptography Researcher at Scytl.