Democratic governments and organizations must have mechanisms for polling their members. Traditionally, elections have served as the official mechanisms for people to express their views to their governments, while surveys have augmented elections as unofficial --- but nonetheless valuable --- measures of public opinion. In both surveys and elections, privacy and security are usually desired, but not always simultaneously achievable at a reasonable cost. Mechanisms that ensure the security and privacy of an election can be time-consuming and expensive for election administrators, and inconvenient for voters. Conducting secure and private elections can become even more difficult when voters are geographically distributed.
Due to the rapid growth of computer networks and advances in cryptographic techniques, electronic polling is now a viable alternative for many non-governmental elections and surveys, and it is likely to become viable soon for governmental elections as well. Electronic polling over the Internet can be convenient for voters with easy access to networked computers, even if the voters are geographically distributed. In addition, electronic surveys and elections can be inexpensive to administer. However, if not carefully designed, electronic polling systems can be easily compromised, thus corrupting results or violating voters' privacy.
Following the work of Fujioka, Okamoto, and Ohta [10], we have designed a security-conscious electronic polling system called Sensus that can be used to conduct surveys and elections over the Internet. Sensus was designed primarily as a replacement for postal mail balloting systems; however, it is flexible enough to suit a variety of other polling applications, including those not feasible using traditional polling systems [8]. We have demonstrated that our implementation can be used to conduct small-scale elections. Furthermore, we believe our implementation could accommodate large-scale elections with minor modifications.
While there has been much theoretical discussion of secure and private electronic voting systems, most of the systems actually used for Internet polling ignore security and privacy issues. With polls becoming increasingly common on the World Wide Web, we believe it is important for people to be aware that security and privacy considerations need not be ignored. If these considerations are not addressed early, lay people are likely to view all secure Internet applications with skepticism. Our work has focussed on developing a practical security-conscious electronic polling system design that can be implemented and used for actual surveys and elections.
In this paper we present the Sensus design and implementation. In Section 2 we present our design goals, including a list of desirable properties for election systems. In Section 3 we detail the Sensus polling protocol, describing the role of each system component and comparing Sensus with other polling protocols. In Section 4 we evaluate Sensus and analyze the degree to which it satisfies the properties outlined in Section 2, and in Section 5 we present our conclusions.