Online voting security

We don't say so, our auditors say so.

Cybersecurity is our raison d'être. That is why every year AENOR audits us for compliance with the ISO27001 information security standard. But in Kuorum we go a step further and we are spearheading in R & D for greater protection of our customers.

Request a demo
secure online voting
Security
History of online voting

Electronic voting is a mature technology that has been with us since the 1960s. Online voting, a variant of electronic voting over the Internet, has seen its use spread for private purposes since the beginning of this century, even being used in several presidential elections in countries such as Estonia.

The technology that supports online voting systems is complex. But our goal is to make your life easier. So we are going to try to explain how it works as simply as possible.

Parallels with postal voting by mail

The great challenge of online voting is not to replace face-to-face voting, but to serve as an alternative to postal voting: a more efficient, economical and sustainable alternative. That is why, when we talk about security in online voting, we must establish the security of postal voting, with its virtues and vices, as a yardstick. 

Confidentiality, anonymity, integrity, availability, authenticity or traceability are the characteristics to which we must pay attention in both cases. Below, we explain what each one means. And in the next section we describe how we take care of all of them at Kuorum. If at some point you get lost, we recommend that you try to find an analogy with postal voting. That's the best way to understand it. Let's get to it!

The 5 pillars (+1) of information security

In an increasingly digitalized world, cybersecurity (or information security) is of vital importance. Banks, healthcare companies and public administration, among others, handle very sensitive information and must follow certain guidelines when managing this data to prevent risks and mitigate the impact of possible security breaches. 

If you work in any of these fields, you are probably familiar with the 5 pillars of information security: CIATA (confidentiality, integrity, availability, traceability and authenticity). Well, in the online voting sector we must add one more pillar: anonymity. And so, to the 5 previous pillars (CIATA) we must add the pillar of anonymity (CIATAA). To achieve this, we use cryptographic algorithms as we will explain below.

Continue reading
Read less
CIATAA

If you have read the basics in the previous section, then you already know that CIATAA stands for the 6 pillars of information security for online voting technologies. Below, we explain how we secure each of these 6 pillars at Kuorum. The security levels we describe below correspond to the state of the art in online voting and are used in private electoral processes around the world. 

Confidentiality

In Kuorum we use cryptography to ensure that no one, not even us, has access to the information of the votes cast with our technology. For this we use, among other mechanisms: End-to-end encryption, encryption in transit and at rest, asymmetric key encryption and a Zero-trust architecture. If you want to know more, you can contact our engineering team.

Integrity

No one is capable of altering the results of a vote. This is what in electoral jargon is called avoiding the "pucherazo". For this we use: Digital signature, immutable logs and Distributed Ledger Technologies (DLT).

Availability

We assure our customers full service availability under peak loads thanks to our scalable architecture based on micro and nano services. In addition, we perform penetration tests and emulate disaster scenarios on a regular basis.

Authenticity

Also known in computer jargon as "non-repudiation". The way we identify voters is key. With Kuorum's technology, it is the administrators of each ballot who choose the level of identification security they require for their ballots. Our most demanding customers apply multi-factor authentication (MFA).

Traceability

Also known as auditability or end-to-end verifiability . This is to ensure that the voter and/or an auditor can attest to what has occurred in the process; of course, respecting the condition of anonymity.

Anonymity

Not all voting using our technology requires an anonymous vote. But, for those that do, we apply homomorphic asymmetric cryptography and mixing.

Continue reading
Read less

In the basic concepts and state of the art sections, we have explained the 5 pillars of information security (CIATA) and the 6 pillars of information security in the field of online voting (CIATAA). At Kuorum we have implemented an Information Security Management System (ISMS) based on continuous improvement to prevent CIDATA risks. And every year AENOR audits our system to verify that it complies with ISO/IEC 27001/2014, the international standard for information security (download our ISO 27001 certification here or consult it on the accredited certifying company page).

This certification is based on a Statement of Applicability (SoA) with 114 checkpoints, including not only technical aspects but also human and organizational aspects. Many of the screening processes of the IT departments of large companies have long questionnaires with questions on cybersecurity for their suppliers that coincide precisely with these 114 points. Therefore, we are able to reduce procurement times for all types of private and public organizations.

In addition to this certification, Kuorum has an Integrated Quality Management System also based on continuous improvement and also audited annually by AENOR in compliance with ISO 9001 quality management. This certification is only a guarantee of our obsession to put the customer at the center of all our operations. That is why Kuorum is the most usable tool on the market and continues to evolve with feedback from our customers (download our ISO 9001 certification here or consult it on the accredited certifying company page).

At Kuorum we apply the security-by-default methodology, which involves thinking from a cybersecurity point of view from the stages prior to product conception.

Kuorum works with agile methodologies such as Scrum, a work philosophy based on short and incremental iterations. The customer is at the center of all our operations, from the initial research to the release and testing of new features in the test environment and its subsequent deployment to production. 

The combination of these two methodologies allows us to offer a product that is both secure and usable. Something totally revolutionary in the online voting sector.

As we have told you in the basic concepts and state of the art sections, online voting is a complex field in which different disciplines of mathematics, computer science, security, law or sociology come into play. Universities and technology centers around the world are developing research projects on cryptography, cybersecurity, quantum computing or international law that have a direct impact on our sector.

In Kuorum we collaborate with universities and researchers internationally to lead advances in the field of cryptography. If you want to know more or if you are interested in collaborating with us, please contact our engineering team.

Is Kuorum's technology safe?

Yes, but don't trust us just because we say so, but because of our certifications. Remember that certifications must be issued by accredited certifying entities, such as AENOR. If you are comparing suppliers, always ask for the official certificate documents and check that the information matches that of the accredited certifying company's website.

Can you help me with the implementation of the platform?

We have several levels of service depending on the guarantees and support you need. The basic level of service is self-managed. In the other levels, our support team takes care of everything to make your vote a success.

Does it require any kind of installation or maintenance by us?

No, Kuorum is a software as a service (SaaS) in the cloud.

Is the Kuroum technology usable?

Kuorum is the most usable tool on the market. Our incident rates are below 1% with voter populations of all ages.

Do you provide 24/7 support?

Yes, with your service you can hire support hours outside office hours or on weekends.

Do you provide voter assistance?

Yes, our premium service level includes telephone attention to your voters through a standard rate phone.

Can I vote from anywhere in the world?

Yes, we have served voters in more than 150 countries.

Do my voters need to have an email address to vote?

No, there are several voting streams with different levels of identification security and it is possible to configure a ballot to support voting by participants without e-mail.

Do my voters need to have a cell phone to vote?

No, there are several voting streams with different levels of identification security and it is possible to configure a vote to support voting by participants without a cell phone.

Can online and in-person voting be combined?

Yes, it is the most frequent.

Is the vote secret?

Yes, the voting configuration in Kuorum is very versatile and also allows the secret ballot option.

Do you manage proxy voting?

Yes, voting with Kuorum supports proxy voting with and without voting instructions.

Do you have a weighted vote?

Yes, voting with Kuorum supports weighted voting.

What happens when a voter represents different people or societies?

The representative only needs to vote once and can distribute the votes of the different persons (or companies) among the different response options.

Who owns the voting data?

To the customer. Kuorum is merely a technology supplier.

Do you comply with data protection regulations?

Yes, we sign with all our clients a Data Processing Agreement in accordance with the RGPD and data protection regulations. In addition, as part of our certifications, we are audited every year for compliance with this standard.

Security
Security
Basic concepts
State of the art
Certifications
Methodology
Research
Frequently Asked Questions
History of online voting

Electronic voting is a mature technology that has been with us since the 1960s. Online voting, a variant of electronic voting over the Internet, has seen its use spread for private purposes since the beginning of this century, even being used in several presidential elections in countries such as Estonia.

The technology that supports online voting systems is complex. But our goal is to make your life easier. So we are going to try to explain how it works as simply as possible.

Parallels with postal voting by mail

The great challenge of online voting is not to replace face-to-face voting, but to serve as an alternative to postal voting: a more efficient, economical and sustainable alternative. That is why, when we talk about security in online voting, we must establish the security of postal voting, with its virtues and vices, as a yardstick. 

Confidentiality, anonymity, integrity, availability, authenticity or traceability are the characteristics to which we must pay attention in both cases. Below, we explain what each one means. And in the next section we describe how we take care of all of them at Kuorum. If at some point you get lost, we recommend that you try to find an analogy with postal voting. That's the best way to understand it. Let's get to it!

The 5 pillars (+1) of information security

In an increasingly digitalized world, cybersecurity (or information security) is of vital importance. Banks, healthcare companies and public administration, among others, handle very sensitive information and must follow certain guidelines when managing this data to prevent risks and mitigate the impact of possible security breaches. 

If you work in any of these fields, you are probably familiar with the 5 pillars of information security: CIATA (confidentiality, integrity, availability, traceability and authenticity). Well, in the online voting sector we must add one more pillar: anonymity. And so, to the 5 previous pillars (CIATA) we must add the pillar of anonymity (CIATAA). To achieve this, we use cryptographic algorithms as we will explain below.

Continue reading
Read less
CIATAA

If you have read the basics in the previous section, then you already know that CIATAA stands for the 6 pillars of information security for online voting technologies. Below, we explain how we secure each of these 6 pillars at Kuorum. The security levels we describe below correspond to the state of the art in online voting and are used in private electoral processes around the world. 

Confidentiality

In Kuorum we use cryptography to ensure that no one, not even us, has access to the information of the votes cast with our technology. For this we use, among other mechanisms: End-to-end encryption, encryption in transit and at rest, asymmetric key encryption and a Zero-trust architecture. If you want to know more, you can contact our engineering team.

Integrity

No one is capable of altering the results of a vote. This is what in electoral jargon is called avoiding the "pucherazo". For this we use: Digital signature, immutable logs and Distributed Ledger Technologies (DLT).

Availability

We assure our customers full service availability under peak loads thanks to our scalable architecture based on micro and nano services. In addition, we perform penetration tests and emulate disaster scenarios on a regular basis.

Authenticity

Also known in computer jargon as "non-repudiation". The way we identify voters is key. With Kuorum's technology, it is the administrators of each ballot who choose the level of identification security they require for their ballots. Our most demanding customers apply multi-factor authentication (MFA).

Traceability

Also known as auditability or end-to-end verifiability . This is to ensure that the voter and/or an auditor can attest to what has occurred in the process; of course, respecting the condition of anonymity.

Anonymity

Not all voting using our technology requires an anonymous vote. But, for those that do, we apply homomorphic asymmetric cryptography and mixing.

Continue reading
Read less

In the basic concepts and state of the art sections, we have explained the 5 pillars of information security (CIATA) and the 6 pillars of information security in the field of online voting (CIATAA). At Kuorum we have implemented an Information Security Management System (ISMS) based on continuous improvement to prevent CIDATA risks. And every year AENOR audits our system to verify that it complies with ISO/IEC 27001/2014, the international standard for information security (download our ISO 27001 certification here or consult it on the accredited certifying company page).

This certification is based on a Statement of Applicability (SoA) with 114 checkpoints, including not only technical aspects but also human and organizational aspects. Many of the screening processes of the IT departments of large companies have long questionnaires with questions on cybersecurity for their suppliers that coincide precisely with these 114 points. Therefore, we are able to reduce procurement times for all types of private and public organizations.

In addition to this certification, Kuorum has an Integrated Quality Management System also based on continuous improvement and also audited annually by AENOR in compliance with ISO 9001 quality management. This certification is only a guarantee of our obsession to put the customer at the center of all our operations. That is why Kuorum is the most usable tool on the market and continues to evolve with feedback from our customers (download our ISO 9001 certification here or consult it on the accredited certifying company page).

At Kuorum we apply the security-by-default methodology, which involves thinking from a cybersecurity point of view from the stages prior to product conception.

Kuorum works with agile methodologies such as Scrum, a work philosophy based on short and incremental iterations. The customer is at the center of all our operations, from the initial research to the release and testing of new features in the test environment and its subsequent deployment to production. 

The combination of these two methodologies allows us to offer a product that is both secure and usable. Something totally revolutionary in the online voting sector.

As we have told you in the basic concepts and state of the art sections, online voting is a complex field in which different disciplines of mathematics, computer science, security, law or sociology come into play. Universities and technology centers around the world are developing research projects on cryptography, cybersecurity, quantum computing or international law that have a direct impact on our sector.

In Kuorum we collaborate with universities and researchers internationally to lead advances in the field of cryptography. If you want to know more or if you are interested in collaborating with us, please contact our engineering team.

Is Kuorum's technology safe?

Yes, but don't trust us just because we say so, but because of our certifications. Remember that certifications must be issued by accredited certifying entities, such as AENOR. If you are comparing suppliers, always ask for the official certificate documents and check that the information matches that of the accredited certifying company's website.

Can you help me with the implementation of the platform?

We have several levels of service depending on the guarantees and support you need. The basic level of service is self-managed. In the other levels, our support team takes care of everything to make your vote a success.

Does it require any kind of installation or maintenance by us?

No, Kuorum is a software as a service (SaaS) in the cloud.

Does it support integration with third-party identification services?

Yes, we integrate with third party identification services through SAML and OAuth2 if you need it.

Is the Kuroum technology usable?

Kuorum is the most usable tool on the market. Our incident rates are below 1% with voter populations of all ages.

Do you provide 24/7 support?

Yes, with your service you can hire support hours outside office hours or on weekends.

Do you provide voter assistance?

Yes, our premium service level includes telephone attention to your voters through a standard rate phone.

Can I vote from anywhere in the world?

Yes, we have served voters in more than 150 countries.

Do my voters need to have an email address to vote?

No, there are several voting streams with different levels of identification security and it is possible to configure a ballot to support voting by participants without e-mail.

Do my voters need to have a cell phone to vote?

No, there are several voting streams with different levels of identification security and it is possible to configure a vote to support voting by participants without a cell phone.

Can online and in-person voting be combined?

Yes, it is the most frequent.

Is the vote secret?

Yes, the voting configuration in Kuorum is very versatile and also allows the secret ballot option.

Do you manage proxy voting?

Yes, voting with Kuorum supports proxy voting with and without voting instructions.

Do you have a weighted vote?

Yes, voting with Kuorum supports weighted voting.

What happens when a voter represents different people or societies?

The representative only needs to vote once and can distribute the votes of the different persons (or companies) among the different response options.

Who owns the voting data?

To the customer. Kuorum is merely a technology supplier.

Do you comply with data protection regulations?

Yes, we sign with all our clients a Data Processing Agreement in accordance with the RGPD and data protection regulations. In addition, as part of our certifications, we are audited every year for compliance with this standard.

International award-winning software

The world's largest technology companies endorse us

This is how we can help you

Our clients get more participation with less effort

online voting security

"Kuorum is the kind of service we like to count on. It is ISO 27001 and 9001 certified and has exceptional support services. Our users congratulate us on our choice."

Juan Francisco
IT Manager at Remica
Read case study
Make collective decisions in a simple way

At Kuorum we help people around the world make collective decisions that matter. Tell us your goals and we'll tell you how we can help.

Request a demo
Legal validity
Lower emissions
Lower costs
Fewer incidents
Increased safety
More participation
Request a demo
Want to know more?

Tell us your situation and a consultant will contact you without obligation.

Contact us at
Contact

Tell us your situation without obligation and a consultant will contact you.

Valid number
We got your message!
We will contact you as soon as possible.
Oops, something is wrong, there is an error submitting the form.