FAQs on online elections

How do I access the online voting system?

You can access the voting system by clicking the following link:

https://sso.uni-muenster.de/IT/wahlen/kabine/wahlen_2023

In order to submit your vote, you must first verify your eligibility by entering your “CIT user ID” and the corresponding password.

If you do not know your user ID or password, click the following link to request this information:

https://www.uni-muenster.de/IT/services/nutzerverwaltung/passwortvergessen.html

How should I handle my CIT user ID and password?

Like all personal information, the authentication data required to conduct the election (your CIT user ID and corresponding password) must be handled responsibly. It is the responsibility of every eligible voter to protect their authentication data from third parties so that the electoral balloting process can take place in a legitimate manner. Therefore, you should not share your data with anyone else – even with other eligible voters.

How do I obtain my election documents?

Eligible voters are granted access to their digital “election documents” after logging into the electronic voting system. They consist of the affirmation in lieu of oath and the electronic ballot.

Do I need any special Internet expertise to vote online?

No special knowledge of the Internet is required. The online election functions like any other Internet webpage. Completing the electronic ballot is as straightforward as filling out an analogue paper ballot.

How do I hand in my electronic ballot?

When you click the link and log into the voting system, simply follow the instructions on the screen. You will be directed to the election portal operated by our service provider Electric Paper. There you will find specific instructions on how to submit your electronic ballot.

Where do I find the list of nominated candidates?

The electoral nominations are available here:
https://www.uni-muenster.de/imperia/md/content/wwu/wahlen/wahlen/wahlvorschlage_stand_11.05.23.pdf

What kind of voting system is the University of Münster using to conduct the online election?

The University has commissioned the external service provider Electric Paper (www.electricpaper.de) to carry out the online election.

The election is being administered with the voting system “uniWAHL OWS”:
https://wahlen-organisieren.de/startseite/uniwahl-online-wahlsystem/

As an eligible voter, will my data be shared with the external service provider?

No, voter data is only sent to our service provider in pseudonymised form.

How is the voter data anonymised by the voting system?

According to protocol, at no point during the election are the voters’ identities transmitted in unencrypted, non-anonymised form to or from the voting system “uniWAHL OWS” by Electric Paper. The online voting system only uses pseudonymised voter IDs and their respective authentication codes. The system is told which ballot is to be delivered to which person.

When the user logs into the voting system with a pseudonymised ID, a temporary key is created which temporarily links the digital ballot box and the voter rolls. Because the authentication system and digital ballot box operate as independent modules, the system ensures that votes and voters are administered separately.

In other words, at no time during the election can the system establish a connection between the voter and their vote based on their personal data or other information.

Can a voter’s identity be determined upon submitting the ballot?

No, there is no way to infer or trace a person’s identity when they submit the ballot; the information is transmitted to the voting system entirely in encrypted form.

What are the system requirements to ensure my vote is properly submitted?

All you need is a device with Internet access and a browser.

Make sure that you have a stable Internet connection for as long as you are logged into the system and throughout the ballot submission process.

What kind of device do I need for voting electronically?

You can vote electronically via a PC/notebook or mobile device (e.g. smartphone, tablet etc.), provided that you are using the latest version of your browser. The system only supports the latest browser versions.

Do I need any special software to use the online voting system?

No special software is necessary. All you need is Internet access and a browser on your device.
When you participate in the election, please use a computer (or mobile device) which automatically updates its operating system, web browser and virus scanner, if applicable. The system supports Windows, Max, Linux, iOS and Android.

The only technical requirement for registering and participating in the election is an updated commercial Internet browser. The system recognises the latest version of most commonly used browsers. The required HTML standard is supported in the following browsers: Safari, Chrome, Opera, Edge, Firefox, Samsung Internet Browser (based on Chromium).

In order to take full advantage of its functionality, you must activate Javascript and allow cookies and the minimum screen size.

Important: You cannot do anything wrong because the software checks the technical requirements before allowing you to enter the election portal (digital voting booth).

Why do I have to allow cookies to use the voting system?

Cookies are used to temporarily support the voting system and should be allowed in your browser. These so-called “session cookies” are automatically deleted after closing your browser. “Tracking cookies”, on the other hand, like the ones many websites use to follow users’ online activities, are not created by the system.

My browser keeps showing me the error message “Your connection is not secure”. What should I do?

This message is probably appearing because your browser version is outdated. Install the latest update or switch to a different browser.

How long does the voting process take?

From a technical standpoint – and depending on the length of the ballot – it takes about one minute to vote.

Is there a time-out function?

After logging in, you have 15 minutes to place your vote before the system automatically logs you out for security reasons. If you haven’t managed to submit your vote within that space of time, you can simply log in again.

What happens if I don’t press “confirm” to submit my ballot, or if close my browser prematurely?

In this case, the procedure would terminate without your vote being submitted. You would have to log in again and restart the voting procedure. The system does not save your data intermittently in a buffer.

How do I ensure the secrecy of my ballot?

To ensure that your vote is truly secret, make sure you are unobserved when filling out your ballot(s).

Is ballot secrecy ensured even when voting online?

Yes, the election software guarantees ballot secrecy.

In the online election, there is absolutely no link that exists between the voter’s data and their submitted ballot. In other words, it is impossible to derive one’s identity based on the submitted ballot.

The pseudonymised voter registration list, however, does get updated as soon as the eligible voter has submitted their ballot. This prevents the voter from voting repeatedly in the same election.

Is the voting process secure with the online voting system?

Yes, the voting software “uniWAHL OWS” operated by our service provider Electric Paper meets the specifications of the European Council and is orientated on the internationally recognised Common Criteria security profile. This is a key component of the security criteria established by the Federal Office for Information Security (BSI). The security profile for secure online voting products is based on the principle of free, equal and direct elections as guaranteed by the German constitution. Your vote is secure. Compliance with the electoral principles is ensured with the application of cryptographic and mathematical methods (ElGamal homomorphic encryption, universally verifiable MixNet, zero-knowledge correctness proofs etc.). Furthermore, your vote is encrypted in the client’s device before any data is transmitted.

All communication takes place via secure data transmission protocols.

No connection or link is ever established between the voter’s ID and the ballot. Consequently, there is no way to determine a voter’s identity after their vote has been submitted.

Is it possible to submit an invalid ballot?

Yes, your ballot may be marked invalid if you submit a blank ballot or vote for too many candidates, or if the ballot is already marked invalid.

What happens if I place more votes than the maximum number allowed?

During the voting process, the voting system monitors whether the number of votes you place corresponds to the number stipulated in the electoral rules. The number of votes you have already placed is displayed on the screen. However, it is possible to deliberately place invalid votes or intentionally tick too many boxes, which would render your ballot invalid.

Before you submit your ballot, the integrated “haste guard” shows you once more whom you have voted for and the status of your ballot so that you can make corrections if necessary.

How does the voting system prevent data from getting lost?

The basic security requirements are covered by the hosting partner via ISO 27001 certification. Deutsche Telekom is the hosting provider used by the company Electric Paper. With the Open Telekom Cloud, Deutsche Telekom operates several structurally identical computer centres, on which it saves all data on parallel, dual-core servers. Additional precautions are taken, such as the use of redundant drives, rolling backups, fire protections, access controls, an uninterruptable power supply and multiple Internet connections. This model guarantees almost 100 per cent fail-safe operation (99.999 %). Therefore, uninterrupted access to your data is guaranteed at all times.

Data transmissions (voting data) between the client and server are executed using an encryption process and the transport layer security protocol TLS 1.2 or higher. Transactions at the application level are always executed in the form of a two-phase commit protocol (2PC).

Is the channel used for transmitting votes also encrypted?

Yes, and that multiple times. Encryption takes place at the application level prior to transmission. The company Electric Paper exclusively relies on TLS 1.2 or higher and uses an SSL certificate issued by the Bundesdruckerei/D-Trust. And finally, the data is additionally encrypted at the database and storage level via data-at-rest protection (DARP).

Can voters verify whether their vote is truly inside the digital ballot box?

The voting system “uniWAHL OWS” is configured to issue the voter a so-called “ballot locator” which confirms that the ballot has been deposited into the ballot box. After submitting the ballot, the voter receives a 2D barcode which allows for individual verification of the code in the system.

When the election is over and the digital ballot box is opened for public verification, the “ballot locator” can be used to verify that the vote was indeed counted in the final tally.

Please note: The system is legally prevented from issuing receipts which would allow voters to document their concrete vote. The “ballot locator” is only designed to indicate that a vote has been submitted, not to whom the vote was given. At no time is it possible to connect the ballot with the voter’s identity.

How and when are votes publicly tallied and presented to the University community?

The electronic election ends at the conclusion of the voting period (closure of the election portal). After the portal is closed, the digital ballot box is opened and counted by the electronic voting system. This procedure will be presented to the University community presumably on 15 June 2023 after 10 am on Zoom. Voters can request the Zoom meeting login data from the Election Office.

Can a recount be conducted for an online election?

Yes, after the portal is closed and the votes in the digital ballot box are tallied, a recount can be initiated within a defined period of time after the election. The data is then archived in an audit-proof manner and secured by the Election Officer.

How are the votes counted?

The election results are tabulated using election software (uniWAHL Core) in accordance with the allocation of seats based on d’Hondt.

Who certifies the election results?

The election results are certified by the Central Election Committee of the University of Münster.

What should I do if I have no Internet access or no device with which I would like to vote?

You have the possibility to visit the Universität Münster Election Office during office hours (Schlossplatz 2) and use the terminal provided especially for this purpose. If you wish to vote in this way, please make an appointment by calling +49 251 83-22107.

Is barrier-free participation in the online election possible?

The election portal offers accessibility for the visually impaired (in compliance with WCAG 2.0).

Is the voting system BSI-certified?

No, the voting system “uniWAHL OWS” by Electric Paper is not BSI-certified at the moment because there is currently no technically feasible way to certify the system. The validation mechanisms and criteria in use by BSI are based on the technological standards of 2008.
BSI itself has acknowledged this issue and voluntarily decommissioned some of its validation profiles. Electric Paper expects that new validation profiles will be available before the upcoming social elections in 2023. The topic of certification will be addressed again at that time.

For now, the general security and availability of the system is guaranteed by TÜV. Furthermore, as “open source” software, its code can be reviewed at any time. The TÜV certification and the penetration test were carried out in accordance with the provisions of BSI.
The voting system also meets all legal requirements put forth in the NRW Online Election Regulations of 20 May 2022.

 

Technical information about the voting system

The University of Münster has commissioned an external service provider, the company Electric Paper, to operate the election portal. The open-source variant of its software, “uniWAHL OWS”, is available for verification and public review at https://github.com/nvotes.

You can verify the identities of the participating websites yourself with the following list (certificates):

For the University of Münster:

SSO:

SHA-256-Fingerabdruck

6D 2B A3 A7 11 69 58 1D AC 2E 06 6D 78 33 CE B6 6C C8 8F 43 10 5E B7 5D A9 CF 32 48 60 39 57 99

SHA-1-Fingerabdruck

95 D4 67 2D 94 D1 5B 2E DB 99 EB 21 1D 43 E6 D6 36 78 74 C6

Xsso:

SHA-256-Fingerabdruck

37 81 E9 BF E1 2D 8C 82 1A 3A C1 54 A9 17 C9 12 82 40 83 E1 B6 75 60 14 17 15 91 BC C3 DE 3E C5

SHA-1-Fingerabdruck

D1 7A A1 09 6F 4A 1D BE A5 B0 63 0D 56 A6 7A DB 80 7A 58 20

 

For Electric Paper:

uni-muenster.gremienwahlen.de:

SHA-256-Fingerabdruck

8E 77 C3 F7 41 31 89 77 FB A0 80 0E 70 C4 84 C3 69 2D D9 AF 05 65 57 0C 80 47 BB 50 9D 36 DD 7E

SHA-1-Fingerabdruck

6E A2 85 6A 7A D0 99 71 09 87 71 A5 19 11 77 C6 0C A1 55 D9