Key Benefits:
The Minister of Finance and Public Accounts, the Minister of Social Affairs, Health and Women's Rights and the Secretary of State for Budget,
See?Order No. 45-993 of 17 May 1945 relating to the public services of departments, municipalities and their public institutions;
Vu la Act No. 78-17 of 6 January 1978 amended on information and communication technology, files and freedoms, including Article 27, II;
Vu le Decree No. 2005-1309 of 20 October 2005 modified for application of Act No. 78-17 of 6 January 1978 related to computing, files and freedoms;
Vu le Decree No. 2007-173 of 7 February 2007 amended on the National Pension Fund for Local Government Officers;
Vu le Decree No. 2010-112 of 2 February 2010 modified for the application of 9,10 and 12 Order No. 2005-1516 of 8 December 2005 on electronic exchanges between users and administrative authorities and between administrative authorities;
Vu la deliberation No. 2010-371 of 21 October 2010 the National Commission on Informatics and Freedoms adopting a recommendation on the security of electronic voting systems;
Considering the advice of the National Standards Assessment Board dated 10 July 2014;
Vu the opinion of the National Commission on Informatics and Freedoms of 18 September 2014,
Stop:
In accordance witharticle 10 of the decree of 7 February 2007 referred to above, it may be used for the election of members of the Board of Directors of the National Pension Fund of Local Government Officers.
For this purpose, an electronic voting system is established under the conditions provided for by this Order.
I. - Internet electronic voting may constitute the exclusive modality of voting or any of its terms.
II. - The use of e-voting via the internet is organized in accordance with the fundamental principles that command electoral operations, including the sincerity of electoral operations, access to the vote of all electors, the secret of the ballot, the personal, free and anonymous character of the vote, the integrity of the votes cast, the effective monitoring of the ballot and the posteriori control by the judge of the election.
III. - When multiple voting methods are offered to electors, the terms and conditions offered must be identical for all electors who are called to participate in the same election.
I. - The implementation of the electronic voting system via the Internet is under the effective control of the Caisse des dépôts et consignations, under the conditions defined by this Order.
II. - The terms and conditions for the operation of the electronic voting system by the Internet, as well as the rules for the management, maintenance and the terms of expertise applicable to it, are fixed by this Order and by the documents transmitted to the National Commission of Computer Science and Freedoms.
III. - The design, management and maintenance of the e-voting system via the internet may be entrusted to a service provider selected by the Caisse des dépôts et consignations on the basis of a notebook of the terms of this Order.
IV. - The Caisse des dépôts et consignations is setting up a technical assistance unit to ensure the proper operation and monitoring of the electronic voting system via the internet. This cell, which includes representatives of the Caisse des dépôts et consignations, can be attached to the technical experts, including an independent expert.
V. - The confidentiality and security obligations referred to in the first paragraph I of Article 4 shall apply to all persons involved in the electronic voting system via the Internet, in particular to the agents of the Caisse of deposits and consignations in charge of the management and maintenance of the voting system and to those of the provider, if they have been entrusted to it.
I. - Internet electronic voting systems include physical and logical measures to ensure the confidentiality of the data transmitted, including the confidentiality of the files constituted to establish the lists of electors, as well as the security of the means of authentication, empowerment, registration and counting of votes.
The encryption and electronic signature algorithms must be known as "strong" public algorithms and be consistent with the principles enacted by the General Safety Reference (GRS).
II. - It is created two separate, dedicated and isolated automated treatments called the "electors file" and the "electronic urn".
For each election, the purpose of the voters' roster is to issue to each elector, from the voters' list, the identifier and password required for voting operations, to identify electors who took part in each election and to edit each voters' list.
For each ballot, the electronic ballot is intended to collect the votes cast. The data in each file is encrypted. They must not include a link to identify electors.
In the event of the use of the same voting system for several ballots, each of these ballots must be isolated on an independent computer system.
III. - Each internet electronic voting system has a backup device with the same guarantees and characteristics as the main system and capable of automatically taking over the relay in the event of a failure not causing any alteration of the data. In the event of an alteration of the data resulting, in particular, from a failure, viral infection or system attack by a third party, the polling stations have jurisdiction, after the technical assistance cell has advised, to take any action regarding the suspension, stopping or resumption of electronic voting operations.
Prior to the establishment or substantial modification of its design, the Internet electronic voting system is subject to independent expertise to verify compliance with the safeguards provided for in this Order. In accordance with deliberation No. 2010-371 of 21 October 2010 of the National Commission on Informatics and Freedoms, this expertise covers the entire system installed before the vote, the conditions of use of the voting system during the election, the conditions of use of the dedicated post referred to in Article 17 of this Order and the subsequent steps to the vote.
To conduct this expertise, the independent expert or the independent expert panel has access to the source codes of each voting system, the sealing and encryption mechanisms, the computer systems in place, the recording of events and anomalies, and the network exchanges.
As part of its missions, the independent expert has access to the various premises of the administration in which the elections are organized and to the premises of the contractors.
The report of expertise must be communicated by the Caisse des dépôts et consignations to the National Commission for Informatics and Freedoms.
The independent expert or independent expert panel must meet the following independence criteria:
1° Being an IT specialist in security;
2° Don't have any financial interest in the company that created the voting solution to expertise or in the company responsible for processing that decided to use the voting solution;
3° Have experience in the analysis of voting systems, if possible by having expertized electronic voting systems of at least two different providers;
4° Have followed the training provided by the National Commission on Computer Science and Freedoms on electronic voting.
Members of the polling stations and representatives of the candidate lists receive training on the Internet electronic voting system that will be used. Submission documents are provided to them.
The Caisse des dépôts et consignations is setting up a telephone support platform to answer questions from electors throughout the voting period and in accordance with the terms and times fixed by the order set out in the orderarticle 9-1 of the decree of 7 February 2007 referred to above.
The introduction of electronic voting and automated counting will be reported to the National Commission on Informatics and Freedoms.
The personal data categories recorded are:
1° Concerning the first four colleges: registration contract number at the National Pension Fund for Local Government Officers, full employer designation, employer status (hospital/territorial), full address, first four digits of the SIRET number;
2° Concerning the fifth and sixth colleges:
(a) For the lists of electors: registration number on the list of electors, surname followed, if any, of the name of use as well as the name(s), affiliate number for the fifth college and pension number for the sixth college;
(b) For the voters' file: surname or name of use, surname (up to two), gender code (H/F), full personal mailing address, year of birth, principal employer's registration contract number for the fifth college, affiliation contract number to the National Pension Fund of Local Government Officers or pension number for the sixth college;
(c) For the starting lists: data identical to those contained in the electoral list;
3° Concerning candidates:
(a) For the lists of candidates: name, name, date and place of birth, body or framework of employment of belonging, detainee status, employer institution (department number);
(b) For results lists: lists or acronyms, votes obtained and number of seats obtained.
The recipients or categories of recipients of this information are:
(a) For electoral lists: voters affected by the ballot, candidate organizations on the ballot;
(b) For the voters' file: each voter for the information about it;
(c) For the starting lists: members of the electronic voting office competent for the ballot concerned;
(d) For the lists of candidates: voters affected by the ballot, candidate organizations on the ballot;
(e) For the lists of results: voters, administration responsible for the implementation of electronic voting, members of the relevant electronic voting office.
In the event of a contestation of the elections, these documents are made available to the judge of the election.
A detailed information notice on the conduct of electoral operations and a means of authentication, consisting of an identifier and password, generated randomly, allowing to vote, is sent to each elector no later than 17 November 2014. This means of authentication is transmitted to it in terms of confidentiality.
In the event of a non-reception or loss of the voting identifier and password prior to the close of the ballots, the voter's request, the electronic reassignment of the means of identification and authentication shall be made. This reassignment will be effected by mail up to ten days prior to the close of the ballot and electronically up to twenty-four hours prior to the close of the ballot.
Requests are sent by mail, electronic or telephone.
The information contained in the information notice is also available on the website of the National Pension Fund of Local Government.
I. - Prior to the commencement of sealing operations, tests of the Internet electronic voting system and the counting system are conducted under the supervision of the Caisse des dépôts et consignations.
II. - Before the poll begins, the polling station:
1° Procede to the establishment and distribution of sealing keys/scratch keys referred to in III;
2° Verifies that the components of the Internet electronic voting system that have been subject to expertise have not been modified and ensures that the tests provided for in I have been performed;
3° Recognizes the presence of the different seals, the proper operation of the machines, that the start is virgin and that the electronic urn is empty;
4° Procedes the sealing of the electronic voting system via the internet, the list of candidates, the list of electors, the hours of opening and closing of the ballot and the counting system;
The session during which the sealing/scratch keys are being established and distributed is open to representatives of the candidate lists.
The encryption keys used for the encryption of ballots and the counting of the ballot box are generated prior to the opening of the ballot in the presence of the voting officers.
III. - The terms and conditions for the establishment and distribution of the seal/scratch keys shall be carried out in accordance with the following conditions:
1° At least three seal/scratch keys are edited and assigned to members of the voting office;
2° Each key is assigned according to a procedure guaranteeing to the attributes they have, alone, knowledge of the password associated with the key that is personally assigned to them, this guarantee imposing including with respect to the technical personnel responsible for the deployment of the electronic voting system via the internet;
3° The sealing is performed by the combination of at least two sealing keys/scratch.
The seal/scratch keys are assigned to the members of each polling station, including a key for the president, one for his alternate, the allocation of the other being drawn by lot among the other members of the polling station.
Prior to the opening of the vote, the keys for sealing/closing are handed over to the chairs of the polling stations and to the other members of these same offices.
The seal/scratch keys are retained under the responsibility of each holder.
The secure connection to the voting system can be made from any computer station connected to the internet.
Electronic voting via the internet takes place on any workstation with Internet access.
The device ensures that at any time the identity of the elector cannot be linked to the expression of his vote, including after counting.
The electors of the fifth college have the opportunity to express their vote electronically via the internet, during the working hours, on a dedicated post in a space arranged for this purpose by their employer, known as the voting booth. This position is made available to electors at least for twenty-four effective hours over the voting period.
The employer ensures that the conditions necessary for anonymity, confidentiality and secrecy of the vote are met.
An elector who is unable to use electronic voting via the internet may, in order to vote, be assisted by an elector of his or her choice from the service or establishment where the dedicated post mentioned above is located.
The e-voting via the internet is as follows:
1° To connect to the voting system, the elector is authenticated by the voting identifier and password mentioned in section 11. He will also have to answer a personal question that is known to him. This authentication method allows the server to verify the identity of the elector and prohibits anyone from voting again for the same ballot with the same authentication method;
2° Once the authentication is completed, the elector accesses the lists of officially selected candidates and the acronyms of the candidate organizations, which must appear simultaneously on the screen;
3° The elector selects a list, so that this choice appears clearly on the screen, excluding any other information. He can return to this choice;
4° He then validates his choice and enters his password. This operation triggers the sending of the dematerialized ballot to the voting server. Validating the vote by the elector makes it final and prevents any modification. The vote expressed is anonymous and encrypted by the system and transmitted to the "contents of the electronic ballot box" mentioned in Article 4 II, where it is thus retained until the counting. The ballot is encrypted on the elector's post and stored in the urn, for the counting, without being deciphered at any time, even in a transitional manner;
5° The transmission of the vote and the demarcation are the subject of an acknowledgement of receipt that the elector has the option to retain.
I. - During the election period, the voter registration list and the electronic ballot box are subject to a process that ensures that they can only be modified by the addition of a demarcation and the addition of a ballot, which emanate from an authenticated elector under the conditions set out in section 17 and whose integrity is assured.
II. - During the same period:
1° Files with voter authentication elements and urn content are inaccessible;
2° The voting list and the voting meter are only accessible to the members of the voting office for the purpose of controlling the conduct of the ballot;
3° No partial income can be recorded.
III. - Interventions on the e-voting system via the internet are reserved for only those responsible for the management and maintenance referred to in Article 3 and may only be carried out in the event of a risk of data alteration. The polling stations are immediately kept informed of the technical interventions on the voting system as well as of the measures taken to remedy the malfunction that motivated the intervention.
In case of force majeure, computer malfunction, technical failure or alteration of the data of a poll under its responsibility, the polling station is competent to take any information and backup measures, including the suspension, stopping or resumption of voting operations.
If it is essential to make the decision of one, several or all of the elections, the polling station may cancel the elections concerned and may rule the invalidity of the registered electoral operations.
This competence is exercised by the polling station concerned, following the advice of the technical assistance unit provided for in Article 3, provided that the decision made does not affect the electoral operation under the other office.
If this is not the case, the decision will have to be made in a collegial manner by the two chairs of the offices.
After the closing time, no vote can be taken into account.
As part of the e-voting missions, members of the polling stations may consult the elements relating to participation rates and the list of electors who voted, using the electronic identifiers provided to them.
As soon as the ballot is closed, the contents of the ballot box, the mailing lists and current server-managed states are automatically set, timed and sealed on all servers, under conditions guaranteeing the storage of the data.
After verifying the integrity of the voting system and receiving the expert's conclusions that the voting solution has not been altered, the members of the polling station who hold seal/scratch keys publicly proceed to the opening of the electronic ballot urn by sealing the voting system and then activating the seal/scratch keys mentioned in section 1.
The presence of the Chairperson of the polling station or his alternate is essential for the counting of the votes cast.
For each office, voting counting operations can be initiated using two sealing keys/scratch.
Deployment may only commence after completion of the required formalities, if any, by section 25.
The polling station controls, before the counting, the sealing of the system.
The count of votes obtained by each candidate or list of candidates appears legibly on the screen and is subject to a secure edition in order to be brought to the minutes.
The polling station controls that the sum of the votes cast electronically corresponds to the number of voters on the electronic voting list.
The Internet electronic voting system is sealed after the decision to close the count by the President of the polling station.
The seal prohibits any resumption or modification of the results.
All the information needed for a posteriori control must also be collected during this phase.
As soon as the electronic vote is closed, the e-voting list is edited.
If the correspondence vote is authorized, the census of the correspondence votes shall take place after the electronic vote is closed by the Internet. Except for, without being open, the envelopes emanating from electors who participated in the electronic voting via the internet.
In this case, the correspondence vote is not taken into account and only the electronic vote is taken into account via the internet.
The procedure for counting votes must, if necessary, be able to be executed again.
Also, the Deposits and Consignations Fund or its supplier shall keep sealed under the conditions set out in the Articles L. 212-2 and L. 212-3 Heritage Code and 5° of Article 6 of the Law of 6 January 1978 referred to above supporting files including copying source programs and executable programs, voting materials, booting, results and backup files, up to the exhaustion of contentious times.
At the end of this period and if no contentious action has been taken, the Caisse des dépôts et consignations will destroy the supporting files. Only the lists of candidates with nominations and professions of faith, the minutes of the election and the appointment of the members of the polling stations are maintained.
The rights of access and rectification provided for in the articles 39 and 40 of the law of 6 January 1978 referred to above shall be exercised with the department responsible for the organization of the ballot concerned, by means of dematerialisation.
The right of opposition provided forArticle 38 of the Act of 6 January 1978 referred to above does not apply to this treatment.
The Budget Director, the Director of Social Security and the Director General of the Caisse des dépôts et consignations are responsible, each with regard to the execution of this Order, to be published in the Official Journal of the French Republic.
Done on September 23, 2014.
Minister of Social Affairs, Health and Women ' s Rights,
For the Minister and by delegation:
By preventing the Director of Social Security:
The Chief of Service, Assistant to the Director of Social Security,
J. Bosredon
Minister of Finance and Public Accounts,
For the Minister and by delegation:
For the Budget Director:
The Deputy Director,
G. Bailly
The Secretary of State in charge of the budget,
For the Secretary of State and by delegation:
For the Budget Director:
The Deputy Director,
G. Bailly
