The client part of xVote could be used in several ways, depending on the situation or the choices of citizens:
power or ability of his machine
free disk space on the computer,
traffic flow and type of the Internet connection,
installation rights (full admin or resticted user rights) on his station,
rights of access to Internet services (i.e. full blown or only http),
will of strict control or a measured confidence delegation.
The citizen can choose between:
a complete virtual machine (ready to use) on his station,
pure remote use of a personal virtual machine,
either with the native Windows service,
or by installing a small software
or by using a Web browser;
a partial installation, followed by a dynamics resume, of the virtual machine on his station,
a full and native installation of the softwares on his station.
All the software to manage (hyperviseur) or run (guest system) the virtual machine and its implementation (xVote and annexes) are installed 1 or copied on the voter's station, or available on a CD in the drive.
The software is downloaded in advance (preferably by a cascading download) or by receiving a CD (sent by mail, obtained at the town hall or consulate, etc.). Internet loading time is about five minutes with an average DSL connection (5000 kb / s).
The client software is delivred in "Virtual Appliance", ie packaged in a virtual machine, with its system, applications and all configurations.
► The voting process is protected from any malware that could be in the citizen's computer (viruses, trojans, worms, etc. ...).
► The software, and even the operating system, used for voting are healthy, because loaded directly from the source and at the time of the vote (virtual appliance).
► Since the whole voting process takes place in a virtual machine, at the end of the operation no traces could remain on the (physical) computer, because everything disappears with the virtual machine (no clear disk writing, see the illustration).
Virtual Appliance : Voting process in a Virtual Machine as a guest of the citizen's host computer .
For the record, the client part of xVote (within the virtual machine) comes into contact nominally with the public administration's representative servers (to obtain the right of vote), and anonymously with the servers representing the poll (including temporary storage and delivery of the sealed ballot), as well as 'with various trusted third parties or additional services (digital identity, anonymous token management, notarization, etc.)..
This usage requires a medium sized computer, but with a relatively current processor, with enough available RAM, a good processing power, enough disk space and especially a good Internet connectivity for the speed necessary to download (or the patience, if the means for the bill). See 20080223_1859.pdf (in French) for more information.
The voter does not load, nor runs, the virtual machine on his station, but uses it remotely, individuality and safely.
With the "Virtual Desktop as a Service" alternative, the virtual machine is created on a server when the voter connects, he use a direct and secure communication with the user interface of it, this does not generate any usable data on the server and disappears without any traces at the end of the connection.
This software is also available for major smartphones (eg WinMobile-PocketPC), netbooks, organizers or Java-enabled phones (eg Nokia Symbian S60). It is also possible to simply use a Web browser, for example in a cybercafe or a public library.
This mode allows to easily vote with only a limited compromise on complete control by the citizen, while keeping full security. Citizens could vote with obsolete versions of Windows, on old computers with low capacities, with limited memory or power machines, or with insufficient disk space, using exotic machines, or to vote despite a minimal internet connectivity or traveling without personal computer (with public computers).
This mode of use is well suited for travelers or expats :
Virtual Desktop : Voting process in a Virtual Machine as guest of a server host, personaly used and on behalf from the citizen's computer
In all cases, and it is particularly interesting in the case of public computers (or used by several people), the virtual desktop application on the local post only serves to present the raw display of the remote virtual machine, only the later handles personal data and choices of vote. The computer used locally executes pure display primitive, which contain no logical or semantic informations on the current voting process, so he can not keep any 3 sensible information of the voter's session.
Three possibilities are offered by xVote in this virtual desktop mode (see below), depending on the type of system, connectivity 4 or rights available:
Win use of the remote desktop service installed in MS-Windows
LTT installation of a powerful multi-platform client software of virtual desktop
Web Use of a web browser accepting a Java applet (Internet Explorer, Firefox, Opera, ...)
In all circumstances, connections and the voting process are fully secure.
La machine virtuelle est créée dynamiquement au moment de la connexion du votant, et détruite immédiatement avec la fin de la déconnexion; durant son fonctionnement, elle est strictement isolée des autres machines virtuelles. The virtual machine is dynamically created when the voter connects, and destroyed immediately at the disconnection, and during its operation, it is strictly isolated from other virtual machines. It is "waterproof" (or perhaps "dataproof"?) to the server that supports virtual machines, and it leaves no trace on it.
Finally, as mentioned above, the virtual desktop software (or the Web browser) on the local computer used by the citizen, does not receive or handle any data semantics and therefore is not susceptible of an attack, nor leaves any sensible traces.
If the virtual desktop client software should be downloaded, this one is very small: from a few hundred kibi-bytes ( "KB") to at most a small handful of mebi-bytes ( "MB"), or even just tens kibi-bytes for the Java version, depending on the selected channel. Installation is really simple, and takes very little space on the harddisc.
Access to a personally and dynamicaly created xVote (client) virtual machine can be made from an effective service available within the range of Microsoft Windows.This application is installed natively in XP and Vista, and is available in OEM Win Mobile.
Simply launch the application "Remote Desktop 5 that is integrated natively in Windows:
Start → Programs → Accessories → Communication → Remote Desktop
or even more simply by the activation a tiny file 6 downloaded from the voting Web site, that already contains all datas and connection options to the remote desktop service.
The client software is also available on Internet, freely or free of charge, for former Windows (or WinMobile / PocketPC), Linux or Mac OSX. It is also available for other platforms such as PalmOS, BlackBerry and JavaPhones (including Symbian S60).
In this case, to remotely connect to a personal virtual machine xVote (client), just download and install an efficient remote desktop software.
The client software is a little more heavy than other download mentioned here, although obtaining it takes less than ten seconds with an average DSL connection (5000 kb/s). This remote desktop protocol is the one that offers the most services 7 to all platforms and it is so efficient that it can be used even with connectivity at very low speed, for example in mobile Internet or in disadvantaged areas.
The client software is available for free (or ev. freely) for Windows (from 2000), the majority of Linux and Mac OSX, as well as some organizers. Alternatively, it can also be installed automatically as a plug-in of a Web browser.
You can vote with the power and security of xVote using a simple Web browser (eg Internet Explorer, Firefox, Opera, Safari, ...), which must accept applets Java 8. Simply point the browser to the site of voting indicated for this special service.
It should be stressed that, although it uses a Web browser, it is not a vote by the Web, and this is not with a classic server that the transaction takes place, but indeed the applet put the voter in direct and sure link with a personal virtual machine that is created at the connexion moment and exclusively for him, that is completely partitioned to the other VM and to the server, and that will be destroyed without trace since the end of its session. The applet is only used to display the user interface of the virtual machine, the browser don't handle any session's data of the voter, so no trace is likely to be maintained on the local computer used to vote.
For users behind a filtering firewall prohibiting activities other than accessing the Web [eg at the workplace or with some WiFi HotSpots), or which must use a proxy HTTP, it is nevertheless possible to attain the xVote's servers with a small configuration of the applet.
Alternatively, the software is also available freely, or for free, as a very light and easy to install native client (loading in less than a second with an average DSL connection -5000 Kb/s), for all platforms ( Linux, Unix, Mac OSX), including Windows Mobile (or PocketPC); by changing an option, it is also possible to use it behind a severely filtering firewall or a mandatory proxy. The client software is also available for BlackBerry and JavaPhone (including Symbian S60).
The overall situation is similar to the first case (virtual machine on the citizen's station), except that the installation is very partial (the download is about one minute per ADSL link average 5000 kb/s) .
Loading the virtual machine itself is then done in parallel, or in the background, during its use, through efficient distributing of the load on a decentralized style="font-family: Arial,sans-serif;">and specialized P2P network, most of whose computers are simultaneously both clients and servers of the other stations (peer-to-peer).
The first advantage is avoid the overload of the distribution servers, and therefore not tp slow down the downloads, secondly to limit for the voters the waiting time during preliminary loading, thirdly not to use permanently a consistent portion of the hard disc, and fourthly to allow for any updating of the software or the user interface at each voting session without requiring voters to recharge first all the software.
Not described here, as not advised in the current case. See 20060904_2200.pdf (in French) for more information.
This would be the typical figure for a voting machine in the voting booth (aka direct recording machine, but with remote storage of the sealed full ballot, authentic, integre and anonymous), or to form a special computer to vote in a busy place as a public service. In both cases, the system 9 is dedicated and under control, so robust and healthy.
1 Requires approximately 650 million (MB) of disk space. With the CD, about 30 million is enoughn both cases, a few hundred mébi-bytes temporarily during use.
2 According to the situation, a connection with a style="font-family: Times New Roman,serif;">plain old telephone modem of 56 Kbps may be sufficient; even as little as 9.6 kb/s and a latency of about 0.5 s, that is with either GSM or some satellite phones. In particular, the transfer of images, color choices and refresh rate is automatically adjusted depending on the speed of the connection. Generally, the absolute minimum down channel (download) should be at 33.6 kb/s (very simplified images, colors limited and low refresh), and preference is to have at least 300 kb / s.
3 It is also the case in the base scenario, where the virtual machine is on the local voter's computer. The VM is compartmentalized and the personal datas or the processing logic disappear at shutdown, the host system of the computer cannot bear the slightest trace.
4 The traffic is heavily asymmetrical: as the downstream channel carries the display information (or sounds) and therefore is bigger than the upstram channel that is formed essentially by the user's orders. The usual asymmetrical flow of the Internet connection (fixed or mobile ones) are well suited.
5 Also called "Terminal Service" or "Remote Desktop Protocol / Connection".
6 A file size of less than 4 kio, and of *. rdp type
7 In addition to the sound transfer and the clipboard exchange, you can print locally (eg the report of the session) and access disks to save/ retrieve data (eg the temporary condition of the session).
elements included in the Web page and which automate it.
class="google-src-text" style="direction: ltr; text-align:
left;">Java applets are comprehensive programs, but
browsers for the user interface, which generally run in a browser
class="google-src-text" style="direction: ltr; text-align: left;">The usual browsers support almost all Java, but it must have been installed, which is current use.
9 The xVote software is delivred in machine independant instructions of the Common Language Infrastructure (CLI, ECMA-335 and ISO/IEC 23271), The related systems or applications are FLOSS, and/or very largely ported, so the operating system can be Windows (dotNET framework) or Linux (Mono), Mac OSX, (Unix) BSD, Solaris, ...