Paper 2018/683

Usability is not Enough: Lessons Learned from 'Human Factors in Security' Research for Verifiability

Oksana Kulyk and Melanie Volkamer


A well-known issue in electronic voting is the risk of manipulation of the cast vote. For countering this risk, a number of methods have been proposed that enable the voter to verify that their cast vote actually represents their intention, the so-called cast-as-intended verification. Yet, the empirical studies on the voter's behaviour towards using these methods show that often only a small amount of voters attempts the verification or succeeds in performing it. Poor usability of the verification procedure has been often named as the main reason for such a failure of the voters to verify. Research into human factors in other security domains, however, reveals other reasons aside from poor usability, that hinder the proper adoption of security practices among end users. In this paper we discuss these factors with respect to their applicability to cast-as-intended verification. Our results indicate, that many of these factors are potentially relevant in the electronic voting context, too. Correspondingly, we conclude that additional measures aside from ensuring the usability of the cast as intended verification mechanisms are required in order to make sure that the voters successfully verify the integrity of their votes. As such, corresponding mechanisms are proposed.

Available format(s)
Publication info
Published elsewhere. 3rd International Joint Conference on Electronic Voting (E-Vote-ID 2018)
electrtonic votinghuman factors in securityverifiability
Contact author(s)
oksana kulyk @ kit edu
2018-07-17: received
Short URL
Creative Commons Attribution


      author = {Oksana Kulyk and Melanie Volkamer},
      title = {Usability is not Enough: Lessons Learned from 'Human Factors in Security' Research for Verifiability},
      howpublished = {Cryptology ePrint Archive, Paper 2018/683},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.