• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
445
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Electronic Voting Systems A Brief Look at the Current Issues and Some Possible Improvements Andrew Notarian
  • 2. Help America Vote Act (HAVA)
    • Reaction to 2000 Voting Controversy
    • Gives States Funds to Replace Equipment
    • Uniform Equipment Across a State
    • Better Accessibility
    • January 2006 Deadline
    • Most States Bought Electronic Voting Machines
    Source: http://concise.britannica.com/
  • 3. Direct Record Electronic (DRE) Voting Machines
    • Analogous to Mechanical Lever Machines
    • No Paper Ballot
    • Selections are stored on a memory device
    Source: Feldman, Felten & Wallach 2006
  • 4. Controversy
    • Crashes and Bugs Already Observed
    • One NC County lost 4,500 to 12,000 votes in 2004 because of a technical problem
    • Recent elections have been very close, so accuracy is more important than usual
    • Widespread Reports of Security and Privacy Problems from CS Community
  • 5. Real Time Controversy
    • Blogs, Security & University web sites are the scene of the pro-security side
    • DRE Vendor Web sites post documents intending to discredit unfavorable security studies
    • Peer-Reviewed Papers and Conferences often circumnavigated in the interest of “getting it out there”.
  • 6. An Independent Assessment
    • National Research Council (NRC) convenes a committee in 2004 to investigate e-voting
    • Co-chairs: Two former State Governors
    • Receive Testimony from Industry experts, policy makers across the political spectrum
    • Final Report released in early 2006
    www.cstb.org
  • 7. NRC Key Areas of Concern
    • Security
    • Usability & Human Factors
    • Life Cycle
    • Poll Worker Training
    • Data
    • Public Confidence
    • Testing, Certification & Evaluation
    • Funding & Sustaining Improvement
    • Election Institutions
    • The Role of the Private Sector in Election Administration
  • 8. Security: JHU Study, 2003
    • Diebold AccuVote-TS 4.3.1 Source Code Leaked
    • C++ code for a Windows CE platform
    • Coding Style seems immature, ad-hoc
    • DES key stored in plaintext throughout
    • Etc. etc.
    • Conclusion: AccuVote not ready for use in a general election
  • 9. Security: Maryland Reacts
    • MD had just purchased $56.6 million of Diebold AccuVote units around the time JHU Study went public
    • MD orders SAIC to conduct a security assessment – mostly agrees with JHU
    • MD orders RABA Technologies to perform a second assessment – mostly validates JHU Findings
    • SAIC and RABA had access to newer, more complete code base
  • 10. Security: Princeton Study, 2006
    • Princeton Researchers buy an AccuVote machine through a private channel
    • They tinker and find ways to break it
    • AccuVote unit and software version as purchased had been widely used in actual elections, and had been accredited by the National Association of State Election Directors (NASED)
  • 11. Security: Princeton Findings
    • Easy to disrupt voting process through injected virus, Denial of Service
    • Possible to inject code to change vote counts with physical access to machine for 60 seconds
    • Physical locks on the devices are easily obtained on the Internet (e.g. “mini-bar keys” were the same)
    • Issues found in 2003 JHU Study still not addressed
  • 12. Security: Princeton Proof of Concept
    • A “Vote Stealing Control Panel” was injected into the AccuVote because to device automatically looks to removable storage for code to run (“AutoRun”)
    • External Storage Devices are also not encrypted
    • Vote Stealing leaves no traces
    • Source: Feldman, Felten & Wallach 2006
  • 13. Security: Not Just Diebold
    • A group of concerned citizens performed their own analysis of Nedap DREs used in Europe
    • Many security & privacy issues were discovered
    • Ireland chose not to deploy their new Nedap machines as a result
    • Germany did a bitwise code audit before and after their elections
  • 14. Usability & Human Factors
    • NRC found that sufficient usability studies of DREs had not been conducted
    • Voters should be given ample opportunities to practice using the machines before and during election day
  • 15. Life Cycle
    • Election Boards used to buying equipment that will last decades
    • Voting Machines will fail and become obsolete much quicker
    • What happens if the vendor goes out of business?
    • What happens if the memory cards are no longer on the market?
    • Smaller election bodies may not have mature approaches to procurement (risk analysis, etc.)
  • 16. Poll Worker Training
    • Most poll workers and election judges want more training
    • Between the 2006 Primary and Election, MD provided re-training opportunities
    • Most poll workers not tech savvy
    • Polling Stations need mature tech support infrastructure, i.e. places to go for help
  • 17. Testing, Certification & Evaluation
    • IEEE was/is developing a Standard for Voting Machine evaluation (1583)
    • Electronic Frontier Foundation fought the standard because it did not address security, reliability, accuracy, accessibility
    • NRC recommends independent Voting Device certification body (a UL type, or a new body within a National Laboratory)
  • 18. Ideas: Gambling Industry
    • NRC received testimony from NV/NJ
    • Gambling Computers are heavily regulated, made by licensed vendors, inspected often
    • Assumption is that people will try to cheat
    • Testing, testing, testing
    • Formal Dispute Resolution process if any given party suspects they’ve been cheated
    • Voting Industry could learn from this
  • 19. Ideas: Voter Verified Paper Trail (VVPAT)
    • Paper receipts could allow voters to see that the machine “got it right”
    • Paper receipts could serve as a backup vote counting mechanisms
    • Parallel Testing: compare paper vote count to DRE count
    • Paper Receipt could be printed onto optical scan cards
  • 20. Ideas: Fancy VVPAT
    • David Chaum proposed encrypted paper receipts, which come in two laminated layers
    • Separating the layers makes receipt unreadable, one layer discarded
    • Entering the serial number at the election website provides an image of the lost layer and makes receipt readable again
    • Probably too complicated…
  • 21. Ideas: My Fancy VVPT Idea
    • Encrypt parameters about the vote (machine serial number, time/date, candidate selections, etc.) into a one-way hash
    • Print that hash onto a paper receipt graphically
    • Allow voter to enter receipt serial number at election website and see that the hash image on file matches the receipt – i.e. the vote hasn’t been modified
    • Also, definitely don’t use thermal printers for these VVPAT receipts
  • 22. Ideas: Open Source Software
    • Many computer scientists believe open code is more secure (lots of free testers)
    • Most software vendors believe closed code is more secure (problems are unknown)
    • Australia posts the source code of their voting system online as a .ZIP archive
    • Belgium allowed public inspection of voting code to increase confidence
  • 23. Ideas: Open Source Software
    • DREs cost around $5000 each
    • $100 Linux Laptops could run open-source voting software, much cheaper
    • The simpler the code, the less room for security issues to creep in
    • Windows CE full of functionality a voting machine doesn’t need
  • 24. Conclusions
    • HAVA’s January 2006 Deadline seemed to make states rush to buy voting system not ready for wide use
    • Great Advantages to e-voting: speed, accessibility, etc.
    • Electronic Voting Security & Privacy will improve with time. The technologies are still very immature.
    • Formal independent Certification and Testing is a must
    • Voter Verified Paper Audit Trails could help gain voter trust, prove that DREs are accurate
    • Security problems must be addressed, not discredited
    • Consider open-source software as appropriate