Electronic Voting Systems A Brief Look at the Current Issues and Some Possible Improvements Andrew Notarian
Help America Vote Act (HAVA) <ul><li>Reaction to 2000 Voting Controversy </li></ul><ul><li>Gives States Funds to Replace E...
Direct Record Electronic (DRE) Voting Machines <ul><li>Analogous to Mechanical Lever Machines </li></ul><ul><li>No Paper B...
Controversy <ul><li>Crashes and Bugs Already Observed </li></ul><ul><li>One NC County lost 4,500 to 12,000 votes in 2004 b...
Real Time Controversy <ul><li>Blogs, Security & University web sites are the scene of the pro-security side </li></ul><ul>...
An Independent Assessment <ul><li>National Research Council (NRC) convenes a committee in 2004 to investigate e-voting </l...
NRC Key Areas of Concern <ul><li>Security </li></ul><ul><li>Usability & Human Factors </li></ul><ul><li>Life Cycle </li></...
Security: JHU Study, 2003 <ul><li>Diebold AccuVote-TS 4.3.1 Source Code Leaked </li></ul><ul><li>C++ code for a Windows CE...
Security: Maryland Reacts <ul><li>MD had just purchased $56.6 million of Diebold AccuVote units around the time JHU Study ...
Security: Princeton Study, 2006 <ul><li>Princeton Researchers buy an AccuVote machine through a private channel </li></ul>...
Security: Princeton Findings <ul><li>Easy to disrupt voting process through injected virus, Denial of Service </li></ul><u...
Security: Princeton Proof of Concept <ul><li>A “Vote Stealing Control Panel” was injected into the AccuVote because to dev...
Security: Not Just Diebold <ul><li>A group of concerned citizens performed their own analysis of Nedap DREs used in Europe...
Usability & Human Factors <ul><li>NRC found that sufficient usability studies of DREs had not been conducted </li></ul><ul...
Life Cycle <ul><li>Election Boards used to buying equipment that will last decades </li></ul><ul><li>Voting Machines will ...
Poll Worker Training <ul><li>Most poll workers and election judges want more training </li></ul><ul><li>Between the 2006 P...
Testing, Certification & Evaluation <ul><li>IEEE was/is developing a Standard for Voting Machine evaluation (1583) </li></...
Ideas: Gambling Industry <ul><li>NRC received testimony from NV/NJ  </li></ul><ul><li>Gambling Computers are heavily regul...
Ideas: Voter Verified Paper Trail (VVPAT) <ul><li>Paper receipts could allow voters to see that the machine “got it right”...
Ideas: Fancy VVPAT <ul><li>David Chaum proposed encrypted paper receipts, which come in two laminated layers </li></ul><ul...
Ideas: My Fancy VVPT Idea <ul><li>Encrypt parameters about the vote (machine serial number, time/date, candidate selection...
Ideas: Open Source Software <ul><li>Many computer scientists believe open code is more secure (lots of free testers) </li>...
Ideas: Open Source Software <ul><li>DREs cost around $5000 each </li></ul><ul><li>$100 Linux Laptops could run open-source...
Conclusions <ul><li>HAVA’s January 2006 Deadline seemed to make states rush to buy voting system not ready for wide use </...
Upcoming SlideShare
Loading in …5
×

Mswe601 Research Presentation Andrew Notarian

638 views

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
638
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Mswe601 Research Presentation Andrew Notarian

  1. 1. Electronic Voting Systems A Brief Look at the Current Issues and Some Possible Improvements Andrew Notarian
  2. 2. Help America Vote Act (HAVA) <ul><li>Reaction to 2000 Voting Controversy </li></ul><ul><li>Gives States Funds to Replace Equipment </li></ul><ul><li>Uniform Equipment Across a State </li></ul><ul><li>Better Accessibility </li></ul><ul><li>January 2006 Deadline </li></ul><ul><li>Most States Bought Electronic Voting Machines </li></ul>Source: http://concise.britannica.com/
  3. 3. Direct Record Electronic (DRE) Voting Machines <ul><li>Analogous to Mechanical Lever Machines </li></ul><ul><li>No Paper Ballot </li></ul><ul><li>Selections are stored on a memory device </li></ul>Source: Feldman, Felten & Wallach 2006
  4. 4. Controversy <ul><li>Crashes and Bugs Already Observed </li></ul><ul><li>One NC County lost 4,500 to 12,000 votes in 2004 because of a technical problem </li></ul><ul><li>Recent elections have been very close, so accuracy is more important than usual </li></ul><ul><li>Widespread Reports of Security and Privacy Problems from CS Community </li></ul>
  5. 5. Real Time Controversy <ul><li>Blogs, Security & University web sites are the scene of the pro-security side </li></ul><ul><li>DRE Vendor Web sites post documents intending to discredit unfavorable security studies </li></ul><ul><li>Peer-Reviewed Papers and Conferences often circumnavigated in the interest of “getting it out there”. </li></ul>
  6. 6. An Independent Assessment <ul><li>National Research Council (NRC) convenes a committee in 2004 to investigate e-voting </li></ul><ul><li>Co-chairs: Two former State Governors </li></ul><ul><li>Receive Testimony from Industry experts, policy makers across the political spectrum </li></ul><ul><li>Final Report released in early 2006 </li></ul>www.cstb.org
  7. 7. NRC Key Areas of Concern <ul><li>Security </li></ul><ul><li>Usability & Human Factors </li></ul><ul><li>Life Cycle </li></ul><ul><li>Poll Worker Training </li></ul><ul><li>Data </li></ul><ul><li>Public Confidence </li></ul><ul><li>Testing, Certification & Evaluation </li></ul><ul><li>Funding & Sustaining Improvement </li></ul><ul><li>Election Institutions </li></ul><ul><li>The Role of the Private Sector in Election Administration </li></ul>
  8. 8. Security: JHU Study, 2003 <ul><li>Diebold AccuVote-TS 4.3.1 Source Code Leaked </li></ul><ul><li>C++ code for a Windows CE platform </li></ul><ul><li>Coding Style seems immature, ad-hoc </li></ul><ul><li>DES key stored in plaintext throughout </li></ul><ul><li>Etc. etc. </li></ul><ul><li>Conclusion: AccuVote not ready for use in a general election </li></ul>
  9. 9. Security: Maryland Reacts <ul><li>MD had just purchased $56.6 million of Diebold AccuVote units around the time JHU Study went public </li></ul><ul><li>MD orders SAIC to conduct a security assessment – mostly agrees with JHU </li></ul><ul><li>MD orders RABA Technologies to perform a second assessment – mostly validates JHU Findings </li></ul><ul><li>SAIC and RABA had access to newer, more complete code base </li></ul>
  10. 10. Security: Princeton Study, 2006 <ul><li>Princeton Researchers buy an AccuVote machine through a private channel </li></ul><ul><li>They tinker and find ways to break it </li></ul><ul><li>AccuVote unit and software version as purchased had been widely used in actual elections, and had been accredited by the National Association of State Election Directors (NASED) </li></ul>
  11. 11. Security: Princeton Findings <ul><li>Easy to disrupt voting process through injected virus, Denial of Service </li></ul><ul><li>Possible to inject code to change vote counts with physical access to machine for 60 seconds </li></ul><ul><li>Physical locks on the devices are easily obtained on the Internet (e.g. “mini-bar keys” were the same) </li></ul><ul><li>Issues found in 2003 JHU Study still not addressed </li></ul>
  12. 12. Security: Princeton Proof of Concept <ul><li>A “Vote Stealing Control Panel” was injected into the AccuVote because to device automatically looks to removable storage for code to run (“AutoRun”) </li></ul><ul><li>External Storage Devices are also not encrypted </li></ul><ul><li>Vote Stealing leaves no traces </li></ul><ul><li>Source: Feldman, Felten & Wallach 2006 </li></ul>
  13. 13. Security: Not Just Diebold <ul><li>A group of concerned citizens performed their own analysis of Nedap DREs used in Europe </li></ul><ul><li>Many security & privacy issues were discovered </li></ul><ul><li>Ireland chose not to deploy their new Nedap machines as a result </li></ul><ul><li>Germany did a bitwise code audit before and after their elections </li></ul>
  14. 14. Usability & Human Factors <ul><li>NRC found that sufficient usability studies of DREs had not been conducted </li></ul><ul><li>Voters should be given ample opportunities to practice using the machines before and during election day </li></ul>
  15. 15. Life Cycle <ul><li>Election Boards used to buying equipment that will last decades </li></ul><ul><li>Voting Machines will fail and become obsolete much quicker </li></ul><ul><li>What happens if the vendor goes out of business? </li></ul><ul><li>What happens if the memory cards are no longer on the market? </li></ul><ul><li>Smaller election bodies may not have mature approaches to procurement (risk analysis, etc.) </li></ul>
  16. 16. Poll Worker Training <ul><li>Most poll workers and election judges want more training </li></ul><ul><li>Between the 2006 Primary and Election, MD provided re-training opportunities </li></ul><ul><li>Most poll workers not tech savvy </li></ul><ul><li>Polling Stations need mature tech support infrastructure, i.e. places to go for help </li></ul>
  17. 17. Testing, Certification & Evaluation <ul><li>IEEE was/is developing a Standard for Voting Machine evaluation (1583) </li></ul><ul><li>Electronic Frontier Foundation fought the standard because it did not address security, reliability, accuracy, accessibility </li></ul><ul><li>NRC recommends independent Voting Device certification body (a UL type, or a new body within a National Laboratory) </li></ul>
  18. 18. Ideas: Gambling Industry <ul><li>NRC received testimony from NV/NJ </li></ul><ul><li>Gambling Computers are heavily regulated, made by licensed vendors, inspected often </li></ul><ul><li>Assumption is that people will try to cheat </li></ul><ul><li>Testing, testing, testing </li></ul><ul><li>Formal Dispute Resolution process if any given party suspects they’ve been cheated </li></ul><ul><li>Voting Industry could learn from this </li></ul>
  19. 19. Ideas: Voter Verified Paper Trail (VVPAT) <ul><li>Paper receipts could allow voters to see that the machine “got it right” </li></ul><ul><li>Paper receipts could serve as a backup vote counting mechanisms </li></ul><ul><li>Parallel Testing: compare paper vote count to DRE count </li></ul><ul><li>Paper Receipt could be printed onto optical scan cards </li></ul>
  20. 20. Ideas: Fancy VVPAT <ul><li>David Chaum proposed encrypted paper receipts, which come in two laminated layers </li></ul><ul><li>Separating the layers makes receipt unreadable, one layer discarded </li></ul><ul><li>Entering the serial number at the election website provides an image of the lost layer and makes receipt readable again </li></ul><ul><li>Probably too complicated… </li></ul>
  21. 21. Ideas: My Fancy VVPT Idea <ul><li>Encrypt parameters about the vote (machine serial number, time/date, candidate selections, etc.) into a one-way hash </li></ul><ul><li>Print that hash onto a paper receipt graphically </li></ul><ul><li>Allow voter to enter receipt serial number at election website and see that the hash image on file matches the receipt – i.e. the vote hasn’t been modified </li></ul><ul><li>Also, definitely don’t use thermal printers for these VVPAT receipts </li></ul>
  22. 22. Ideas: Open Source Software <ul><li>Many computer scientists believe open code is more secure (lots of free testers) </li></ul><ul><li>Most software vendors believe closed code is more secure (problems are unknown) </li></ul><ul><li>Australia posts the source code of their voting system online as a .ZIP archive </li></ul><ul><li>Belgium allowed public inspection of voting code to increase confidence </li></ul>
  23. 23. Ideas: Open Source Software <ul><li>DREs cost around $5000 each </li></ul><ul><li>$100 Linux Laptops could run open-source voting software, much cheaper </li></ul><ul><li>The simpler the code, the less room for security issues to creep in </li></ul><ul><li>Windows CE full of functionality a voting machine doesn’t need </li></ul>
  24. 24. Conclusions <ul><li>HAVA’s January 2006 Deadline seemed to make states rush to buy voting system not ready for wide use </li></ul><ul><li>Great Advantages to e-voting: speed, accessibility, etc. </li></ul><ul><li>Electronic Voting Security & Privacy will improve with time. The technologies are still very immature. </li></ul><ul><li>Formal independent Certification and Testing is a must </li></ul><ul><li>Voter Verified Paper Audit Trails could help gain voter trust, prove that DREs are accurate </li></ul><ul><li>Security problems must be addressed, not discredited </li></ul><ul><li>Consider open-source software as appropriate </li></ul>

×