This document provides an overview of security requirements and procedures for digital voting systems. It discusses tensions between ballot secrecy, voter authentication, and enfranchisement. It describes security issues with voter registration databases, including privacy concerns over publicly accessible personal data and the ability to modify voter records. The document also examines security aspects of different voting technologies like optical scan and DRE systems, noting potential issues with sensor calibration and ballot marking interpretation. Throughout, it emphasizes the need to consider an adversarial mindset and balance multiple competing security objectives.
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
Final Project of the System and Enterprise Security course of the Master Degree in Engineering in Computer Science at University of Rome "La Sapienza".
The report explain which are the goals of Penetration Testing introducing three different attacks (Brute Force, SQL Injection and Command Injection), how to set up a virtualized lab using the Damn Vulnerable Web Application (DVWA) VM.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Computer Security : Introduction, Need for security, Principles of Security,
Types of Attacks
Cryptography : Plain text and Cipher Text, Substitution techniques, Caesar
Cipher, Mono-alphabetic Cipher, Polygram, Polyalphabetic Substitution,
Playfair, Hill Cipher, Transposition techniques, Encryption and Decryption,
Symmetric and Asymmetric Key Cryptography, Steganography, Key Range and
Key Size,
Possible Types of Attacks
Symmetric Key Algorithms and AES: Algorithms types and modes, Overview
of Symmetric key Cryptography, Data Encryption Standard (DES), International
Data Encryption Algorithm (IDEA), RC4, RC5, Blowfish, Advanced Encryption
Standard (AES)
Asymmetric Key Algorithms, Digital Signatures and RSA: Brief history of
Asymmetric Key Cryptography, Overview of Asymmetric Key Cryptography,
RSA algorithm, Symmetric and Asymmetric key cryptography together, Digital
Signatures, Knapsack Algorithm, Some other algorithms (Elliptic curve
cryptography, ElGamal, problems with the public key exchange)
System and Enterprise Security Project - Penetration TestingBiagio Botticelli
Final Project of the System and Enterprise Security course of the Master Degree in Engineering in Computer Science at University of Rome "La Sapienza".
The report explain which are the goals of Penetration Testing introducing three different attacks (Brute Force, SQL Injection and Command Injection), how to set up a virtualized lab using the Damn Vulnerable Web Application (DVWA) VM.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Computer Security : Introduction, Need for security, Principles of Security,
Types of Attacks
Cryptography : Plain text and Cipher Text, Substitution techniques, Caesar
Cipher, Mono-alphabetic Cipher, Polygram, Polyalphabetic Substitution,
Playfair, Hill Cipher, Transposition techniques, Encryption and Decryption,
Symmetric and Asymmetric Key Cryptography, Steganography, Key Range and
Key Size,
Possible Types of Attacks
Symmetric Key Algorithms and AES: Algorithms types and modes, Overview
of Symmetric key Cryptography, Data Encryption Standard (DES), International
Data Encryption Algorithm (IDEA), RC4, RC5, Blowfish, Advanced Encryption
Standard (AES)
Asymmetric Key Algorithms, Digital Signatures and RSA: Brief history of
Asymmetric Key Cryptography, Overview of Asymmetric Key Cryptography,
RSA algorithm, Symmetric and Asymmetric key cryptography together, Digital
Signatures, Knapsack Algorithm, Some other algorithms (Elliptic curve
cryptography, ElGamal, problems with the public key exchange)
Voting is an essential feature of democracy, but electoral fraud unfortunately is as old as voting itself. Increasingly, however, the way we count our votes completely depends on the computer system. Those systems have to work correctly and securely or the outcome of the election could be in jeopardy. Many jurisdictions don’t have in place proper safeguards, which create new opportunities for fraud.
The goal of the report is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure.
ANALYSIS OF SECURITY REQUIREMENTS OF FUTURISTIC MOBILE APPLICATIONSijistjournal
Advent of smart phones has brought with it revolution in mobile applications that are available for everyday functions. In this paper we review security requirements for apps from different domains that are communicating sensitive information over insecure network. Some of these apps are already available and some are expected to be introduced in future. We find that there are many parameters that affect security of apps but some are prominent compared to others based on domain of the app. Based on analysis of security requirements we determine the application domain most suitable for implementation of our proposed protocol.
We are living in security era, where we are securing all our belongings under different modes of lock but it’s different in the case of system security. We are carelessly leaving our datas and softwares unlocked. The state of security on the internet is bad and getting worse. One reaction to this state of affairs is termed as Ethical Hacking which attempts to increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. As public and private organizations migrate more of their critical functions to the Internet, criminals have more opportunity and incentive to gain access to sensitive information through the Web application. So, Ethical hacking is an assessment to test and check an information technology environment for possible weak links and vulnerabilities. Ethical hacking describes the process of hacking a network in an ethical way, therefore with good intentions. This paper describes what ethical hacking is, what it can do, an ethical hacking methodology as well as some tools which can be used for an ethical hack.
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
Digital Forensics for Artificial
Intelligence (AI ) Systems:
AI systems make decisions impacting our daily life Their actions might cause accidents, harm or, more generally, violate
regulations either intentionally or not and consequently might be considered suspects for various events. In this lecture we explore how digital forensics can be performed for AI based systems.
Designing a framework for blockchain-based e-voting system for LibyaCSITiaesprime
A transition to democratic rule is considered the first step down a long road towards Libya’s recovery and prosperity. Thus, it strives to improve the country’s elections by introducing new technologies. A blockchain is a distributed ledger that is characterised by independence and security. Therefore, it has been widely applied in various fields ranging from credit encryption and digital currency. With the development of internet technology, electronic voting (E-voting) systems have been greatly popularised. However, they suffer from various security threats, which create a sense of distrust among existing systems. Integrating blockchain with online elections is a promising trend, which could lead to make an election transparent, immutable, reliable, and more secure. In this paper, we present a literature review and a case analysis of blockchain technology. Moreover, a framework for an E-voting system based on blockchain is proposed. The methodology is adopted on the basis of three activities, they are identification of the relevant literature about E-voting, system modelling, and the determination of suitable technological tools. The framework is secure and reliable. Thus, it could help increase the number of voters and ensure a high level of participation, as well as facilitate free and fair electoral processes.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
More Related Content
Similar to Madlena pavlova security_in__digital_voting_system
Voting is an essential feature of democracy, but electoral fraud unfortunately is as old as voting itself. Increasingly, however, the way we count our votes completely depends on the computer system. Those systems have to work correctly and securely or the outcome of the election could be in jeopardy. Many jurisdictions don’t have in place proper safeguards, which create new opportunities for fraud.
The goal of the report is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure.
ANALYSIS OF SECURITY REQUIREMENTS OF FUTURISTIC MOBILE APPLICATIONSijistjournal
Advent of smart phones has brought with it revolution in mobile applications that are available for everyday functions. In this paper we review security requirements for apps from different domains that are communicating sensitive information over insecure network. Some of these apps are already available and some are expected to be introduced in future. We find that there are many parameters that affect security of apps but some are prominent compared to others based on domain of the app. Based on analysis of security requirements we determine the application domain most suitable for implementation of our proposed protocol.
We are living in security era, where we are securing all our belongings under different modes of lock but it’s different in the case of system security. We are carelessly leaving our datas and softwares unlocked. The state of security on the internet is bad and getting worse. One reaction to this state of affairs is termed as Ethical Hacking which attempts to increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. As public and private organizations migrate more of their critical functions to the Internet, criminals have more opportunity and incentive to gain access to sensitive information through the Web application. So, Ethical hacking is an assessment to test and check an information technology environment for possible weak links and vulnerabilities. Ethical hacking describes the process of hacking a network in an ethical way, therefore with good intentions. This paper describes what ethical hacking is, what it can do, an ethical hacking methodology as well as some tools which can be used for an ethical hack.
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
Digital Forensics for Artificial
Intelligence (AI ) Systems:
AI systems make decisions impacting our daily life Their actions might cause accidents, harm or, more generally, violate
regulations either intentionally or not and consequently might be considered suspects for various events. In this lecture we explore how digital forensics can be performed for AI based systems.
Designing a framework for blockchain-based e-voting system for LibyaCSITiaesprime
A transition to democratic rule is considered the first step down a long road towards Libya’s recovery and prosperity. Thus, it strives to improve the country’s elections by introducing new technologies. A blockchain is a distributed ledger that is characterised by independence and security. Therefore, it has been widely applied in various fields ranging from credit encryption and digital currency. With the development of internet technology, electronic voting (E-voting) systems have been greatly popularised. However, they suffer from various security threats, which create a sense of distrust among existing systems. Integrating blockchain with online elections is a promising trend, which could lead to make an election transparent, immutable, reliable, and more secure. In this paper, we present a literature review and a case analysis of blockchain technology. Moreover, a framework for an E-voting system based on blockchain is proposed. The methodology is adopted on the basis of three activities, they are identification of the relevant literature about E-voting, system modelling, and the determination of suitable technological tools. The framework is secure and reliable. Thus, it could help increase the number of voters and ensure a high level of participation, as well as facilitate free and fair electoral processes.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
1. 0 | P a g e
UWS
Security in Digital Voting System
Data and Network Security Report
Madlena Pavlova B00251633
4/19/2016
2. 1 | P a g e
Contents
Introduction.......................................................................................................................................2
1. Brief overview of Security Mindset...................................................................................................2
2. Security Requirements....................................................................................................................2
2.1. Ballot secrecy...........................................................................................................................3
2.2. Vote authentications................................................................................................................3
2.3. Enfranchisement......................................................................................................................4
2.4. Availability...............................................................................................................................4
2.5. Tension in the system...............................................................................................................4
3. Voting security procedure ...............................................................................................................5
3.1. Voting registration....................................................................................................................5
3.1.1. Validating of data authentication........................................................................................6
3.1.2. Tension between security and privacy.................................................................................6
3.1.3. Commercial reuse of the data.............................................................................................7
3.1.4. Who can modify and change the data.................................................................................8
3.1.5. Voter Authentication........................................................................................................10
3.2. Voting technologies................................................................................................................11
3.2.1. Optical scan.....................................................................................................................12
3.2.2. DRE .................................................................................................................................14
4. Security and privacy advancement and glitches -Trustworthy technology.........................................15
5. Guarding Against Tampering..........................................................................................................18
6. Recommendations for better useable security and privacy..............................................................23
7. References ...................................................................................................................................24
3. 2 | P a g e
Introduction
Voting is an essential feature of democracy, but electoral fraud unfortunately is as old
as voting itself. Increasingly, however, the way we count our votes completely depends
on the computer system. Those systems have to work correctly and securely or the
outcome of the election could be in jeopardy. Many jurisdictions don’t have in place
proper safeguards, which create new opportunities for fraud.
The goal of the coursework is to provide sound understanding of how computer security
is critical to the election process in broadly applicable sense and what we need to do to
keep the election secure.
1. Briefoverviewof Security Mindset
Security mindset is about what could go wrong in particular system and seeks out ways
to make a system fail. This is the notion of adversary. The adversary is an intelligence
force that wants to make the system misbehave and fail. Security of term of adversarial
problem is the core of mindset. In fact we analyzed computer security as study of how
the system behaves in a presence of adversary.
When we building the system we have to justify few key points:
How to thinks as Attacker
• Looking for weakest links in the system.
• Identifying the assumptions that security system depends on.
• Thinking outside the box – not constrained by system designer‘s worldview.
Assessing the probability is critical element of the system, as there is cost involved in
any defending mechanism and influence the choice of countermeasures and defenses.
Those criteria could be technical and less technical (legal policy, threat of prosecutions
cost vs. benefits analyses).
2. Security Requirements
Adapting security Mindset is a pre - setup requirement before even start thinking of any
secure system. After this, we can go ahead with security requirement that the voting
system need to enforce in order to be consider as a secure.
4. 3 | P a g e
This can be prioritized as:
• Integrity – the outcome of the election matches the actual voting.
• Voting intent – the vote is cast in the exact way as it was made.
• Votes are counted as cast.
There are room of errors in both cases (technical and less technical requirements),
which require the proper design, so we can avoided this pitfalls.
Well design election system has to comply with:
Secrecy
Authentications
Enfranchisement and availability
Tension in the system
Cost effectiveness
Accessibility
Intelligibility (usability).
2.1. Ballot secrecy
Ballot secrecy is where no one can configure how you vote. This protects not only
privacy but also the level of accuracy, because if it easily to revel to the other people
how you vote, it will make it easy to sell your voice and vote for particular candidate.
Strong Ballot security mechanism protects again coercion of the criminal who might
come up to you and forced you to vote in certain way by expecting the evidence of it.
2.2. Vote authentications
Vote authentications mean that:
• Only outraised voters can take part (Set up by the Law).
• The voter can only be able to vote ones (legal requirement).
Voting multiple times has being recorded numerous times in the past and is known as
the most comment form of cheating.
5. 4 | P a g e
2.3. Enfranchisement
Enfranchisement is considered as the hardest earned civil rights and democratic value
in many societies as all the authorized voters should have an opportunity to vote. We
may things that this is a corollary to authentications, mention above, but discourage
people who are authorized to vote could be equally powerful attack.
2.4. Availability
Problem:
Availability in election system cannot be challenged because that Election Day is
usually fixed and there is no privation of the Law in many places to postpone the
Election Day or to run the voting machines again if somehow it loosed the
information they supposed to have counted. Attack on availability will target the
system functionality either having to turn people away on election day for
accessing delay, or other form as denial of service attacks by huge traffic, to
knocking service offline and preventing from being available for real time users.
Solution:
The system must be able to accept all votes on schedule (during Election Day) and
produce result in timely manner but It is hard this entire requirement to meet the criteria
which explained why election security is very difficult to be achieved.
2.5. Tension in the system
Problem:
Tension between two or more system’s requirements contradicts with each other
and creates conflict.
Example of common problems and tension within the system could be:
• Tension between integrity and Ballot secrecy
If for instance we decided to make publicly available the vote outcome and
list the names, address, voting choice of the people in local news paper, we
will achieve 100% Integrity but what can we say for Ballot secrecy.
6. 5 | P a g e
• Tensions between Voter Authentication and Enfranchisement
If we adopted very high level of authentications, for example we requested
Drive License, Passport, Fingerprint, Birth certificate to anyone who enters
ballots section we will drive away a lot of people who are authorized to vote
but because they don’t have the required documentation will decided not to
do it. In other hand, if we want to make voting process easy by no asking
for any form of identification, it will make it very easy also for people who
are unauthorized to vote to do so.
Solution:
These tensions still cannot be resolved completely and are often political matter where
we want to be in the spectrum of possibilities in addition to the election security context.
In addition to the security features, discussed above they are also few more
requirements worth to mention because they are also considered of high importance to
the election system.
1. Cost effectiveness - as the resources are usually limited to spend on the voting
system.
2. Accessibility – for physically disable voters.
3. Convenience - how easy is to access to the physical location of the voting
system.
4. Intelligibility - if the system is too complicate also can effect in way how the
voter behavior - be active or decide not to participate.
Solution: The system of election technology has being struggling to satisfy this various
requirement at the same time because of the tension between them, as there is no one
way to balanced them all, as well, there is no right answer to all differed societies.
3. Voting security procedure
3.1. Voting registration
The security of elections isn't just about the security of computer hardware and
software, but it's also about the security measures of the involved procedures.
To illustrate what can go wrong I am going to provide an example of typical voting
procedure in US and particular Washington D.C. The process required filling online
registration form which raised a number of security issues concerned with validation,
security and privacy of the data.
7. 6 | P a g e
3.1.1. Validatingofdataauthentication
Problem:
1. One of the issues is matching state database with federal database, as it
can be difficult and can lead to falsely rejection of people due to the format
of how their personal information has being kept.
2. Another obstacle is that most states prohibit people who have been
convicted of serious crimes in further elections by creating a list and
matching it with voter registration databases. This creates potential issues
as many people with same name can enter the prohibited list and wouldn’t
know until they arrived on the Election Day.
Solution: Database system had to have in place standardization of Data Entry
Conventions, which will ensure data integrity and provide better data quality.
3.1.2. Tensionbetweensecurityandprivacy
Figure 1. Tension between security and privacy
Problem:
Another kind of risk caused by registration database is the tension between
security and privacy. Collected information as name, address, and signature, date
of birth, telephone number, gender and ID number stored in this massive
database raised up the question of who can access this data. The big problem is
that most of those fields are publicly available and can usually be obtained and
purchased from the state website. In many states the voter registration list is also
8. 7 | P a g e
used to select people for jury duty which creates a trade-off because people who
try to avoid jury duty will also avoid voter registration.
3.1.3. Commercial reuseofthedata
Problem:
Another issue is that voting database is available to parties and they can used it
for campaign purposes as one example is Obama’s campaign:” Is Your Neighbor
a Democrat?” by encouraging volunteers to go out and campaign to registered
Democrats. Commercial reuse of the data is another privacy issue as companies
can combine the voter’s personal information for their business & marketing
purpose for example: home mortgage, credit card debt etc.
Figure2. Commercial reuse of the data
Solution (3.1.2 and 3.1.3.):
Restrict policy for access to the publicly available information by introducing security
mechanism for validating each visitor. Other possibility is to increase the privacy of data
by limited its availability, thus will reduce the level of risk of unlawful use of the personal
information.
9. 8 | P a g e
3.1.4. Who can modifyandchangethe data
Strong access control again malicious insiders or hackers are another big concern for
security of voting database.
Big part of the security mindset is about the ethics; therefore we need to get into the
attacker's methods and techniques in order to understand how security can fail.
I would like to discuss documented example of voter registration system - Washington
D.C. The system is designed to maintain the list of eligible voters and to keep the
records of the correct address where it should be send the ballot to.
Voter registration database in Washington State also provide an online application to let
voters see and update their records.
Problem:
If we are potential attacker and know the name of someone who lives in
Washington State and want to try to target him for example have their ballot
misdirected to another address so that they won't be able to vote, this scenario
will examine how strongly does the system protect against this sort of attack.
In order to log into the Washington D.C. online registration system, we need the
name and date of birth of the voter. If we don't know person’s date of birth but
know the person's name there is way to figure this out.
Figure 3. Washington Election Voting home page
10. 9 | P a g e
Date of birth is one of those fields collected during the voter registration process
and publicly available. By simple searching we can easily discover voter
registration record with voter's date of birth and other relevant information
(Figure 4). Having this in hand we can easily log on and accessed to voter
registration home page (Figure 3).
Figure 4.Wachington State Voter DB
Figure 5. Washington Election voting home page update
As the attacker's target is to misdirect the ballot, he will try to update the voter’s
address and will be asked for Driving License number which also is not a piece of
secret information and can be easily retrieved ( Figure 6).
11. 10 | P a g e
Figure 6.Drive License Washington DB
This kind of attack is pretty scary especially in state where voters participated in the
election process entirely by mail as we can imagine consequences of wide scale attack
where someone tried to automate this process and change the voter’s registration
information automatically through large numbers of people right before the deadline for
mailing out those ballots.
Solution: Clearly voter registration databases like this need stronger protections. One
way that the state could protect against that would be to mail out confirmation before
changing your address for example sending a card to the old and the new address
saying that the address has being modified in the database. Washington State has not
implemented a protection like this but it seems like a key part of the validation process
in order to maintain the integrity of the registration system.
3.1.5. VoterAuthentication
Assuming that we have an accurate voter registration database and we know who the
proper voters are. The next procedural question is how we are going to authenticate
those voters when they arrive at the polling place. In many countries, there are national
ID card, driver’s licenses issued by each state and passports issued by the Federal
Government, but it's really a patchwork rather than just one single standardized system.
Many US states required only a signature to verify that the voter is who they claim to be.
The voter registration database is printed into a list at each polling place and each voter
who's eligible to vote at that polling station has a space on this list. Many states now
12. 11 | P a g e
introduced computerized poll books that maintain a copy of the voter registration
database in a digital form. This can provide a lot of advantages for instance it may be
faster to find people’s files and can also be used to allow voters to visit different polling
stations. But this brought also some security concerns such us the data being
manipulated or denial of service which could interfere with polling and delay the
election.
Problem:
Today, US states considered to implement some kind of requirement for checking
photo ID but its turn out to have a number of issues between voter authentication,
enfranchisement and illegal voting. Another issue is that not everyone has an ID.
About eight percent of the US population, which make more than 21 million US
(African-American, senior citizens etc.) wouldn't be able to produce the required
ID under these rules. For that reason, ID requirements have the potential to be
imposed or opposed for political reasons because the parties in power will fear
that adding these requirements or removing them, would cause a political shift to
their benefit or detriment.
Other problem with voter ID is that getting a quality fake ID is easy and can be
purchase online for relatively little money and hard to detect by ordinary poll
workers.
Solution: Possible higher tech solutions to this voter authentication enfranchisement
trade-off for countries like the US where not everyone has an ID it could be in form of
adding other identifiers to the voter registration database as biometrics, fingerprint scan
or an iris scan. Even adding photograph ID to the voter registration database could
provide high level authentication but again will violate voter privacy.
3.2. Voting technologies
Two kinds of voting technologies were introduced last quarter of the twentieth century.
One of these technologies is DRE voting (direct-recording electronic), this is voting on
computer devices that directly add up and total the votes. The other is optical scan.
Optical scan voting involves filling out a paper ballot and then having a computer read
that ballot and produce the election totals.
DRE and optical scan voting systems fundamentally depend on computers and
especially on computers at the polling place.
13. 12 | P a g e
3.2.1. Optical scan
The idea with optical scan was to replace these potentially malicious humans who were
part of the counting process with an impartial automated machine. Most of these
machines have a removable memory card. This has positive implications as it can
capture much more information from the ballot and be used to distinguish marks with
greater accuracy, however in order to go from a picture to knowledge it had to be linked
to computer algorithms implemented in software.
The biggest advantage is that the optical scan machine can look for problems with the
ballot and helps cut down the number of over-votes which is important kind of usability
feature, but there was also chance of something to go wrong.
The other benefits are that optical scanning machine alone with electronic records also
stored the physical paper ballot.
Problem:
One of the more prominent issues has to do with the way people interact with
optical scan ballots as not everyone follows the instructions exactly right as
some people use blue ink, some people marked an x instead of filling in the oval.
This is a challenge for optical scan machines because it's possible that the
machines are not going to interpret every one of these marks as a valid vote.
Styles of ways that different people fill out those little circles on an optical scan
form also could be used to compromise voter privacy.
Potential issues with optical scan voting are:
• Accuracy of detector sensors
If the ballot changes its size in humid or dry day or if the ballot inserted into
the machines slightly crooked the sensors it can affect quality of the reading.
• Calibration
Sensors in the machines might respond slightly differently to the same
intensity of light because of physical variations in the electronics.
Solution: In election of any size it is almost certainly that we are going to have some
fraction of ballot’s votes that are misread or lost because of problems like these. This is
fundamentally a challenge to every voting system as it has not being yet design voting
system that will work on a very large scale with absolutely zero error.
14. 13 | P a g e
Optical scan fraudcase study
This Case study is an example to demonstrate the way computer voting machine could
be used to cheat.
The attack was conceived and demonstrated by a voting researcher Harri Hursti on
optical scan voting machine made by Diebold. Harris’s attack looked at what would
happen if the criminal an attacker had access to that memory card that's used to hold an
electronic copy of the results and take it back to the central office for counting. We
assume that the card is going to be very well protected after the voting process finishes
as an important part of election integrity.
But what if someone was able to get access to the card before all of those votes were
cast? Hursti's attack works like this: Before the election he's going to load up the
memory card with a number of votes( for example 10) for the candidate he wants to win,
let's say- Ben .At the end of the election, this number is going to be added to the total
votes for Ben. The problem with the simple version of the attack is it would be pretty
easy to detect. All that the election officials would need to do is observe that the total
number of votes in the machine is ten more than the number of people who used it,
therefore that would be caught right away.
Problem:
Hursti realized that the voting machine's record of how many votes belong to
each candidate performs arithmetic in a very similar way to the mechanical
counter and if he programmed ten votes for the candidate, that he wanted to win
and say 990 votes for the other candidate, when real voters used the machine,
both numbers would increase.
Solution: Luckily, because these are optical scan ballots, there is a way to catch this
kind of fraud which is to actually look at the paper ballots in the ballot box.
With optical scan voting machines, there were still some drawbacks from the point of
view of election administration, as printing and distributing the paper to the polling
places. Because of these issues, the next generation of voting machines, eliminated the
paper ballot entirely. These are known as DRE voting machines.
15. 14 | P a g e
3.2.2. DRE
DRE stands for direct recording electronic. Inside the machine is an electronic computer
controlled counter that maintains a record of each vote but unlike an optical scan
machine in a DRE generally the only record of the vote is something that's stored in a
computer's memory.
Figure 7.Diebold AccuVote TS
Figure 8.Voting card
Around 1990s was introduced touch screen DRE Diebold AccuVote TS(Fig.7) which
was for a while the most widely used DRE voting machine in the US. When voters come
to the polling place they sign and election officials handed a smart card with chip in it as
authentication mechanism. When the voter inserts the card into the slot on the machine
his vote is recorded in the machine’s memory. At the end of the election, authorized poll
workers used special kind of card supervisor card get accesses to the special screen
with some other features including the ability to close the election and print out a paper
tape with the results on it. The election officials remove that memory card with its record
of the votes and send that with the tape to the election headquarters, where another
kind of machine with special software totals up the votes from every machine. Those
16. 15 | P a g e
totals are the basis for what they announce at the end of the election night results as the
results of the count.
Problem:
Several problems have being encountered with DRE. Writing software that does
something simple as counting up election results correctly turns out to be really
difficult task with much more complicated problem than we might think of.
Machines (computers) are very good at following instructions but they don’t have
any ability to exercise judgment and realize on their own that something is wrong
and take course of action in response.
Solution: Developer had to supply all the correct instructions to the machine; have to
anticipate the cases that can arise, test them and write instructions for handling all of
them.
Voting turns out to be a very specialized area because of this tension between integrity
and ballot secrecy. When things go wrong, when there's an error in the count or when
there's an attack, it's often very hard to be caught up. Something could go wrong and
we won't even know because the counting process is supposed to be happening in
secret, as we can't just go back to the voters and make sure each of their votes has
been counted correctly. That kind of failure detection or correction mechanism is not
something that's typically engineer able within the confines of a DRE.
4. Security and privacy advancement and glitches -Trustworthy
technology
In a real situation we can have enormous number of potential complications, where
writing the correct software that handles all of these cases in a sensible way is a
problem that is at the very limits of human capability. We can just expect that the
developers who are writing software for a voting machine are going to get it right.
Writing software that is correct is hard, but writing software that's secure is even harder,
because what an attacker does is to look for situations that the developers and testers
have not accounted for. Those situations aren’t just a natural failure, but the failure
that's been forced on the machine by the attacker (Security Mindset: Thinking as an
attacker).
17. 16 | P a g e
Problems:
Errors
Those errors could be based on design flaws, where the machine is working the
way designers intended but fails to take into account certain major requirements
or there could be implementation glitches or bugs. All of this adds up to the
potential for miscounting and cause reliability problems. There have been cases
where voting machines have been tremendously unreliable and just haven't been
able to function within the demands of a polling place, because of errors in the
software development process.
Vulnerabilities
The second category of problems is vulnerabilities, where an attacker could
sabotage the hardware and manipulate the data if the data's integrity is not
protected.
Hursti’s attack with optical scan is an example of a data manipulation attacks on
vulnerabilities that can lead to privacy leaks.
Integrity
Finally, just knowing that the integrity of the system has being preserved is a very
difficult challenge with voting machines itself. Even if the company that built the
machine posts its software to the internet and says everyone can look at in, there
is no way that we can know that software that's asserted to be the voting machine
software is actually the software running in the machine.
There have been many cases where software that is never been tested or certified
by a government ends up being the software running in a machine on Election
Day. That is just another opportunity for sabotage and error to be introduced and
undetected.
Some software in voting machines is COTS software or commercial off the shelf,
a software package developed by someone else and used for other purposes.
This just provides a further opportunity for problems with integrity because these
packages have to be updated every time in order to fix bugs and other glitches
that has been discovered in them.
18. 17 | P a g e
Figure 9. Trustworthy Technology
Solution: The next set of procedures is the actions that election organizations put in
place to guard the voting system against tampering.
The first and foremost requirement is to provide assurance that no one added, removed
or changed any of the ballot papers between the start of polling and the time that
counting finished, as between polling and counting is the period of vulnerability of the
ballot box that need to be guarded. With the introduction of electronic voting machines,
this situation changed dramatically as with DREs, for example, it's not only necessary to
safeguard them during polling and counting but also to safeguard the machine at all
times as even after the machine is no longer used for elections, it could still have data
on it that's going to reveal voters' secret ballots. It is really a lifetime of security and one
of the things that just adds to the cost of DRE voting in a way that most people don't
realize.
What safeguarding procedure is required for machines like this?
We have to keep track of them in storage.
We have to keep track of them on Election Day.
We have to keep track of the removable memory cards, and so forth.
One aspect of secure facility is with cameras and watchman. Another aspect is making
sure that they're being secured while they're being transported to polling places and
when the memory cards are being removed and brought back to counting.
Maintaining the physical security by observing is one kind of procedural safeguard that
can be a big challenge, especially for bulky machines like DRE's, as often those
19. 18 | P a g e
machines are going to be delivered in advance as many elections authorities drop these
machines off the day before the election.
Procedures like this, leaving the voting machines overnight, creates a tremendous
opportunity for fraud, because the machines are relatively easy to tamper with.
Another mechanism to safeguard the physical integrity of the machines against
tampering is what's known as tamper- evident seals.
Tamper-evident seals can come in different styles, for example padlock, little wire rope
or a sticker. The question is how secured are whose seals as the attacker might try a
few different ways to defeat them. One would be to remove the seal and replace it with
a new one that looks just like the original. Another possibility would be to find a way to
take the seal off and put the original one back on without leaving any evidence that it
had ever been removed.
5. Guarding Against Tampering
Problems:
These turn out to be empirical questions:
1. How easy is it for the seals that are actually in use on the market to be
replaced with fresh ones?
The result of experimental group why tried to defeat 244 different kinds of
seals found out, that the average time to defeat them for just a single
person working alone was only 1.4 minutes, and the average cost to break
a seal was only 62 cents, as most of the seals on the market perform
extremely poorly design with low security functionality and the interesting
fact was that 99% of those seals, considered in this study, were being
currently use for nuclear safeguards. Attackers would almost certainly be
able to defeat these seals with the minimal amount of time.
2. Other concern is what kind of defense mechanism is appropriate if there is
broken seal and what is the chance of tempering to be caught if someone
tampered and installed fraudulent software in DRE. Often, that fraudulent
software could just wipe itself out, and remove all traces of the fraud at the
end of the election.
3. Another kind of attack is, what is if someone breaks the seals but doesn’t
actually do any tampering. This kind of, low in cost and easy to do attack
also could create a denial of service.
20. 19 | P a g e
Solution: Roger Johnston and his colleagues come up with anti-evidence approach,
where when the seal is tampered, will create and display some visual indicator that
creates evidence of the event. Protocol based on hashes or MACs as the nature of the
anti-evidence approach and perhaps, someday seals based on an approach like this will
be able to provide future stronger defense.
5. Inside the voting black box
DRE voting machines are referred to Black Box Voting Machines, because recording of
the votes is unobservable. Voting machine companies claim that their software is trade
secret, which is common practice in software development generally, but when it comes
to voting, it seems like there shouldn't be anything fundamentally secret about the way
our votes are cast and counted. The actual process of counting votes and announcing a
total is something that many people believe should be transparent to the public. There's
a further objection of keeping the software in the voting machine secret, based on
security grounds. If a piece of software relies on being secret for its security and that
software leaks out, then they'll never be any way to get that security back.
For many years, Diebold - the makers of the AccuVote TS was extremely secretive
about allowing anyone to do an independent security evaluation of their machines or the
software running in them. Diebold even threaten election officials who proposed to have
their independent security evaluation done.
Dieboldcasestudy
All of that started to change in 2003, when a voting activist named Bev Harris was
Google in for documents about the Diebold machines and came across with a file
posted to a Diebold Internet server. This file happened to be a copy of the complete
source code to the Diebold voting machine.
21. 20 | P a g e
Figure 10. Analysis of an Election Voting System
This was the first time that anyone independently was able to see what was inside the
software, do a security analysis and talk to the public about the results. A team of
scientists from the University of California, San Diego, Johns Hopkins University and
Rice University looked at the software Bev Harris found and did a security analysis. This
is the paper they published in 2003(Fig.10).
Problems:
They found a number of problems as one problem they found was with the
software handled the voter access cards.
It turned out that using just easily obtainable hardware and software you
wrote yourself a voter could make any number of these cards that would
work in the normal election. This would allow a voter to cast as many times
as he wanted within the election booth.
Another problem this research group found had to do with the encryption
that was used in the Diebold voting machines. Encryption is a means of
scrambling data files so that they're impossible to read unless you have an
encryption key for the file. A key is usually a very large randomly generated
number that's used in the scrambling process and the corresponding de-
scrambling process to get the data back requires the key. Without the key
it's practically infeasible to recover the data. Diebold applied the encryption
to try to protect the integrity and ballot secrecy in data that in the data
stored on the voting machine's memory cards. It’s turned out that they
applied encryption incorrectly in a variety of ways because of design
errors. The most interesting of these errors, the simplest one, was that all
of the voting machines used exactly the same encryption key. This is a
terrible security practice because if a criminal were able to get one of those
voting machines say it, it's stolen from a polling place, or fell of a truck, or
22. 21 | P a g e
the criminal is an insider in one election district, then that criminal can take
that information and apply it to break the encryption on all of the other
Diebold voting machines in use nationwide. That key is happened to be the
string F2654hD4. That was the secret that was protecting the integrity on all
of these machines and once the code leaked to the Diebold website anyone
could decrypt any of the data files from any of the machines.
Figure 11. Diebold Encryption
The next problem was a ballot secrecy problem. It had to do with the way
ballots were stored on the memory card. The machine made a record of
every time someone cast a vote; the votes were stored in a file on the
memory card. In the Diebold memory card the votes were stored in order.
What this meant was that if someone was just observing at the polling
place, watching the order in which people went into the machine and cast
their votes and they had access to the memory card at the end, they could
determine exactly how every one of those voters voted which is a major
weakness in ballot secrecy. Finally, the researchers looked at the software
development practice.
They looked for evidence that the software engineering methodologies
used to produce the software in the Diebold machine weren’t up to the
exceeding standards of critical software. What they found when they
looked into the code was a lot of evidence of poor engineering practice
which resulted one insecure and unreliable software. The easiest way to
illustrate what it is mean by that is to have a look at the some of the
comments that were found in the code comments and notes programmers
leaved inside the software source code to let themselves and others more
easily understand what's going on.
23. 22 | P a g e
Figure 11.Poor developer notes
These notes are reflection of the internal development chaos and evidence that the
development practice was far from the level needed to produce critical infrastructure
software .All of these problems painted a pretty grim picture of what's going on inside
the Diebold DREs, but the company's reaction paints an even grimmer one. The
company Diebold first denied the problems. Secondary they claimed that the software
that was studied was not something used in actual machines. Third- personally attacked
the researchers involved. And finally they said that if there were any problems they've
been fixed in the new version of the software. We might think that fixing these problems
in the new version of the software would be an adequate response but actually finding
problems like this is evidence that there's something rotten to the core.
Secure and reliable software is a product of a certain development practice,
mentality and methodology and finding problems like this so easily indicate that
those development practices are broken. Every group that's had a look at the
system has found even more severe problems with security and reliability. Here
is an example of one of those problems. This is something that wasn't spotted in
the Hopkins study but is actual security bug spotted in Diebold voting machine
where everyone with programming skills can detect easily.
Figure 12. Poor coding practice
24. 23 | P a g e
6. Recommendations for better useable security andprivacy
Solution: Every voting technology had problems as it luck strong defensive mechanism. Many
researchers’ opinion is that in order to have voting security community, we have to add paper as
a form of defense. Paper can offer very important security advantages, especially when it's
coupled with electronic system and makes sense as computers are not always available,
reliable and correct, therefore any form of physical backup of the votes’ records can be useful
disaster recovery strategy. Most researchers believe that it is beneficial to combine paper
records and electronic records into one redundant record.
Advantage of having those two records is that they have differed security nodes, hard to violate
in ones. With an old fashion paper record stored in a ballot box, we have the possibility of
physical tampering and retail fraud. With the digital records, where the data is stored in a
memory card site, we have the possibility of cyber-tampering or electronic tampering that would
cause a form of wholesale fraud as its require only a very small conspiracy, perhaps, just one
person with brief access to the electronics. When we combine these records however, if we
checked to make sure that they agree by performing some kind of auditing process after the
election, we can have a very difficult situation for the criminals as they would need to have a
large conspiracy to change paper records to match the electronic records and they have to be
sophisticated enough to make sure that they cheat in both records in a way that agrees or else,
we're going to notice a mismatch in the audit. By combining these low tech and high tech
records, we can have something that's far more secure than either paper ballots or electronic
records on their own. The problem is that in many places, the audits to check that the paper
records and electronic records agree are exceedingly rare, and only happen if, there's very
large or very small margin of victory. For these reasons, most researchers in this field
considered precinct count optical scan with audits to be the gold standard in what today's
technology can do for securing the election. But there is another way that you can combine
paper and electronic records, and this is a technology that was invented to try to overcome
some of the objections to DRE voting machines.
The idea is pretty simple and it’s called a Voter-Verifiable Paper Audit Trail VVPAT, where every
time someone votes, prints out a piece of paper with record of that individual ballot.
The critical thing about VVPAT is that it has to be something that the voter can see and check at
the time their casting their vote. A Voter-Verifiable Paper Audit Trail adds some kinds of
protections but there are still a number of pretty important criticisms.
First of all since the VVPAT is completely controlled by the computer in the voting
machine, if the computer software is dishonest, it could print paper records that don't
match the voter's intent. If the voter doesn't check that these records are what they
thought they would be this creates the opportunity for DRE to cheat and get away with it.
The DRE depending on the specifics of the design of the VVPAT mechanism which
might try to print extra ballots when no one is there interacting with it. It might try to
cancel and replace the voter's ballots after the voter walks away.
Secondary other problem has to do with the most common way of implementing a
VVPAT, which is to use a cash register tape style paper printing device, which is
25. 24 | P a g e
economical but not particularly reliable and permanent. Those records will fade away if
they were leave out on the sun for too long or at list very hard to read. Some
mechanisms even require the voter to open a door to look at the tape and see how their
votes have been recorded.
The final problem with having a cash register style tape is similar to the problem with
the Diebold memory cards as if you not cutting the tape between each voters vote, you
have a record of all of the votes in the order they were cast which means that if someone
is watching the polling place and seeing who goes up to that particular machine that
votes later on can look at the tape and configured person’s choices.
For these reasons and some others most researchers prefer precinct count optical scan and
consider the VVPAT to be a flawed security enhancement but it’s still probably better than a
purely paperless DRE.
7. References
E- Book
1) Bibliography:Jones,D.W.andSimons,B.(nodate) Broken ballots.Availableat:
http://press.uchicago.edu/ucp/books/book/distributed/B/bo13383590.html (Accessed:30 March 2016).
In-line Citation:(JonesandSimons,nodate) chapters4,5, 6, 7, 8, 10.
2) Encyclopediaof ContemporaryAmericanSocial Issues[4volumes] - Google Books.2016. Encyclopedia
of ContemporaryAmericanSocial Issues[4volumes] - Google Books.[ONLINE] Available at:
https://books.google.co.uk/books?id=BjKWfAz0tx4C&pg=PA1659&lpg=PA1659&dq=Counting+Mark-
Sense+Ballots+by&source=bl&ots=tQHQBPT9ex&sig=rhlIPjdO8fEfYAMWj0F2cUaLvIc&hl=en&sa=X&ved=
0ahUKEwiBu5Cn1- bLAhWHCCwKHXbAA3UQ6AEINjAE#v=onepage&q=Counting%20Mark-
Sense%20Ballots%20by&f=false.[Accessed29March 2016].
Computersat the Polls
1) ElectronicElections:The PerilsandPromisesof Digital Democracy - R.Michael Alvarez,ThadE. Hall -
Google Books.2016. ElectronicElections:The PerilsandPromisesof Digital Democracy - R.Michael
Alvarez,ThadE. Hall - Google Books.[ONLINE] Available at:
https://books.google.co.uk/books?hl=en&lr=&id=OOhhIGSca7gC&oi=fnd&pg=PP1&dq=Electronic+Electi
ons:+The+Perils+and+Promises+of+Digital+Democracy+by&ots=c4U-
DX_ph8&sig=YmCJNUQ5C9LfN0npvnHwfMXoSo4#v=onepage&q=Electronic%20Elections%3A%20The%2
0Perils%20and%20Promises%20of%20Digital%20Democracy%20by&f=false.[Accessed29March 2016].
26. 25 | P a g e
2) The Machineryof Democracy| BrennanCenterforJustice.2016. The Machineryof Democracy |
BrennanCenterforJustice.[ONLINE] Available at:
https://www.brennancenter.org/publication/machinery-democracy.[Accessed29 March 2016].
3)2016. . [ONLINE] Availableat:https://www.truststc.org/pubs/352/1-%20Wagner.pdf.[Accessed29
March 2016].
4) ProjectEverest:SecurityReviewof OhioE-VotingSystems|ElectionDefense Alliance.2016.Project
Everest:SecurityReviewof OhioE-VotingSystems|ElectionDefense Alliance.[ONLINE] Availableat:
http://electiondefensealliance.org/project_everest_security_review_ohio_e_voting_systems.[Accessed
29 March 2016].
5). 2016. . [ONLINE] Availableat:https://jhalderm.com/pub/papers/stopgap-evt08.pdf.[Accessed29
March 2016].
6). 2016. . [ONLINE] Availableat:http://www.blackboxvoting.org/BBVreport.pdf.[Accessed29March
2016].
Optical Scan
1)Security Analysisof the DieboldAccuBasicInterpreterbyWagner,Jefferson,andBishop,etal.(2006).
Available at:https://css.csail.mit.edu/6.858/2012/readings/accuvote-ts.pdf (Accessed:30 March 2016).
2)voter(2006) Centerforvotingtechnologyresearch. Available at:
https://voter.engr.uconn.edu/voter/tag/optical-scan/(Accessed:30 March 2016).
3)Bubble Trouble:Off-LineDe-Anonymizationof Bubble Forms byCalandrino,Clarkson,andFelten.In
Usenix Security (2011). Prospectsof re-identifyingindividualswhofill outoptical scanforms.
https://www.cs.princeton.edu/~jcalandr/papers/bubbles-usenix11.pdf
4)FingerprintingBlankPaperUsingCommodityScanners byClarkson,Weyrich,Finkelstein,Heninger,
Halderman,andFelten.In IEEESymp.on Security and Privacy (2009).
Available at:http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/pub/paper09oak.pdf
(Accessed:30 March 2016).
5)HumboltCountyElectionTransparencyProject.Californiajurisdictionprovidesonlineimagesof voted
ballots. Availableat:
https://www.google.co.uk/webhp?sourceid=chromeinstant&ion=1&espv=2&ie=UTF-
8#q=Humboldt+County+Election+Transparency+Project.+California+jurisdiction+provides+online+image
s+of+voting+ballots(Accessed:30 March 2016).