Security and Election Systems

Similar documents
The Future of Elections: Technology Policy & Funding Conference

THREATS TO VOTER REGISTRATION

ELECTIONS AT RISK: GLOBAL THREATS/ LOCAL IMPACT

Statement on Security & Auditability

Mecklenburg County Department of Internal Audit. Mecklenburg County Board of Elections Elections Process Report 1476

E-Poll Books: The Next Certification Frontier

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Few people think of IEEE

Global Conditions (applies to all components):

COURAGEOUS LEADERSHIP Instilling Voter Confidence in Election Infrastructure

Ballot Reconciliation Procedure Guide

Key Considerations for Oversight Actors

DIRECTIVE May 21, All County Boards of Elections Directors, Deputy Directors, and Board Members. Election Administration Plans SUMMARY

Key Considerations for Implementing Bodies and Oversight Actors

Maryland State Board of Elections Comprehensive Audit Guidelines Revised: February 2018

Colorado Secretary of State Election Rules [8 CCR ]

Post-Election Audit Pilots, and New Physical and Cyber Security Requirements in Indiana Election Code

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Voting System Examination Election Systems & Software (ES&S)

United States Election Assistance Commission

SECTION 8. ELECTION AND VOTER REGISTRATION RECORDS

REGISTRAR OF VOTERS. General Fund. FY11/12 Actual

PENNSYLVANIA S ELECTION SECURITY

Registrar of Voters Foundations Certification Program Course Outline

State of Colorado Department of State epollbook and Ballot On-Demand

Case: 1:06-cv CAB Doc #: 44-6 Filed: 09/25/12 1 of 26. PageID #: 64

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

INSTRUCTIONS AND INFORMATION

Secretary of State Chapter STATE OF ALABAMA OFFICE OF THE SECRETARY OF STATE ADMINISTRATIVE CODE

2019 MINNESOTA COUNTIES ELECTIONS CALENDAR WITH UNIFORM SPECIAL ELECTION DATES

Elections & Electronic Voting Machines

Options for New Jersey s Voter-Verified Paper Record Requirement

2018 MINNESOTA COUNTIES ELECTIONS CALENDAR WITH UNIFORM SPECIAL ELECTION DATES

2018 MINNESOTA UNIFORM SPECIAL ELECTION DATES CALENDAR

2018 Minnesota Town with March Elections Calendar

The Future of California Elections Expanding Participation in California s Democracy: A look at current reforms and the road ahead

2018 MINNESOTA CAMPAIGN FINANCE ELECTIONS CALENDAR

ARKANSAS SECRETARY OF STATE. Rules on Vote Centers

Local Fiscal Impact. Statewide $0 $23,347 $5,884 $4,038

Home visit pilot program

Election Audit Report for Pinellas County, FL. March 7, 2006 Elections Using Sequoia Voting Systems, Inc. ACV Edge Voting System, Release Level 4.

Sexual Assault Kit (SAK) Tracking System Project Management Washington State Patrol. Business and Technical Requirements v2.1

Draft rules issued for comment on July 20, Ballot cast should be when voter relinquishes control of a marked, sealed ballot.

REQUESTING A RECOUNT 2018

(1) PURPOSE. To establish minimum security standards for voting systems pursuant to Section (4), F.S.

ARKANSAS SECRETARY OF STATE

HOUSE BILL 1060 A BILL ENTITLED. Election Law Delay in Replacement of Voting Systems

COMMISSION CHECKLIST FOR NOVEMBER GENERAL ELECTIONS (Effective May 18, 2004; Revised July 15, 2015)

CHAPTER 11: BALLOT PROCESSING AND VOTER INTENT

LOS ANGELES COUNTY Registrar-Recorder/County Clerk MEDIA KIT LAVote.net Nov.6,2018 General Election

COUNTY OF LOS ANGELES REGISTRAR-RECORDER/COUNTY CLERK IMPERIAL HWY. P.O. BOX 1024, NORWALK, CALIFORNIA

coordinated mail ballot election is approved in substantially the same form as the copy attached hereto

Please see my attached comments. Thank you.

How do I know my vote is safe?

H 8072 S T A T E O F R H O D E I S L A N D

Election Dates Calendar

Scott Gessler Secretary of State

2019 Election Calendar

2019 Election Calendar

L9. Electronic Voting

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

Elections. Mission Statement. Mandates. Expenditure Budget: $1,583,167. General Government Expenditure Budget: $69,278,846

Election Dates Calendar

Logic & Accuracy Testing

If your answer to Question 1 is No, please skip to Question 6 below.

Dates to Remember

New Voting Systems; Old Law. Brittany Westfall West Virginia Secretary of State s Office

OHIO ELECTRONIC POLLBOOK ACCEPTANCE TESTING MATRIX

The documents listed below were utilized in the development of this Test Report:

PROPOSAL. Request for Information: Uniform Voting System for the State of Colorado

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

Acceptance Testing More Important Than Ever. Texas Association of Election Administrators January 10, 2018

LOS ANGELES COUNTY Registrar-Recorder/County Clerk LAvote.net

GENERAL RETENTION SCHEDULE #23 ELECTIONS RECORDS INTRODUCTION

POLLING TOUR GUIDE U.S. Election Program. November 8, 2016 I F E. S 30 Ye L A

48TH LEGISLATURE - STATE OF NEW MEXICO - SECOND SESSION, 2008

COUNTY OF LOS ANGELES REGISTRAR-RECORDER/COUNTY CLERK IMPERIAL HWY. P.O. BOX 1024, NORWALK, CALIFORNIA

Colorado Secretary of State Election Rules [8 CCR ]

Interpreting Babel: Classifying Electronic Voting Systems

BALLOTS I. AUTHORITY RESPONSIBLE FOR PREPARING BALLOT [TEC, ] C. City secretary, for an election ordered by a city authority.

Estonian National Electoral Committee. E-Voting System. General Overview

WARREN COUNTY BOARD OF ELECTIONS

Election Cybersecurity, Voter Registration, and ERIC. David Becker Executive Director, CEIR

The Election Validation Project: Increasing Trust in Elections Through Audits, Standards, and Testing

COUNTY OF SACRAMENTO CALIFORNIA

NOTICE OF PRE-ELECTION LOGIC AND ACCURACY TESTING

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

ASSEMBLY, No STATE OF NEW JERSEY. 218th LEGISLATURE INTRODUCED MAY 17, 2018

Election Dates and Activities Calendar

If further discussion would be of value, we stand by ready and eager to meet with your team at your convenience. Sincerely yours,

Logic and Accuracy Test Information Packet 2018 City of Longmont Special Election - Ward 1

Voting Laws Roundup 2018

2018 Election Calendar

Registrar of Voters Certification. Audit ( 9 320f)

May 9, 2015 Election Law Calendar

HOUSE RESEARCH Bill Summary

Protocol to Check Correctness of Colorado s Risk-Limiting Tabulation Audit

Orange County Registrar of Voters. Survey Results 72nd Assembly District Special Election

2. Scope: This policy applies to the Auditor and the staff identified within this policy.

Transcription:

NCSL Summit Security and Election Systems Chicago, IL August 2016 Merle S. King 2011

In the News

In the News

In the News

In the News

Public Service or Panic?

Possibility vs. Probability Possibility is a boolean value 1 or 0. There is Impossible = 0 and NOT(Impossible) = 1 Probability is the likelihood of occurrence of an event >0 Event <1. They are not synonyms Allocation of resources to mitigate threats must be done on the probability of the threat occurrence x its potential consequence

Issues 1. Campaign Systems vs. Election Systems vs. Voting Systems 2. Undermining Confidence vs. Disrupting vs. Altering Outcomes 3. Layered Defense of Voting Systems

Systems Campaign Systems collect, store, transform, utilize, and share data related to a candidate, party, or ballot question. Campaign Systems are strategic. Campaign Systems may be short lived. Campaign Systems are not owned by governments they are private systems. There are no standards for security. Their architecture and maintenance are at the discretion of their owner.

Systems Election Systems collect, store, utilize and share data related to the administration of elections. Election Systems are administered at the state and/or local level. Election Systems are characterized by their architecture, function(s), interfaces and data. Election Systems have no uniform standards and no testing protocols beyond those imposed by the purchaser and designer.

Interaction of Voting and Election Systems Online VR System Auto VR System DMV VR System (re)districting Systems GIS Auditing Systems Candidate Qualifying System Pollworker/ Staff Training Sys. Voter Information System Ballot Tracking System Voting System Define Bal. Reports Cap & Tab Audits E-pollbooks Barcode Scanner UOCAVA / Ballot Delivery/Return Ballot on Demand Ballot Marking System Statewide Election Night Reporting Administrative Reports Ballot Printing Precinct Mgt +- Systems Voter Authentication System Absentee Application 2016

Attacking Elections Purpose of an election is to facilitate an acceptable transition or retention of political leadership or referendum. Confidence in the outcomes is built upon confidence in the personnel, processes and technologies. One of the easiest attacks on an election, is to undermine the confidence in the outcomes. Takes little investment of effort, can yield significant results. Speak in possibilities - make election officials prove the negative.

Attacking Elections Residual Votes in 2016 election Adoption of VBM (Central Count) Systems Intentional, advice of parties "Residual votes represent the votes that do not properly record the voter's intent, or don't record any vote at all because of problems in voting mechanisms. This is an ongoing problem that regularly means that millions of votes are lost. Kay Maxwell, LOWV 2005.

Disrupting Elections Elections are known, scheduled IT events Most of the technical details are known in advance, but not all Attacking an election system (like the VR system) could disrupt an election, but only for a short period of time Elections are not single-day events time to recover Election planning is contingency planning Backups and rollbacks

Voting System Voting System

Voting System What voting systems do: Vote Capture Tabulation Ballot/Election Definition Reports Audits Voting System

Voting System What voting systems do:* Vote Capture Tabulation Ballot/Election Definition Reports Audits Voting System Requirements:* Security Accuracy Usability Functionality Robustness Auditability *EAC Voluntary Voting System Guidelines

Voting System What voting systems do: Vote Capture Tabulation Ballot/Election Definition Reports Audits What it is legally required to do: Accessibility** ** Section 504, 1973 Rehabilitation Act 1990 Americans With Disabilities Act Voting System Requirements: Security Accuracy Usability Functionality Robustness Auditability

Voting System Statute Rule Vetted Procedures Vendor-provided procedures IT Best practices Chain of custody Documentation Procedures Voting System

Voting System Statute Rule Vetted Procedures Vendor-provided procedures IT Best practices Chain of custody Documentation Procedures Voting System Training is the essential control to ensure procedures are implemented

Voting System Election officials are trained to follow procedures Election officials have very small degrees of latitude in interpreting procedures Most election anomalies at the local level begin by an election official winging it or using their judgment. Procedures Voting System Upson County Georgia pollworker directs voter to wrong precinct, 227 miles away.

Voting System Voting systems have specific storage requirements: Lock and key Seals Logs Video observation Chain of custody Preventative vs. Detective Controls Quarantine and removal Procedures Voting System Physical

Voting System Authentication Encryption Hash Compares Audit Logs Air Gaps Cyber Security Procedures Voting System Physical

Voting System Voting System Test Labs State Certification Acceptance Testing Logic and Accuracy Testing Risk Limiting Audits Operational Audits Forensic Audits Cyber Security Procedures Voting System Physical Testing

Questions to Ask What security procedures are our election officials required to implement? How current is their training? How are voting system components physically secured? How are desktops and laptops used in election activities secured? By whom? Have all recent vendor service bulletins been reviewed and mitigations implemented?

Discussion Merle S. King Executive Director Center for Elections Systems mking@kennesaw.edu

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback