Thoughts On Appropriate Technologies for Voting

Similar documents
Security of Voting Systems

An Overview on Cryptographic Voting Systems

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Brittle and Resilient Verifiable Voting Systems

Josh Benaloh. Senior Cryptographer Microsoft Research

L9. Electronic Voting

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

The usage of electronic voting is spreading because of the potential benefits of anonymity,

An Introduction to Cryptographic Voting Systems

Voting Matters Democracies Need Voters Name: Get Registe red Motor Voter Law Political Parties Influence Voters

CHAPTER 2 LITERATURE REVIEW

Good morning. I am Don Norris, Professor of Public Policy and Director of the

AFFIDAVIT OF POORVI L. VORA. 1. My name is Poorvi L. Vora. I am a Professor of Computer Science at The George

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Risk-Limiting Audits

Auditability and Verifiability of Elec4ons Ronald L. Rivest

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

Swiss E-Voting Workshop 2010

Electronic Voting Machine Information Sheet

Secure Electronic Voting

The Use of New Voting Technologies (NVT)

L14. Electronic Voting

The E-voting Controversy: What are the Risks?

E-Voting, a technical perspective

Confidence -- What it is and How to achieve it

Secure and Reliable Electronic Voting. Dimitris Gritzalis

Statement on Security & Auditability

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Cuyahoga County Board of Elections

Privacy of E-Voting (Internet Voting) Erman Ayday

Mistakes, Malfunctions & Manipulation The Risks of Electronic Election Miscounts

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

Addressing the Challenges of e-voting Through Crypto Design

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

The Security of Elections. can be done on a computer screen. As the result of this, there s been a push to add voting to the

FIRST VOTER-VERIFIABLE TOUCH-SCREEN VOTING SYSTEM DEBUTED IN SACRAMENTO COUNTY, CALIFORNIA

E- Voting System [2016]

VOTERGA SAFE COMMISSION RECOMMENDATIONS

ALL YEAR, EVERY YEAR. Spring. Summer. Winter. Autumn

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

Electronic Voting. Mohammed Awad. Ernst L. Leiss

The problems with a paper based voting

Software Independence

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Elections & Electronic Voting Machines

Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

Accessible Voter-Verifiability

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

The Impact of Technology on Election Observation

National Intelligence, 2017 at iii; Securing Elections from Foreign Interference, Brennan Center for Justice, June 29, 2017 at 4.

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

2010 Pre-election Logic and Accuracy & Post-election Audit Grant Program

Testimony of George Gilbert Director of Elections Guilford County, NC

Electronic Voting Machine Information Sheet

Cryptographic Voting Protocols: Taking Elections out of the Black Box

Democracy depends on losers accepting the results

Abstract: We present a modular voting architecture in which vote generation is performed separately from vote casting.

Designing issues and requirement to develop online e- voting system systems having a voter verifiable audit trail.

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

Voting Protocol. Bekir Arslan November 15, 2008

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Introduction of Electronic Voting In Namibia

Privacy Issues in an Electronic Voting Machine

Ballot Reconciliation Procedure Guide

Key Considerations for Implementing Bodies and Oversight Actors

Machine-Assisted Election Auditing

Electronic Voting in Belgium Past, Today and Future

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 27, 2017

A Secure Paper-Based Electronic Voting With No Encryption

Areeq Chowdhury: Yeah, could you speak a little bit louder? I just didn't hear the last part of that question.

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Election 2000: A Case Study in Human Factors and Design

Global Conditions (applies to all components):

Elections, Technology, and the Pursuit of Integrity: the Connecticut Landscape

HOUSE BILL 1060 A BILL ENTITLED. Election Law Delay in Replacement of Voting Systems

The Key To Unlocking The Black Box: Why The World Needs A Transparent Voting DAC

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

Computer Security Experts Support BC-LCCR Recommendations

Voting System Examination Election Systems & Software (ES&S)

Design and Implementation of Electronic Voting System (EVS)

Voting and Elections. CP Political Systems

Key Considerations for Oversight Actors

Life in the. Fast Lane PREPARED BY ELECTION SYSTEMS & SOFTWARE ELECTION SYSTEMS & SOFTWARE

VOTING CALTECH MIT WHAT HAS CHANGED, WHAT HASN T, & WHAT NEEDS IMPROVEMENT VOTING TECHNOLOGY PROJECT

Volume I Appendix A. Table of Contents

THE PROPOSAL OF GIVING TWO RECEIPTS FOR VOTERS TO INCREASE THE SECURITY OF ELECTRONIC VOTING

Security Analysis on an Elementary E-Voting System

(Straw) Man in the Middle:

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

FSASE Canvassing Board Workshop. Conducting Recounts. Presented by: Susan Gill, SOE Citrus County

I-A. Voting Systems As Part of Cyber Security Critical Infrastructure.

POLL MUST BE SOURCED: NPR/Marist Poll

Estonian National Electoral Committee. E-Voting System. General Overview

Feng Hao and Peter Y A Ryan (Eds.) Real-World Electronic Voting: Design, Analysis and Deployment

Transcription:

Thoughts On Appropriate Technologies for Voting Ronald L. Rivest Viterbi Professor of EECS MIT, Cambridge, MA Princeton CITP E-voting Workshop 2012-11-01

Is Voting Keeping Up with Technology? We live in an age of marvelous technology: cellphones, man on the moon, the web, cars that drive themselves.

Is Voting Keeping Up with Technology? We live in an age of marvelous technology: cellphones, man on the moon, the web, cars that drive themselves. Many technology wishes come true wish it, and you can have it.

Is Voting Keeping Up with Technology? We live in an age of marvelous technology: cellphones, man on the moon, the web, cars that drive themselves. Many technology wishes come true wish it, and you can have it. Is voting being left behind?

Is Voting Keeping Up with Technology? We live in an age of marvelous technology: cellphones, man on the moon, the web, cars that drive themselves. Many technology wishes come true wish it, and you can have it. Is voting being left behind? Why are many of us voting on paper ballots?

2 Is Voting Keeping Up with Technology? We live in an age of marvelous technology: cellphones, man on the moon, the web, cars that drive themselves. Many technology wishes come true wish it, and you can have it. Is voting being left behind? Why are many of us voting on paper ballots? Why not voting, say, over the Internet?

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,...

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options.

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options. You don t have to take them.

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options. You don t have to take them. Sometimes low tech is better! (esp. for security)

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options. You don t have to take them. Sometimes low tech is better! (esp. for security) My students prefer chalk/blackboard to powerpoint.

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options. You don t have to take them. Sometimes low tech is better! (esp. for security) My students prefer chalk/blackboard to powerpoint. When hiking, it may be better to carry a map than to use a GPS. (What could go wrong?)

3 Choosing Appropriate Technology for Voting Voting tech has often followed other tech innovations: paper ballot, lever machine, punch card, opscan ballot, DRE,... Technology introduces design options. You don t have to take them. Sometimes low tech is better! (esp. for security) My students prefer chalk/blackboard to powerpoint. When hiking, it may be better to carry a map than to use a GPS. (What could go wrong?) Manual car window may be safer than power window.

4 Epigrams I offer 11 epigrams that may help frame the discussion...

5 # 1 A voting system must determine the winner and convince the losers they really lost.

5 # 1 A voting system must determine the winner and convince the losers they really lost. VS is not a trusted party, but must justify its conclusions.

5 # 1 A voting system must determine the winner and convince the losers they really lost. VS is not a trusted party, but must justify its conclusions. VS must produce credible evidence that the stated outcome is correct.

5 # 1 A voting system must determine the winner and convince the losers they really lost. VS is not a trusted party, but must justify its conclusions. VS must produce credible evidence that the stated outcome is correct. Key question to ask about any VS: What evidence does it produce about the outcome, and why is it credible?

5 # 1 A voting system must determine the winner and convince the losers they really lost. VS is not a trusted party, but must justify its conclusions. VS must produce credible evidence that the stated outcome is correct. Key question to ask about any VS: What evidence does it produce about the outcome, and why is it credible? VS should include a (risk-limiting) audit to ensure that (with high probability) the evidence really does support the stated outcome.

6 # 2 The need for secret ballots makes voting system design both unique and hard.

6 # 2 The need for secret ballots makes voting system design both unique and hard. Different than banking or other information-processing applications.

6 # 2 The need for secret ballots makes voting system design both unique and hard. Different than banking or other information-processing applications. Voters should not be coerced or bribed (they must be protected from their own temptations).

6 # 2 The need for secret ballots makes voting system design both unique and hard. Different than banking or other information-processing applications. Voters should not be coerced or bribed (they must be protected from their own temptations). No one should know how a voter voted, even if the voter wants it. (Mandatory privacy!)

6 # 2 The need for secret ballots makes voting system design both unique and hard. Different than banking or other information-processing applications. Voters should not be coerced or bribed (they must be protected from their own temptations). No one should know how a voter voted, even if the voter wants it. (Mandatory privacy!) Separation of voter identification from ballot makes good chain of custody very important.

6 # 2 The need for secret ballots makes voting system design both unique and hard. Different than banking or other information-processing applications. Voters should not be coerced or bribed (they must be protected from their own temptations). No one should know how a voter voted, even if the voter wants it. (Mandatory privacy!) Separation of voter identification from ballot makes good chain of custody very important. VBM (vote-by-mail) and unsupervised remote voting are defective approaches.

# 3 Beware of the myth of the machine!

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked!

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification. Real machine is what you get.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification. Real machine is what you get. Rarely are these the same.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification. Real machine is what you get. Rarely are these the same. Even good commercial software has several serious undiscovered errors per 1000 lines of code. These are frequently security vulnerabilities.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification. Real machine is what you get. Rarely are these the same. Even good commercial software has several serious undiscovered errors per 1000 lines of code. These are frequently security vulnerabilities. Even worse, deployed implementation may have additional changes.

7 # 3 Beware of the myth of the machine! Myth = We can build infallible machines that always work as specified. Even when attacked! Ideal machine is equivalent to its specification. Real machine is what you get. Rarely are these the same. Even good commercial software has several serious undiscovered errors per 1000 lines of code. These are frequently security vulnerabilities. Even worse, deployed implementation may have additional changes. Properties of system derive from properties of deployed system, not those of original spec.

8 # 4 It may help to view a complex piece of technology as like a person.

8 # 4 It may help to view a complex piece of technology as like a person. Automation / personification duality: Tasks once performed by people have been automated.

8 # 4 It may help to view a complex piece of technology as like a person. Automation / personification duality: Tasks once performed by people have been automated. Just like a person, complex technologies can act in unpredictable, even malicious, ways. They can say one thing and do another.

8 # 4 It may help to view a complex piece of technology as like a person. Automation / personification duality: Tasks once performed by people have been automated. Just like a person, complex technologies can act in unpredictable, even malicious, ways. They can say one thing and do another. Think of buying a voting system as you would hiring a team of workers from a temp agency.

8 # 4 It may help to view a complex piece of technology as like a person. Automation / personification duality: Tasks once performed by people have been automated. Just like a person, complex technologies can act in unpredictable, even malicious, ways. They can say one thing and do another. Think of buying a voting system as you would hiring a team of workers from a temp agency. Think of these workers as high-school students (earnest), elves (mischevious), or guys in ski masks (malicious).

8 # 4 It may help to view a complex piece of technology as like a person. Automation / personification duality: Tasks once performed by people have been automated. Just like a person, complex technologies can act in unpredictable, even malicious, ways. They can say one thing and do another. Think of buying a voting system as you would hiring a team of workers from a temp agency. Think of these workers as high-school students (earnest), elves (mischevious), or guys in ski masks (malicious). Imagine a voting machine, or the internet, as a person. Did you ever make a hiring error?

# 5 VS must be robust against insider attacks! 9

9 # 5 VS must be robust against insider attacks! An insider (election official or piece of technology) should not be able to undetectably corrupt evidence so as to cause change in outcome.

9 # 5 VS must be robust against insider attacks! An insider (election official or piece of technology) should not be able to undetectably corrupt evidence so as to cause change in outcome. Mental state of temp worker is at best weak or hearsay evidence.

9 # 5 VS must be robust against insider attacks! An insider (election official or piece of technology) should not be able to undetectably corrupt evidence so as to cause change in outcome. Mental state of temp worker is at best weak or hearsay evidence. Note difference between job listing for the person you hired and the person who shows up for work on election day. For a machine, this is the difference between its specification and its actual behavior.

9 # 5 VS must be robust against insider attacks! An insider (election official or piece of technology) should not be able to undetectably corrupt evidence so as to cause change in outcome. Mental state of temp worker is at best weak or hearsay evidence. Note difference between job listing for the person you hired and the person who shows up for work on election day. For a machine, this is the difference between its specification and its actual behavior. Misbehavior by an insider should be detectable (and correctable if possible!).

9 # 5 VS must be robust against insider attacks! An insider (election official or piece of technology) should not be able to undetectably corrupt evidence so as to cause change in outcome. Mental state of temp worker is at best weak or hearsay evidence. Note difference between job listing for the person you hired and the person who shows up for work on election day. For a machine, this is the difference between its specification and its actual behavior. Misbehavior by an insider should be detectable (and correctable if possible!). Helps to distinguish wholesale from retail fraud.

# 6 Paper has cool properties! 10

10 # 6 Paper has cool properties! Low-tech approach to constraining complex components, just as dog leash keeps dog from wandering off.

10 # 6 Paper has cool properties! Low-tech approach to constraining complex components, just as dog leash keeps dog from wandering off. Paper is human readable/writable, machine readable/writable, tamper-evident, and durable.

10 # 6 Paper has cool properties! Low-tech approach to constraining complex components, just as dog leash keeps dog from wandering off. Paper is human readable/writable, machine readable/writable, tamper-evident, and durable. A writing is a commitment can t be easily changed.

10 # 6 Paper has cool properties! Low-tech approach to constraining complex components, just as dog leash keeps dog from wandering off. Paper is human readable/writable, machine readable/writable, tamper-evident, and durable. A writing is a commitment can t be easily changed. VVPAT creates evidence a set of facts that can t be ignored or altered by VS. VS can t wander far from this set of facts.

10 # 6 Paper has cool properties! Low-tech approach to constraining complex components, just as dog leash keeps dog from wandering off. Paper is human readable/writable, machine readable/writable, tamper-evident, and durable. A writing is a commitment can t be easily changed. VVPAT creates evidence a set of facts that can t be ignored or altered by VS. VS can t wander far from this set of facts. Audit is like yank on dog leash...

# 7 There is a difference between a voter proxy and a voting witness.

# 7 There is a difference between a voter proxy and a voting witness. A voter proxy votes in your place.

# 7 There is a difference between a voter proxy and a voting witness. A voter proxy votes in your place. A voting witness watches you vote.

# 7 There is a difference between a voter proxy and a voting witness. A voter proxy votes in your place. A voting witness watches you vote. Proxy: You tell touch-screen voting machine (guy in ski mask) which candidate you prefer. Guy says he ll remember that and vote that way on your behalf later.

# 7 There is a difference between a voter proxy and a voting witness. A voter proxy votes in your place. A voting witness watches you vote. Proxy: You tell touch-screen voting machine (guy in ski mask) which candidate you prefer. Guy says he ll remember that and vote that way on your behalf later. Witness: You show scanner (elf) paper ballot you have filled out. Elf makes notes, and ballot goes into ballot box.

# 7 There is a difference between a voter proxy and a voting witness. A voter proxy votes in your place. A voting witness watches you vote. Proxy: You tell touch-screen voting machine (guy in ski mask) which candidate you prefer. Guy says he ll remember that and vote that way on your behalf later. Witness: You show scanner (elf) paper ballot you have filled out. Elf makes notes, and ballot goes into ballot box. In first case, guy is creating the evidence of your choices. In the second case, elf is merely observing the evidence you have created.

# 8 Avoid Internet Voting, for security reasons. 12

12 # 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why?

12 # 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why?

12 # 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why?

12 # 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?...

# 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?... Don t you have a better approach?

# 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?... Don t you have a better approach? Would you connect your toaster to a high-tension power line?

# 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?... Don t you have a better approach? Would you connect your toaster to a high-tension power line? Would you invest your pension in credit default swaps?

# 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?... Don t you have a better approach? Would you connect your toaster to a high-tension power line? Would you invest your pension in credit default swaps? Vendors who claim to have solved internet security problem are misleading you. (Like authors who write books on How to make a million in real estate Why are they trying to make a buck writing how-to books?)

# 8 Avoid Internet Voting, for security reasons. Why vote over the Internet? Why? Why? Why? Why? Why?... Don t you have a better approach? Would you connect your toaster to a high-tension power line? Would you invest your pension in credit default swaps? Vendors who claim to have solved internet security problem are misleading you. (Like authors who write books on How to make a million in real estate Why are they trying to make a buck writing how-to books?) Internet is useful in elections, but fails as an channel of evidence for voter intent.

# 9 Cryptography can help. 13

13 # 9 Cryptography can help. Good for privacy and for commitments.

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board.

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!).

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!). Bulletin board enables verifiable chain of custody.

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!). Bulletin board enables verifiable chain of custody. Authorities can produce tally without violating secret ballot.

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!). Bulletin board enables verifiable chain of custody. Authorities can produce tally without violating secret ballot. Anyone can verify tally of encrypted ballots.

13 # 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!). Bulletin board enables verifiable chain of custody. Authorities can produce tally without violating secret ballot. Anyone can verify tally of encrypted ballots. Scantegrity nicely integrates both paper ballots and crypto (for poll-site voting).

# 9 Cryptography can help. Good for privacy and for commitments. With end-to-end (E2E) voting systems, voters cast encrypted ballots onto public bulletin board. Voters can verify encryption, without getting receipt (!). Bulletin board enables verifiable chain of custody. Authorities can produce tally without violating secret ballot. Anyone can verify tally of encrypted ballots. Scantegrity nicely integrates both paper ballots and crypto (for poll-site voting). Helios embodies similar ideas for remote voting (assuming that client is malware-free!). 13

14 # 10 Beware wishful thinking! You can t always get what you want:

14 # 10 Beware wishful thinking! You can t always get what you want: non-fattening pizza

14 # 10 Beware wishful thinking! You can t always get what you want: non-fattening pizza totally safe cigarette

14 # 10 Beware wishful thinking! You can t always get what you want: non-fattening pizza totally safe cigarette getting fit with 5 minutes exercise/day

14 # 10 Beware wishful thinking! You can t always get what you want: non-fattening pizza totally safe cigarette getting fit with 5 minutes exercise/day automobile that runs on water

14 # 10 Beware wishful thinking! You can t always get what you want: non-fattening pizza totally safe cigarette getting fit with 5 minutes exercise/day automobile that runs on water secure internet voting (Calling something secure doesn t make it so. Maybe we should call this wishful labeling. This happens a lot when marketing tells engineering what to invent.)

# 10 Voting system design is all about tradeoffs. 15

15 # 10 Voting system design is all about tradeoffs. Security vs. Usability vs. Cost vs. Complexity vs. Accessibility vs....

15 # 10 Voting system design is all about tradeoffs. Security vs. Usability vs. Cost vs. Complexity vs. Accessibility vs.... Conflicting requirements drive up complexity.

15 # 10 Voting system design is all about tradeoffs. Security vs. Usability vs. Cost vs. Complexity vs. Accessibility vs.... Conflicting requirements drive up complexity. High complexity makes security tough.

15 # 10 Voting system design is all about tradeoffs. Security vs. Usability vs. Cost vs. Complexity vs. Accessibility vs.... Conflicting requirements drive up complexity. High complexity makes security tough. Evidence-based elections may reduce need or cost for certification.

15 # 10 Voting system design is all about tradeoffs. Security vs. Usability vs. Cost vs. Complexity vs. Accessibility vs.... Conflicting requirements drive up complexity. High complexity makes security tough. Evidence-based elections may reduce need or cost for certification. Continued research needed to identify interesting new design points, with different trade-offs. Need to understand first what voting systems are possible, then to select those that are best.

16 For more information Caltech/MIT Voting Technology Project. Voting: What Has Changed, What Hasn t & What Needs Improvement. October 2012. http://vote.caltech.edu. Douglas W. Jones and Barbara Simons. Broken Ballots: Will Your Vote Count? CSLI, June 2012. http://brokenballots.com Verified Voting. http://verifiedvoting.org/ Overseas Vote Foundation http://www.overseasvotefoundation.org Brennan Center for Justice http://www.brennancenter.org/

Summary Evidence-based elections.

Summary Evidence-based elections. Complex technology.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent. Internet voting isn t ready for prime time.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent. Internet voting isn t ready for prime time. Auditability.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent. Internet voting isn t ready for prime time. Auditability. Post-election audits.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent. Internet voting isn t ready for prime time. Auditability. Post-election audits. Cryptography and end-to-end voting.

Summary Evidence-based elections. Complex technology. Paper is cool. Paper is prudent. Internet voting isn t ready for prime time. Auditability. Post-election audits. Cryptography and end-to-end voting. Voting tech best of breed for poll-site voting seems to be: Opscan ballots with post-election auditing. End-to-end voting sytems.

18 Thank you!!!! Please vote!!!

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback