Arthur M. Keller, Ph.D. David Mertz, Ph.D.

Similar documents
Privacy Issues in an Electronic Voting Machine

VOTERGA SAFE COMMISSION RECOMMENDATIONS

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Volume I Appendix A. Table of Contents

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

The usage of electronic voting is spreading because of the potential benefits of anonymity,

HOUSE BILL 1060 A BILL ENTITLED. Election Law Delay in Replacement of Voting Systems

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

ARKANSAS SECRETARY OF STATE

RANKED VOTING METHOD SAMPLE PLANNING CHECKLIST COLORADO SECRETARY OF STATE 1700 BROADWAY, SUITE 270 DENVER, COLORADO PHONE:

An Overview on Cryptographic Voting Systems

Cuyahoga County Board of Elections

ARKANSAS SECRETARY OF STATE. Rules on Vote Centers

Key Considerations for Oversight Actors

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Global Conditions (applies to all components):

Key Considerations for Implementing Bodies and Oversight Actors

Colorado Secretary of State Election Rules [8 CCR ]

PROCESSING, COUNTING AND TABULATING EARLY VOTING AND GRACE PERIOD VOTING BALLOTS

The Use of New Voting Technologies (NVT)

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

E- Voting System [2016]

This page intentionally left blank

GAO. Statement before the Task Force on Florida-13, Committee on House Administration, House of Representatives

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Electronic Voting Machine Information Sheet

L14. Electronic Voting

Arizona 2. DRAFT Verified Voting Foundation March 12, 2007 Page 1 of 9

L9. Electronic Voting

Ballot Reconciliation Procedure Guide

NC General Statutes - Chapter 163 Article 14A 1

Accessible Voter-Verifiability

Please see my attached comments. Thank you.

Thoughts On Appropriate Technologies for Voting

Logic and Accuracy Test Information Packet 2018 City of Longmont Special Election - Ward 1

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

EML for Open Voting. Parker Abercrombie com. NIST Voting Data Formats Workshop. Gaithersburg October, 2009

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

Any person who is disorderly or who, in the judgment of the Board, unreasonably disrupts the 5% test may be removed.

Colorado Secretary of State Election Rules [8 CCR ]

1S Recount Procedures. (1) Definitions. As used in this rule, the term: (a) Ballot text image means an electronic text record of the content of

Good morning. I am Don Norris, Professor of Public Policy and Director of the

CHAPTER 2 LITERATURE REVIEW

Testimony of Dr. Dan S. Wallach Ohio Joint Committee on Ballot Security March 18, 2004

Voting System Examination Election Systems & Software (ES&S)

Direct Recording Electronic Voting Machines

Voting Protocol. Bekir Arslan November 15, 2008

The documents listed below were utilized in the development of this Test Report:

Recount Process. Ventura County Elections Division. 800 South Victoria Avenue Ventura, CA (805) venturavote.

Voting System Certification Evaluation Report

PINELLAS COUNTY VOTER GUIDE INSIDE. D e b o r a h Clark. S u p e r v i s o r of Elections. P i n e l l a s County. - How to Register to Vote

Security of Voting Systems

Pennsylvania Needs Resilient, Evidence-Based Elections

H 7249 S T A T E O F R H O D E I S L A N D

E-Voting, a technical perspective

The problems with a paper based voting

CENTRAL COUNTING STATION

FSASE Canvassing Board Workshop. Conducting Recounts. Presented by: Susan Gill, SOE Citrus County

Introduction of Electronic Voting In Namibia

Machine-Assisted Election Auditing

REQUESTING A RECOUNT 2018

Risk-Limiting Audits

H 5372 S T A T E O F R H O D E I S L A N D

Every electronic device used in elections operates and interacts

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Election Inspector Training Points Booklet

Estonian National Electoral Committee. E-Voting System. General Overview

Election Audit Report for Pinellas County, FL. March 7, 2006 Elections Using Sequoia Voting Systems, Inc. ACV Edge Voting System, Release Level 4.

CRS Report for Congress

Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC

UPDATE ON RULES. Florida Department of State

Procedures for the Use of Optical Scan Vote Tabulators

If your answer to Question 1 is No, please skip to Question 6 below.

If your answer to Question 1 is No, please skip to Question 6 below.

MATT BLAZE UNIVERSITY OF PENNSYLVANIA 1

The E-voting Controversy: What are the Risks?

Did you sign in for training? Did you silence your cell phone? Do you need to Absentee Vote? Please Hold Questions to the end.

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

H 8072 S T A T E O F R H O D E I S L A N D

IN-POLL TABULATOR PROCEDURES

An Introduction to Cryptographic Voting Systems

RULES FOR VOTER INTENT

2. Scope: This policy applies to the Auditor and the staff identified within this policy.

EXPERIENCING SMALL-SCALE E-DEMOCRACY IN IRAN. Mohsen Kahani Department of Computer Engineering,

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

ELECTION PLAN TOWN OF GODERICH MUNICIPAL ELECTIONS. January 2014

Brittle and Resilient Verifiable Voting Systems

IC Chapter 3. Counting Ballot Card Votes

Punchscan: Introduction and System Definition of a High-Integrity Election System

Ranked Voting and Election Integrity

Abstract: We present a modular voting architecture in which vote generation is performed separately from vote casting.

IC Chapter 13. Voting by Ballot Card Voting System

Statement on Security & Auditability

Testimony of George Gilbert Director of Elections Guilford County, NC

Hard Facts about Soft Voting

Electronic Voting Machine Information Sheet

Allegheny Chapter. VotePA-Allegheny Report on Irregularities in the May 16 th Primary Election. Revision 1.1 of June 5 th, 2006

STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System

Transcription:

Open Source Voting Arthur M. Keller, Ph.D. David Mertz, Ph.D. Outline Concept Fully Disclosed Voting Systems Open Source Voting Systems Existing Open Source Voting Systems Open Source Is Not Enough Barriers to Open Voting What s Wrong with DRE Voter-Verifiable Audit Trail New System Ideas Conclusion What You Can Do 1

Concept - Secret Ballots Tallied in Public - incompatible with - Voting Machines and Tabulators - whose inner workings are Trade Secrets Concept Wholesale Fraud versus Retail Fraud Long and ignoble history of ballot tampering A ballot box contains hundreds of potentially vulnerable votes A DRE voting system affects millions of potentially vulnerable votes 2

Concept Computer + Human = Better than Just Human Computer voting systems do not substitute for human procedures, but enhance the capability of people to conduct fair elections Under the right arrangements, corrupt officials are unable to corrupt elections The nature(s) of trust Fully Disclosed Voting Systems Part of making the entire voting process open to full inspection by the public Inventory of components Full source code (except true COTS) Object code images Checksums of object code images Hardware, Software, System Specifications Documentation Internal and external document formats and samples Hardware dependencies, specifications, and requirements For COTS: specifications, requirements, uses, version numbers, dates of manufacture Feature checklists License(s) Reports on non-internal tests Procurement contracts 3

Open Source Voting Systems Increases security and reliability Often secrecy of existing systems is to avoid embarrassment Open source systems are designed to be secure without secrecy Security by obscurity is not true security Many eyes can find bugs, errors, or fraud Open source systems (e.g., Linux, Apache) often more secure than comparable secret source systems (e.g., Windows, IIS) Differences (compared with other Open Source applications) Special purpose application Difficulty in recruiting volunteers Security needed in changing source code Hard to finance Freedom to test, experiment, and analyze Existing Open Source Voting Systems OVC Prototype System Described last year Demonstrated in 2004 Advanced the debate about voting systems Not a production quality system Berkeley research project (Yee, Wagner, et. al) Demonstrated in 2006 Similar in both features and limitations to OVC Prototype Open Voting Solutions A full, production-quality open source voting system Awaiting certification (an expensive process) Derived from OASIS EML open source voting tools and components Non-US Systems Australian Capital Territory system 4

New Open Source Voting Systems VoComp 2007 Univ. Voting Systems Competition Punchscan - End-to-end verified system with encryption - Two-part ballot with receipt - Cannot manually recount - First place at VoComp 2007 Prêt à Voter - End-to-end verified system with encryption - Two-part ballot with receipt - Cannot manually recount - Supports Ranked Preference Voting (such as IRV and STV) - Second place at VoComp 2007 Prime III - DRE with video backup Voting Ducks - Coercion-free Verifiable Internet Voting - Uses credentials mailed and submitted by cell phone Open Source Is Not Enough Other parts of voting process must also be disclosed Adequate audits Paper ballots (whether hand marked or machine marked or printed) Public right of access and public right to observe entire process Timely disclosure to enable recounts and contesting results Electronic disclosure in any medium in which the records are readily available Electronic disclosure in any format to which data is readily convertible with the data custodian s existing software Usable format (e.g., not fragmented) Disclosure costs only actual cost of materials (not labor) 5

Barriers to Open Source Voting High cost of system certification Entrenched relationships with existing vendors Experience of existing vendors Trust by election officials Limited market Risk of insertion of fraudulent code Problem with pure volunteer development Trust by elections officials at odds with trust by the voting public Elections officials motivations are different Most elections departments are small and understaffed What s Wrong with DRE Voter-Verified Audit Trail Helps ensure electronic ballot image is correct. Useful for recounts. Useful for audits (if and when they are done!) Limited accessibility. If not machine readable and tallyable, will be effectively used only when legally required. Reel-to-reel approach compromises voting privacy by maintaining order of ballots. ATM-style roll hard to count by machine. Use of airline-style cards could solve these problems by using known reliable printers. Better: Voter Verified Paper Ballots directly counted for each election. 6

New System Ideas Hand-marked optical scan paper ballots Electronic Ballot Printer for accessibility - Audio or Video interface - Prints an entire optical scan paper ballot compatible - with hand-marked ones Precinct-count optical scanner and voter ballot verifier - Scans ballot (and saves image) - Examines image to determine location of marks - Interprets mark locations to create an Electronic Ballot Record - Displays (or speaks) ballot choices to voter - Voter verifies choices or ejects paper ballot for correction - If voter verifies ballot is read correctly, non-sequential serial - number printed on ballot and written on images Scanner totals posted at precinct and available from web Ballot images available from precinct on CD-R - In random order by serial number Enables ballot-by-ballot auditing Let s change the debate, again New System Ideas (continued) Publish images of all ballots on CD-R or DVD-R By batch (e.g., by precinct (or scanner) for regular ballots) Each ballot image accompanied by corresponding Electronic ü Ballot Record With vote tallies for each batch Enables ballot-by-ballot auditing Can be matched with overall vote totals (and batch totals) Can be matched with precinct tallies posted at close of voting Allows complete hand-counting by the public Privacy issues with stray marks, problem reduced by electronic ballot printers Allows third-party vote auditing and tallying software Good opportunity for open source, volunteer contributed code 7

Conclusion Give election officials more choices. Enable best-of-breed voting systems. Enable competition in services and follow-on support. Build open source voting systems vendors can adopt. Cheaper, more reliable and secure, auditable, and more trustworthy. Privacy should be added to evaluation standards along with reliability, security, and trustworthiness. What You Can Do Current legislative status: HR-811; California FOSS Voting Resolution For more information, see papers and talks at http://infolab.stanford.edu/pub/keller and click on Electronic Voting. Contact your election officials (county, Secretary of State). Contact your elected officials (federal, state, and county). Help with new prototype system (new ideas section). 8

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback