A Modular Voting Architecture ( Frogs )

Similar documents
Abstract: We present a modular voting architecture in which vote generation is performed separately from vote casting.

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

L14. Electronic Voting

Statement on Security & Auditability

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

GAO. Statement before the Task Force on Florida-13, Committee on House Administration, House of Representatives

ARKANSAS SECRETARY OF STATE

Supporting Electronic Voting Research

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

Privacy Issues in an Electronic Voting Machine

Direct Recording Electronic Voting Machines

The California Voter s Choice Act: Managing Transformational Change with Voting System Technology

PROCEDURES FOR THE USE OF VOTE COUNT TABULATORS

ARKANSAS SECRETARY OF STATE. Rules on Vote Centers

PROCESSING, COUNTING AND TABULATING EARLY VOTING AND GRACE PERIOD VOTING BALLOTS

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

RULES OF SECRETARY OF STATE CHAPTER ELECTRONIC VOTING MACHINES RULES AND REGULATIONS TABLE OF CONTENTS

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Ballot Reconciliation Procedure Guide

Home visit pilot program

Estonian National Electoral Committee. E-Voting System. General Overview

L9. Electronic Voting

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

E-Voting, a technical perspective

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Draft rules issued for comment on July 20, Ballot cast should be when voter relinquishes control of a marked, sealed ballot.

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

Colorado s Risk-Limiting Audits (RLA) CO Risk-Limiting Audits -- Feb Neal McBurnett

Secretary of State Chapter STATE OF ALABAMA OFFICE OF THE SECRETARY OF STATE ADMINISTRATIVE CODE

Election Inspector Training Points Booklet

PROCEDURE FOR VOTING WITH THE USE OF VOTE TABULATORS

Electronic Voting in Belgium Past, Today and Future

If your answer to Question 1 is No, please skip to Question 6 below.

Volume I Appendix A. Table of Contents

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

The usage of electronic voting is spreading because of the potential benefits of anonymity,

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Brittle and Resilient Verifiable Voting Systems

If your answer to Question 1 is No, please skip to Question 6 below.

Automating Voting Terminal Event Log Analysis

Key Considerations for Implementing Bodies and Oversight Actors

CENTRAL COUNTING STATION

Electronic Voting Machine Information Sheet

Global Conditions (applies to all components):

PROCEDURES FOR USE OF VOTE TABULATORS. Municipal Elections Township of Norwich

Secure Electronic Voting

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

DURING VOTING HOURS. On election day, open the poll promptly at 7:30 a.m. and keep the poll open continuously until 7:30 p.m.

Post-Election Online Interview This is an online survey for reporting your experiences as a pollworker, pollwatcher, or voter.

Colorado Secretary of State Election Rules [8 CCR ]

An Overview on Cryptographic Voting Systems

Absent Voter Counting Board Training. Joseph Rozell, Oakland County Director of Elections

Act means the Municipal Elections Act, 1996, c. 32 as amended;

The documents listed below were utilized in the development of this Test Report:

Elections. Mission Statement. Mandates. Expenditure Budget: $1,583,167. General Government Expenditure Budget: $69,278,846

If further discussion would be of value, we stand by ready and eager to meet with your team at your convenience. Sincerely yours,

Privacy of E-Voting (Internet Voting) Erman Ayday

The E-voting Controversy: What are the Risks?

Significant Discrepancies Between the County s Canvass and the Attorney General s Hand Count Require Further Investigation

IN-POLL TABULATOR PROCEDURES

Few people think of IEEE

CITY OF ST. CATHARINES PROCEDURE FOR USE OF VOTE TABULATORS

E- Voting System [2016]

SMART VOTING. Bhuvanapriya.R#1, Rozil banu.s#2, Sivapriya.P#3 Kalaiselvi.V.K.G# /17/$31.00 c 2017 IEEE ABSTRACT:

Voting Protocol. Bekir Arslan November 15, 2008

2016 Election Judges Manual. Casting Ballots. At the Scanning Unit Inserting a Ballot into the Ballot Scanner

M-Vote (Online Voting System)

NC General Statutes - Chapter 163 Article 14A 1

AUDIT & RETABULATION OF BALLOTS IN PRECINCTS WHERE A DISCREPANCY EXISTS

Machine-Assisted Election Auditing

H 8072 S T A T E O F R H O D E I S L A N D

Chuck R. Venvertloh Adams County Clerk/Recorder 507 Vermont St. Quincy, IL 62301

Post-Election Audit Pilots, and New Physical and Cyber Security Requirements in Indiana Election Code

Risk-Limiting Audits

Anoka County Procedural Law Waiver Application Narrative Section A: Background Implementation of the Help America Vote Act of The Help America

Addressing the Challenges of e-voting Through Crypto Design

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

(1) PURPOSE. To establish minimum security standards for voting systems pursuant to Section (4), F.S.

Running head: ROCK THE BLOCKCHAIN 1. Rock the Blockchain: Next Generation Voting. Nikolas Roby, Patrick Gill, Michael Williams

Online Voting System Using Aadhar Card and Biometric

The Security of Elections. can be done on a computer screen. As the result of this, there s been a push to add voting to the

ELECTION PLAN TOWN OF GODERICH MUNICIPAL ELECTIONS. January 2014

Allegheny Chapter. VotePA-Allegheny Report on Irregularities in the May 16 th Primary Election. Revision 1.1 of June 5 th, 2006

Procedures for the Use of Optical Scan Vote Tabulators

2017 Risk-limiting Audit

PINELLAS COUNTY VOTER GUIDE INSIDE. D e b o r a h Clark. S u p e r v i s o r of Elections. P i n e l l a s County. - How to Register to Vote

United States Election Assistance Commission

Cuyahoga County Board of Elections

Vote Count Tabulators

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

PROCEDURE FOR USE OF VOTE TABULATORS MUNICIPAL ELECTIONS 2018

Libertarian Party of Oregon 2018 Primary Election Rules Adopted Amended

EML for Open Voting. Parker Abercrombie com. NIST Voting Data Formats Workshop. Gaithersburg October, 2009

ASSEMBLY, No STATE OF NEW JERSEY. 218th LEGISLATURE INTRODUCED MAY 17, 2018

AFFIDAVIT OF POORVI L. VORA. 1. My name is Poorvi L. Vora. I am a Professor of Computer Science at The George

DIRECTIVE November 20, All County Boards of Elections Directors, Deputy Directors, and Board Members. Post-Election Audits SUMMARY

SECTION 6: Closing Procedures. Declare the Polls Closed 83. Closing Assignments 84. Job 1: Close the Precinct Scanner 85. Remove the Memory Card 86

REQUESTING A RECOUNT 2018

Transcription:

A Modular Voting Architecture ( Frogs ) Shuki Bruck David Jefferson Ronald L. Rivest (CalTech) (Compaq) (MIT) (WOTE, August 28, 2001)

Outline!Moving from paper " electronic!voting with frogs!advantages of frogs!security!conclusions

What s next in voting?!we propose a practical voting system for the near term (2004?) that moves from paper to electronic emphasizes and standardizes a clean separation between vote generation and vote casting components (for many good reasons). uses digital signatures to witness votes cast

Where are we now? Op-scan!Ballots are printed beforehand.!on election day, voter: Identifies himself Receives ballot Fills out ballot ( vote generation ) Casts ballot ( vote casting )!Ballots scanned; results tabulated.!problems: UI, printing and storage costs, scanning accuracy, security.

Move from paper to electronic?!preserve voting experience!paper ballot " electronic frog (term intended to be neutral as to technology)!frog might be dumb flash memory card (4K bytes) with freeze (lock) capability. (No software on frog to validate/certify!)

Voting with Frogs: (1) Sign-in!Voter identifies himself to pollworker.!pollworker takes blank frog, and initializes it. (Election specification, ballot style written on frog.)!pollworker gives frog to voter.

(2) Vote Generation!Voter inserts frog into vote generation equipment.!vote generation equipment reads ballot style, provides superb UI for voter to indicate his selections.!voters selections are written onto frog in a standard format.!voter removes frog.

(3) Vote-casting!Voter inserts his frog into votecasting equipment.!voter sees frog contents displayed.!if voter pushes Cast button: Frog is digitally signed; same signing key(s) used for all votes. Frog is frozen and deposited in frog bin. Electronic copy(s) of vote " storage.!else frog is returned and voter goes back to (2) vote generation.

(4) Web posting/tabulation!once election is over, election officials for each precinct post on Web, as separate, unmatched lists in random order: Names of all voters who voted. All cast ballots (with digital signatures)!everyone can verify signatures on ballots, and compute total.

Advantages of frogs!electronic: no scanning errors!frogs can be kept as physical audit trail after election.!no printing costs: frogs can be purchased blank in bulk (20 cents?)!frogs can be stored compactly (size of business card?)!frog can be frozen when cast making it read-only (unmodifiable).

Advantages of frogs!frogs are digital: so they are compatible with cryptography (e.g. digital signatures).!frog is just a carrier for a digital representation of ballot; technology can evolve while keeping underlying data formats constant (our proposal is technolgy-neutral).

Standardized Frog Format!This may be the most important part of our proposal: Standardize the format of electronic ballots!!!!standard data file format: header + one line/race, standard character set (UTF-8).!This should be vigorously pursued, independent of whether the rest of our proposal is adopted.

Standardized Frog Format Massachusetts, Middlesex County, Precinct 11 Election Closes November 7, 2004 at 8pm EST Ballot: MA/Middlesex/1; English; No rotation Ballot Initialized by Election Official 10 You have chosen: U.S. President: Mary Morris U.S. Vice President: Alice Applebee Middlesex Dog Catcher: Sam Smith (write-in) Proposition 1 (Casino): FOR Proposition 2 (Taxes): AGAINST Proposition 3 (Swimming Pool): FOR Proposition 4 (Road Work): NO VOTE

Standardized Frog Format!Is both human and machine-readable.!provides a clean interface between vote-generation (frog-writing) and vote-casting (frog confirmation/ freezing / depositing).!allows different manufacturers to build different vote-generation equipment (varying UI s) compatible with same vote-casting equipment.

Security!In near term, the only trustworthy equipment available to voter will be that provided by election officials. (PC s/handhelds/phones all vulnerable. Thus, no individual digital signatures, and no voting from home.)!in effect, vote-casting equipment is proxy for voter in electronic voting scheme.

Security!A secure system needs to be simple. Very simple. Very very simple.!a good user interface is complex. Quite complex. Really very complex.!it follows that the sophisticated user interface should be separated from the security-critical components.

What is most security-critical?!vote-casting, wherein voter Confirms that his selection are recorded accurately, Officially casts his recorded selections.!this operation needs to be exceptionally trustworthy.!with electronics, records are indirect; voter is much like a blind man voting with someone s assistance.

Vote-Casting: the critical instant From Bob s vote To anonymous vote

Vote-casting equipment should:!display exactly and completely whatever is in frog.!be stateless (no test/real modes!)!for cast vote, digitally sign whatever is in frog, using one key (election official) or more (political parties too).!send copies of cast votes " storage units.!be open source.!be long-term purchase.

Vote-generation equipment:!is less security-critical.!may have proprietary design/code.!has less stringent certification requirements, and so can evolve more quickly with technology.!may be leased rather than purchased.

Notes:!Anonymity up to precinct level; should be OK.!Write-ins might be handled by splitting into write-in/non-write-in components to preserve privacy.!provisional ballots can be handled as usual. (Put aside in envelope.)!voter may prepare ballot at home and bring it to poll-site for final editing/casting.

Conclusion We have presented a practical proposal for a modular architecture for nearterm pollsite voting that can achieve a high degree of security while simultaneously enabling innovation.

(The End)

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback