The E-voting Controversy: What are the Risks?

Similar documents
Supporting Electronic Voting Research

Hard Facts about Soft Voting

Computers and Elections

Testimony of Dr. Dan S. Wallach Ohio Joint Committee on Ballot Security March 18, 2004

E-Voting, a technical perspective

Testimony of Dr. Dan S. Wallach Texas Senate Committee for State Affairs May 17, 2004

CRS Report for Congress

L9. Electronic Voting

E-Voting as a Teaching Tool

Election 2000: A Case Study in Human Factors and Design

Good morning. I am Don Norris, Professor of Public Policy and Director of the

Electronic Voting Machine Information Sheet

Cuyahoga County Board of Elections

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

Michael Morisi Comp 116: Web Security

L14. Electronic Voting

CHAPTER 2 LITERATURE REVIEW

VOTERGA SAFE COMMISSION RECOMMENDATIONS

Electronic Voting Security. CSC 482/582: Computer Security

Allegheny Chapter. VotePA-Allegheny Report on Irregularities in the May 16 th Primary Election. Revision 1.1 of June 5 th, 2006

The usage of electronic voting is spreading because of the potential benefits of anonymity,

CALTECH/MIT VOTING TECHNOLOGY PROJECT A

Undervoting and Overvoting in the 2002 and 2006 Florida Gubernatorial Elections Are Touch Screens the Solution?

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

Electronic Voting Machine Information Sheet

Democracy depends on losers accepting the results

Volume I Appendix A. Table of Contents

Machine-Assisted Election Auditing

Pennsylvania Needs Resilient, Evidence-Based Elections

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

E- Voting System [2016]

IT MUST BE MANDATORY FOR VOTERS TO CHECK OPTICAL SCAN BALLOTS BEFORE THEY ARE OFFICIALLY CAST Norman Robbins, MD, PhD 1,

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

Analysis and Report of Overvotes and Undervotes for the 2014 General Election. January 31, 2015

Colorado Secretary of State Election Rules [8 CCR ]

Security of Voting Systems

AFFIDAVIT OF POORVI L. VORA. 1. My name is Poorvi L. Vora. I am a Professor of Computer Science at The George

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

Cryptographic Voting Protocols: Taking Elections out of the Black Box

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

1S Recount Procedures. (1) Definitions. As used in this rule, the term: (a) Ballot text image means an electronic text record of the content of

Sincerely, Rebecca Mercuri, Ph.D. 116 Grayson Ave. Mercerville, NJ /

Counting Votes and the Attempt to Replicate Human Interpretation

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

CRS Report for Congress

Analysis and Report of Overvotes and Undervotes for the 2012 General Election. January 31, 2013

Testimony of George Gilbert Director of Elections Guilford County, NC

Elections, Technology, and the Pursuit of Integrity: the Connecticut Landscape

Options for New Jersey s Voter-Verified Paper Record Requirement

Case 1:08-cv Document 1 Filed 01/17/2008 Page 1 of 20

An Examination of Vote Verification Technologies: Findings and Experiences from the Maryland Study 1

Every electronic device used in elections operates and interacts

MATT BLAZE UNIVERSITY OF PENNSYLVANIA 1

Computer Security Versus the Public's Right to Know

Direct Recording Electronic Voting Machines

Automating Voting Terminal Event Log Analysis

Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC

VOTING SYSTEMS TASK FORCE DRAFT FOR PUBLIC COMMENT

An Overview on Cryptographic Voting Systems

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

AN EVALUATION OF MARYLAND S NEW VOTING MACHINE

Global Conditions (applies to all components):

Voting Protocol. Bekir Arslan November 15, 2008

Public Comment on the 2005 Voluntary Voting System Guidelines

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Assessing Election Reform Four Years After Florida. David C. Kimball University of Missouri-St. Louis and

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF OHIO CLEVELAND DIVISION ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) Introduction

PROCEDURES FOR THE USE OF VOTE COUNT TABULATORS

PROCESSING, COUNTING AND TABULATING EARLY VOTING AND GRACE PERIOD VOTING BALLOTS

IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA

E H C G D N N O M R I T I T N A

Anoka County Procedural Law Waiver Application Narrative Section A: Background Implementation of the Help America Vote Act of The Help America

Response to the Scottish Government s Consultation on Electoral Reform

Automating Voting Terminal Event Log Analysis

DIRECTIVE November 20, All County Boards of Elections Directors, Deputy Directors, and Board Members. Post-Election Audits SUMMARY

A Review of Issues Relating to the Diebold Accuvote-TS Voting System in Maryland

Misvotes, Undervotes, and Overvotes: the 2000 Presidential Election in Florida

Significant Discrepancies Between the County s Canvass and the Attorney General s Hand Count Require Further Investigation

The Case Against. Diebold and Florida s Division of Elections

Election Cybersecurity

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 27, 2017

Draft rules issued for comment on July 20, Ballot cast should be when voter relinquishes control of a marked, sealed ballot.

The documents listed below were utilized in the development of this Test Report:

FSASE Canvassing Board Workshop. Conducting Recounts. Presented by: Susan Gill, SOE Citrus County

Thoughts On Appropriate Technologies for Voting

Electronic Voting in Belgium Past, Today and Future

Statement on Security & Auditability

Testimony of. Lawrence Norden, Senior Counsel Brennan Center for Justice at NYU School of Law

Electronic Voting For Ghana, the Way Forward. (A Case Study in Ghana)

SEMINAR WORK: E- ELECTIONS AND E- VOTING - THE CASE OF SWITZERLAND AND FRANCE

Privacy Issues in an Electronic Voting Machine

GEORGIA VERIFIABLE VOTING LEGISLATIVE AND LEGAL CHRONOLOGY

Oregon. Voter Participation. Support local pilot. Support in my state. N/A Yes N/A. Election Day registration No X

Election Observation: Linking with Academics for Feedback and Data. Lonna Atkeson University of New Mexico

Punchscan: Introduction and System Definition of a High-Integrity Election System

Campaigning in General Elections (HAA)

Transcription:

Panel Session and Open Discussion Join us for a wide-ranging debate on electronic voting, its risks, and its potential impact on democracy. The E-voting Controversy: What are the Risks? Wednesday April 19th 7:00 pm 9:00 pm Maginnes Hall Room 102 Lehigh University, Bethlehem, PA http://www.cse.lehigh.edu/seminars/e-voting.html Sponsored in part by the Lehigh University Department of Computer Science and Engineering Lopresti April 2006 Slide 1

Our participants Moderator Panelists Hannah Stewart-Gambino Professor, Lehigh University Department of Political Science Director of Lehigh's Global Citizenship Program Christopher Borick Associate Professor, Muhlenberg College Department of Political Science Director of Muhlenberg's Institute of Public Opinion Bob Freeman Pennsylvania State Representative Co-sponsor of H.B. 2000 to require a Voter Verified Paper Audit Trail (VVPAT) Steve Freeman Lecturer and Scholar, University of Pennsylvania Center for Organizational Dynamics Widely quoted researcher on polling discrepancies in contested elections, author of a forthcoming book on the 2004 election Mary Ann Gould Expert on managing change in corporate and private sectors Co-founder of the non-partisan Coalition for Voting Integrity Daniel Lopresti Associate Professor, Lehigh University Department of Computer Science and Engineering Noted computer security expert Lopresti April 2006 Slide 2

Setting the stage E-voting systems not as secure and transparent as they could be. Are they secure and transparent enough? This is something we must all decide for ourselves as citizens. Any voting system carries with it some risk. Past experience with paper ballots, lever machines, etc., lets us understand that risk. What are the risks associated with e-voting technologies? This is the purpose of our panel session. Lopresti April 2006 Slide 3

Background leading to HAVA The infamous butterfly ballot from the 2000 Presidential election: The Florida ballot is a classic example of bad user interface design. Computer software can suffer from such problems just as easily. http://www2.indystar.com/library/factfiles/gov/politics/election2000/img/prezrace/butterfly_large.jpg Lopresti April 2006 Slide 4

Hanging chads & voter intent Votomatic technology used in Florida was prone to paper jams. This led to hanging and dimpled chads, making it hard to determine voter intent. http://www.cs.uiowa.edu/~jones/cards/chad.html http://www.pushback.com/justice/votefraud/dimpledchadpictures.html Lopresti April 2006 Slide 5

Election technology & HAVA The Help America Vote Act (HAVA) provides funds for states to replace punched card and lever voting systems. It does not mandate the use of direct recording electronic (DRE) systems. Some general goals to keep in mind as we weigh alternatives: secure and transparent elections, accurate determination of voter intent, voter anonymity, accessibility for disabled voters and non-native English voters, if possible, prevent overvoting (invalidates voter's ballot), if possible, prevent unintentional undervoting (voter confusion?). http://www.fec.gov/hava/law_ext.txt Lopresti April 2006 Slide 6

Diebold AccuVote System Recent demo in Allentown: Diebold AccuVote-TSx block diagram: DRE systems are nothing more than specialized computers. http://www.wfmz.com/cgi-bin/tt.cgi?action=viewstory&storyid=13711 http://www.bbvforums.org/forums/messages/1954/accuvote-tsx_2_02_system_overview-23267.pdf Lopresti April 2006 Slide 7

More photos from Diebold demo Paper tape (used for endof-day tally) PCMCIA slot Built-in printer PCMCIA card Lopresti April 2006 Slide 8

E-voting risks While there are several DRE vendors, one truth holds: all computer hardware/software systems of this complexity have bugs. Bugs can manifest themselves in different ways: cause system to be unreliable (crash, lose votes), create openings that allow an outsider to compromise election, create openings that allow an inside to compromise election. Such attacks can be impossible to detect after-the-fact. Lopresti April 2006 Slide 9

Diebold security What we mostly worry about Probably pretty safe http://www.diebold.com/dieboldes/pdf/industrysecurity.pdf What we mostly worry about (But insider attacks can arise anywhere.) Lopresti April 2006 Slide 10

Risk analysis of e-voting software Avi Rubin and colleagues at Johns Hopkins obtained copy of Diebold e-voting software which appeared on the Internet.* Studied it carefully made results public in 2003. Findings include:... far below even the most minimal security standards...... unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats,...... voters... can cast unlimited votes without being detected... * E-voting vendors often assert they must be allowed to keep their software secret to protect it. This proves the futility of that idea. "Analysis of an Electronic Voting System," Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, IEEE Symposium on Security and Privacy, 2004. Lopresti April 2006 Slide 11

Risk analysis of e-voting software Summary of potential vulnerabilities identified by Rubin, et al. "Analysis of an Electronic Voting System," Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, IEEE Symposium on Security and Privacy, 2004. Lopresti April 2006 Slide 12

One potential exploit Attempt is made to protect integrity of voting records by encrypting them before storage on PCMCIA memory card... My Own Votes Okay! No way!... unfortunately, the key is hardwired in the code and now widely known across Internet (it's F2654hD4 ). My Own Votes Okay! "Analysis of an Electronic Voting System," Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach, IEEE Symposium on Security and Privacy, 2004. Lopresti April 2006 Slide 13

A more recent risk analysis Report of the California Secretary of State's Voting Systems Technology Assessment Advisory Board (VSTAAB). Examined parts of both Diebold touchscreen system (AV-TX) and optical scan system (AV-OS) published February 14, 2006. Findings include: Memory card attacks are a real threat...... anyone who has access to a memory card of the AV-OS... and can have the modified card used... can indeed modify the election results... The fact that the the [sic] results are incorrect cannot be detected except by a recount of the original paper ballots. "Security Analysis of the Diebold AccuBasic Interpreter" by David Wagner, David Jefferson, Matt Bishop, Chris Karlof, and Naveen Sastry, February 14, 2006. Lopresti April 2006 Slide 14

A more recent risk analysis Summaries of potential vulnerabilities identified by Bishop, et al. for AV-OS for AV-TX "Security Analysis of the Diebold AccuBasic Interpreter" by David Wagner, David Jefferson, Matt Bishop, Chris Karlof, and Naveen Sastry, February 14, 2006. Lopresti April 2006 Slide 15

Some lessons never learned There is a serious flaw in the key management of the crypto code that otherwise should protect the AV-TSx from memory card attacks. Unless election officials avail themselves of the option to create new cryptographic keys, the AV-TSx uses a default key. This key is hard coded into the source code for the AV-TSx, which is poor security practice because, among other things, it means the same key is used in every such machine in the U.S. Worse, the particular default key in question was openly published two and a half years ago in a famous research paper, and is now known by anyone who follows election security, and can be found through Google. "Security Analysis of the Diebold AccuBasic Interpreter" by David Wagner, David Jefferson, Matt Bishop, Chris Karlof, and Naveen Sastry, February 14, 2006. Lopresti April 2006 Slide 16

Common retorts These attack scenarios are unlikely. Our e-voting systems are certified, so they must be safe. Poll workers are trained to recognize potential problems. Multiple copies of the data are stored in the system, so we're okay. Re-printing the end-of-day tally is just as good as a recount. There's no evidence of anyone having success in an attack like this. My assessment: = optimistic = wrong = plain silly There is no doubt we need good policies and procedures in addition to good, safe technology. (I believe almost everyone involved would like to do the right thing.) Lopresti April 2006 Slide 17

My recommendations For secure and transparent elections, we should insist on: Giving independent experts unfettered access to e-voting software and hardware for verification purposes. A Voter Verified Paper Audit Trail (VVPAT). And tell our lawmakers to pass pending legislation: H.R. 550 ("The Voter Confidence and Increased Accessibility Act") Pennsylvania H.B. 2000 Lopresti April 2006 Slide 18

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback