Computers and Elections

Similar documents
The E-voting Controversy: What are the Risks?

Volume I Appendix A. Table of Contents

E-Voting as a Teaching Tool

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

Global Conditions (applies to all components):

L9. Electronic Voting

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

Automating Voting Terminal Event Log Analysis

Electronic Voting Machine Information Sheet

E-Voting, a technical perspective

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Colorado Secretary of State Election Rules [8 CCR ]

Cuyahoga County Board of Elections

Estonian National Electoral Committee. E-Voting System. General Overview

Analysis and Report of Overvotes and Undervotes for the 2014 General Election. January 31, 2015

Elections & Electronic Voting Machines

Draft rules issued for comment on July 20, Ballot cast should be when voter relinquishes control of a marked, sealed ballot.

AFFIDAVIT OF POORVI L. VORA. 1. My name is Poorvi L. Vora. I am a Professor of Computer Science at The George

1S Recount Procedures. (1) Definitions. As used in this rule, the term: (a) Ballot text image means an electronic text record of the content of

Elections, Technology, and the Pursuit of Integrity: the Connecticut Landscape

Ballot Reconciliation Procedure Guide

PROCEDURES FOR THE USE OF VOTE COUNT TABULATORS

Key Considerations for Implementing Bodies and Oversight Actors

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

MATT BLAZE UNIVERSITY OF PENNSYLVANIA 1

Anoka County Procedural Law Waiver Application Narrative Section A: Background Implementation of the Help America Vote Act of The Help America

PROCESSING, COUNTING AND TABULATING EARLY VOTING AND GRACE PERIOD VOTING BALLOTS

VOLUNTARY VOTING SYSTEM GUIDELINES DOCUMENT COMPARE SECTION 1

VOTERGA SAFE COMMISSION RECOMMENDATIONS

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

The name or number of the polling location; The number of ballots provided to or printed on-demand at the polling location;

Allegheny Chapter. VotePA-Allegheny Report on Irregularities in the May 16 th Primary Election. Revision 1.1 of June 5 th, 2006

GAO. Statement before the Task Force on Florida-13, Committee on House Administration, House of Representatives

Key Considerations for Oversight Actors

Good morning. I am Don Norris, Professor of Public Policy and Director of the

Electronic Voting Machine Information Sheet

Michigan Election Reform Alliance P.O. Box Ypsilanti, MI

The Case Against. Diebold and Florida s Division of Elections

ARKANSAS SECRETARY OF STATE

Every electronic device used in elections operates and interacts

IN-POLL TABULATOR PROCEDURES

The Security of Elections. can be done on a computer screen. As the result of this, there s been a push to add voting to the

Michael Morisi Comp 116: Web Security

Election Audit Report for Pinellas County, FL. March 7, 2006 Elections Using Sequoia Voting Systems, Inc. ACV Edge Voting System, Release Level 4.

Colorado Secretary of State Election Rules [8 CCR ]

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Act means the Municipal Elections Act, 1996, c. 32 as amended;

The documents listed below were utilized in the development of this Test Report:

BALLOT BOX CHECKLIST

Automating Voting Terminal Event Log Analysis

Statement on Security & Auditability

IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA

Pennsylvania Needs Resilient, Evidence-Based Elections

National Intelligence, 2017 at iii; Securing Elections from Foreign Interference, Brennan Center for Justice, June 29, 2017 at 4.

Direct Recording Electronic Voting Machines

Security of Voting Systems

Analysis and Report of Overvotes and Undervotes for the 2012 General Election. January 31, 2013

Instructions for Closing the Polls and Reconciliation of Paper Ballots for Tabulation (Relevant Statutes Attached)

If your answer to Question 1 is No, please skip to Question 6 below.

City of Orillia Tabulator Instructions

Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC

Post-Election Online Interview This is an online survey for reporting your experiences as a pollworker, pollwatcher, or voter.

Options for New Jersey s Voter-Verified Paper Record Requirement

POLLING TOUR GUIDE U.S. Election Program. November 8, 2016 I F E. S 30 Ye L A

Election Inspector Training Points Booklet

CHAPTER 2 LITERATURE REVIEW

This page intentionally left blank

Procedures for the Use of Optical Scan Vote Tabulators

Prepared by: Secretary of State Elections Division April 8, 2004

Audits: an in-depth review of Venezuela s automatic voting

CRS Report for Congress

CENTRAL COUNTING STATION

ARKANSAS SECRETARY OF STATE. Rules on Vote Centers

Election 2000: A Case Study in Human Factors and Design

Office for Democratic Institutions and Human Rights OSCE/ODIHR DISCUSSION PAPER IN PREPARATION OF GUIDELINES FOR THE OBSERVATION OF ELECTRONIC VOTING

Voting System Examination Election Systems & Software (ES&S)

Chief Electoral Officer Directives for the Counting of Ballots (Elections Act, R.S.N.B. 1973, c.e-3, ss.5.2(1), s.87.63, 87.64, 91.1, and 91.

Copyright 2004 FDCHeMedia, Inc. All Rights Reserved. Federal Document Clearing House Congressional Testimony

IC Chapter 3. Counting Ballot Card Votes

PINELLAS COUNTY VOTER GUIDE INSIDE. D e b o r a h Clark. S u p e r v i s o r of Elections. P i n e l l a s County. - How to Register to Vote

Election Cybersecurity

2. The GEMS operator deletes any subsequent deck of ballots because a problem is encountered.

Hard Facts about Soft Voting

MUNICIPAL ELECTIONS 2014 Voting Day Procedures & Procedures for the Use of Vote Tabulators

CHAPTER 11: BALLOT PROCESSING AND VOTER INTENT

COMMISSION CHECKLIST FOR NOVEMBER GENERAL ELECTIONS (Effective May 18, 2004; Revised July 15, 2015)

Electronic Voting. Mohammed Awad. Ernst L. Leiss

Addressing the Challenges of e-voting Through Crypto Design

CALTECH/MIT VOTING TECHNOLOGY PROJECT A

Electronic Voting A Strategy for Managing the Voting Process Appendix

NOTICE OF PRE-ELECTION LOGIC AND ACCURACY TESTING

Electronic Voting in Belgium Past, Today and Future

Sincerely, Rebecca Mercuri, Ph.D. 116 Grayson Ave. Mercerville, NJ /

Secure Electronic Voting

Voting System Certification Evaluation Report

Maryland State Board of Elections Comprehensive Audit Guidelines Revised: February 2018

Transcription:

Computers and Elections The Good, the Bad, and the Ugly Matt Bishop joint work with many students and colleagues University of California at Davis February 11, 2011 Slide 1 Computers and Elections February 11, 2011

1 About Voting and Computers 2 Federal Voting Standards and Problems Standards Testing 3 Example: California Top-to-Bottom Review 4 Process Modeling Analyzing an Election Process Internet Voting 5 Conclusion Slide 2 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms Slide 3 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms I recommend a good class on distributed algorithms or computing Slide 4 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms I recommend a good class on distributed algorithms or computing Different voting schemes like choice voting Slide 5 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms I recommend a good class on distributed algorithms or computing Different voting schemes like choice voting There are lots of them, from the merely confusing to the downright mysterious Slide 6 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms I recommend a good class on distributed algorithms or computing Different voting schemes like choice voting There are lots of them, from the merely confusing to the downright mysterious Who will win the next election? Slide 7 Computers and Elections February 11, 2011

This Is Not About... Voting algorithms I recommend a good class on distributed algorithms or computing Different voting schemes like choice voting There are lots of them, from the merely confusing to the downright mysterious Who will win the next election? I m a scientist, not a psychic! Slide 8 Computers and Elections February 11, 2011

Over- and Under-Votes Three seats open in Davis City Council election Overvote: voting too many times Vote for 4 candidates No votes in that race counted Undervote: voting too few times Vote for 2 candidates Both votes counted; no third vote counted Slide 9 Computers and Elections February 11, 2011

How an Election Works in Yolo County, CA Voters: Go to polling station Give name, get ballot Enter booth, vote using marker to mark ballot Put ballot in protective sleeve (envelope) Leave booth, drop envelope into ballot box Slide 10 Computers and Elections February 11, 2011

End of the Day Election officials take ballot box to County seat Election officials remove ballots from envelopes If provisional, handled differently Ballots counted, put into bags marked with precinct and count Ballots removed from bag, run through automatic counters (scanners) Humans intervene when problems arise Intermediate tallies written onto flash cards Every so often, cards removed, walked to tally computer Tallies periodically updated, given to web folks Slide 11 Computers and Elections February 11, 2011

The Canvass Required by California law: Ballots for 1% of precincts counted by hand Must include all races! Compare to tallies from election If different, check until problem found Certify final counts to Secretary of State... within 28 days of the election Actually, Yolo County also does more checking, including testing other proposed auditing methods with trusted researchers Slide 12 Computers and Elections February 11, 2011

What s an E-Voting System? Intended to replace paper Improve clarity of cast vote Less error-prone to errors in counting Easier to store Casting votes Direct Recording Electronic (with or without VVPATs) Ballot Marking Devices Pens and paper Counting votes Scanning at precinct (Precinct-Count Optical Scan) Scanning at Election Central Computer counting of electronic ballots Slide 13 Computers and Elections February 11, 2011

What Should It Do? Summary: replace technology used in election process with better technology Better means that the technology improves some aspect of the election process Examples Easier to program ballots than print ballots Can handle multiple languages easily Easier to tally than hand counting Slide 14 Computers and Elections February 11, 2011

Requirements for an Election Voter validation (authenticated, registered, has not yet voted) Ballot validation (voter uses right ballot, results of marking capture intent of voter) Voter privacy (no association between voter, ballot; includes voter showing others how he/she voted) Integrity of election (ballots not changed, vote tallied accurately) Slide 15 Computers and Elections February 11, 2011

Requirements for an Election Voting availability (voter must be able to vote, materials must be available) Voting reliability (voting mechanisms must work) Election transparency (audit election process, verify everything done right) Election manageability (process must be usable by those involved, including poll workers) Slide 16 Computers and Elections February 11, 2011

Add In E-Voting System must meet state certification requirements Usually these incorporate the FEC standards Systems used must be certified Systems must be available on Election Day No re-runs allowed! Systems must be secure Properties must hold in face of (limited) conspiracy to undermine them Slide 17 Computers and Elections February 11, 2011

Assurance Provide sufficient evidence of assurance to target audience that using e-voting systems makes elections at least as secure, accurate, etc. as current elections Who is target audience? Computer scientists, election officials, politicians, average person Slide 18 Computers and Elections February 11, 2011

Standards Standards Each state sets its own; most based on Federal standards Performance and Test Standards for Punchcard, Marksense, and Direct Recording Electronic Voting Systems (1990) Voting Systems Performance and Test Standards (2002) Voluntary Voting Systems Guidelines (2005) Took effect Dec. 2007 New ones under development (time frame uncertain) Slide 19 Computers and Elections February 11, 2011

Standards Why Standards? If systems are certified to meet standards, then people can have confidence they work! How good are the standards? How good is the testing? Slide 20 Computers and Elections February 11, 2011

Standards Current Standards Goal: address what a voting system should reliably do, not how system components should be configured to meet these requirements Security concerns that have been raised, including: System integrity during build and deployment Voter anonymity Access control policies Availability Poor design and implementation Data transmission Language Unclear bases Slide 21 Computers and Elections February 11, 2011

Standards System Integrity No procedural mechanisms required to ensure the software submitted for qualification is the exact software used in production units Integrity of ROMs must be validated before each election No requirement that integrity be maintained throughout election Slide 22 Computers and Elections February 11, 2011

Standards Consequences In 2006, several California counties used uncertified software Diebold downloaded last-minute fixes just before an election Also happened in other states such as Indiana and Colorado Slide 23 Computers and Elections February 11, 2011

Standards Availability MTBF Required: MTBF +MTTR 0.99 during normal operation for the functions indicated above Reliability: measure MTBF over at least 163 hours Mathematical model to predict availability (vendor); validate model (testing authority) Slide 24 Computers and Elections February 11, 2011

Standards Problems Testing done under laboratory conditions Actual conditions of use may be different Physical attacks like yanking wires of jamming cards typically not tested Availability models are problematic Method of validating model not specified; up to tester Slide 25 Computers and Elections February 11, 2011

Standards Unclear Bases Some numbers given but not explained Example: achieve a target error rate of no more than one in 10,000,000 ballot positions Why this? Why not 1,000,000 or 100,000,000? Determine MTBF over 163 hours of testing Again, why 163? Why not 14, or 48? Slide 26 Computers and Elections February 11, 2011

Standards Lack of Threat Model Against what threats should the systems be protected? Standards silent on this model Without it, basis for many requirements unclear and requirements themselves vague Slide 27 Computers and Elections February 11, 2011

Standards Lack of System Model Key question: in what environment, and under what processes, will the system be used? Standards also silent on this model Without it, vague requirements about processes, procedures, assumptions Slide 28 Computers and Elections February 11, 2011

Testing Testing for Conformance Testing performed by independent testing authorities (ITAs) Vendors pay for testing Vendors can choose any ITA certified as such Testing methodology up to ITA Slide 29 Computers and Elections February 11, 2011

Testing Diebold AccuBasic Intent: add a scripting language to a report writing facility on the AccuVote-OS optical scan and AccuVote-TSx DREs CA required that it be not possible to compromise an election in any way through the (mis)use of AccuBasic, including an unintentional error or malicious AccuBasic script (request for ITA review) Slide 30 Computers and Elections February 11, 2011

Testing ITA Findings Three violations allow manipulation, reading data in global space but can only be exploited by modified AccuBasic object file Bounds checking on stack, heap segments not detected, but bounds checking performed inside the code Interpreters lack proper degree of error checking to identify, recover from key failures in damaged environment Slide 31 Computers and Elections February 11, 2011

Testing ITA Findings Three security vulnerabilities and a small number of requirements violations that were not capable of being exploited by malicious code or operators TSx ready for election; AV-OS needs to have these problems corrected If memory cards not tampered with between AV-OS and GEMS, existing units ready for election Slide 32 Computers and Elections February 11, 2011

Testing VSTAAB Independent Review Led by David Wagner of UC Berkeley Asked questions: What kind of damage can malicious person do to undermine election if he can arbitrarily change contents of memory card? How can such attacks be neutralized? Found code problems: Buffer overflows (12 in AV-OS, 8 in TSx) Other problems (4 in AV-OS, 2 in TSx) Slide 33 Computers and Elections February 11, 2011

Testing VSTAAB Findings 16 security problems in AV-OS, 10 in TSx All code problems, easily fixed If you can tamper with memory cards, you can undetectably rig election TSx has memory cards digitally signed... using keys for which defaults are hard-coded Interpreters disallowed by FEC standards! Slide 34 Computers and Elections February 11, 2011

Testing Summary ITA clearly missed many problems ITA report not very detailed ( 5 pages); VSTAAB report very detailed ( 33 pages) Slide 35 Computers and Elections February 11, 2011

CA Top-to-Bottom Review Undertaken to restore the public s confidence in the integrity of the electoral process and to ensure that California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible. Slide 36 Computers and Elections February 11, 2011

Structure UC teams provided technical data for CA Secretary of State UC Berkeley (Wagner): source code review, document review UC Davis (Bishop): red team testing, accessibility testing Both groups used people from around the country Secretary used this data and other data to make decision Policies, procedures, and their implementation Each county has its own Slide 37 Computers and Elections February 11, 2011

Goals of the Study to identify and document vulnerabilities, if any, to tampering or error that could cause incorrect recording, tabulation, tallying or reporting of votes or that could alter critical election data such as election definition or system audit data. Assume attackers could be anyone (voters, poll workers, election officials, vendors, etc.) Slide 38 Computers and Elections February 11, 2011

Constraints Time Exercise lasted 5 weeks for 3 vendors (ended July 20) Lack of information and vendor software Some documents delivered on July 13 Some software delivered on July 18 Secretary, staff exceptionally supportive throughout Slide 39 Computers and Elections February 11, 2011

Example Threats Attacker modifies firmware to misrecord votes Case 1: Paper trail modified to reflect misrecorded votes unless voter corrects it, so no discrepancies between paper and stored ballots Case 2: Paper trail records correct vote, disagreeing with stored ballots, creating discrepancy Slide 40 Computers and Elections February 11, 2011

Results security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results and of the systems that provide those results Slide 41 Computers and Elections February 11, 2011

Example: Diebold Election management server Delivered unpatched Not all security-related actions logged Remotely accessible account that by default does not require password GEMS users can conceal actions from GEMS logging Precinct count AccuVote-OS Low-tech attacks to stop it from reading ballots Slide 42 Computers and Elections February 11, 2011

Example: Diebold AccuVote TSx Physical security: bypass locks; disable printer Firmware: overwritten; virus attack possible Escalate privileges from voter to election official, and erase votes, close polls, etc. Security keys: well-known key used as default Malicious voter input: made machine act erratically (no time to craft working exploits) Paper trail: can easily be put out of service; could destroy records before and after attack, in a way voters wont notice Slide 43 Computers and Elections February 11, 2011

What Secretary Bowen Did Diebold, Sequoia Certification and approval for use withdrawn 1 system per polling place (to comply with HAVA) Vendors could fix problems and request recertification ES&S Certification and approval for use withdrawn ES&S could undergo testing Hart Jurisdictions must reinstall all software and firmware on all systems before each election Vendor must present procedures to prevent virus propagation and to harden system Slide 44 Computers and Elections February 11, 2011

Later Version: Diebold Diebold added cryptography in the version after the one California reviewed Not examined in TTBR because it wasn t certified in California Florida did examine it as part of certification process Led by Prof. Alec Yasinsac of Florida State University Slide 45 Computers and Elections February 11, 2011

The Crypto Signature is a SHA-1 160-bit digest signed using RSA: sign: write M, S 2048 where S 2048 = RSA(privkey, 0 1888 SHA1(M) 160 ) Slide 46 Computers and Elections February 11, 2011

The Crypto Signature is a SHA-1 160-bit digest signed using RSA: sign: write M, S 2048 where S 2048 = RSA(privkey, 0 1888 SHA1(M) 160 ) verify: read M, S 2048 if RSA(pubkey, S 2048 ) 160 = SHA1(M) 160, accept M Slide 47 Computers and Elections February 11, 2011

The Crypto Signature is a SHA-1 160-bit digest signed using RSA: sign: write M, S 2048 where S 2048 = RSA(privkey, 0 1888 SHA1(M) 160 ) verify: read M, S 2048 if RSA(pubkey, S 2048 ) 160 = SHA1(M) 160, accept M But... privkey is 3 Verify step above just checks the low-order 160 bits! Slide 48 Computers and Elections February 11, 2011

Summary Standards, testing are not enough You need to know what the systems are to do You need to know under what constraints they will need to function Environment Policies and procedures You need to know with what assurance you can trust the systems Slide 49 Computers and Elections February 11, 2011

Analyzing an Election Process Election Process Elections are a process composed of specific tasks Tasks related to one another Temporal order (one must follow another) Dependancy (output from one task used as input to another) Exception handling (handling problems) Machines may perform these tasks Slide 50 Computers and Elections February 11, 2011

Analyzing an Election Process Continuous Process Improvement 1 Create a precise, accurate model of the real-world election process 2 Use formal analysis methods to automatically identify potential problems in the model We focus on single points of failure 3 Modify process model to ameliorate problems Verify the modification makes things better 4 Deploy improvements in real-world process 5 Repeat steps 2 4 Slide 51 Computers and Elections February 11, 2011

Analyzing an Election Process Fault Tree Analysis Fault trees show how problems could arise Can automatically generate fault trees from process model and a hazard Hazards are conditions under which undesired, possibly dangerous events may occur Analyze fault trees automatically to identify points of failure Especially Single Points of Failure (SPFs) Slide 52 Computers and Elections February 11, 2011

Analyzing an Election Process Compute Cut Sets Combination of events such that, if all events in the cut set occur, the hazard occurs Minimal if removal of any event causes the resulting set not to be a cut set Can be computed automatically from the fault tree Slide 53 Computers and Elections February 11, 2011

Analyzing an Election Process Three Effects Process Change process to reduce number of SPFs Gives changes to procedures to detect, handle failures Machine Determine inputs to, outputs from particular tasks Compare existing systems to existing process to find discrepancies Slide 54 Computers and Elections February 11, 2011

Analyzing an Election Process Assurance Issues Goal of e-voting system is to perform some task or set of tasks in the process How do you know it will correctly perform the task or tasks? Take into account environment Take into account how results are validated Take into account the audience to be convinced, and to what degree of certainty Slide 55 Computers and Elections February 11, 2011

Internet Voting Internet Voting A generic term for many different possible ways to handle the casting and transmission of votes over the Internet First version: voter votes at home on a PC using a web browser connected to a server at Election Central Second version: voter votes at special kiosk that then transmits the votes to Election Central over the Internet This is like the first, but the PC the kiosk is (essentially) trusted So only talk about first Slide 56 Computers and Elections February 11, 2011

Internet Voting First Version: How to Do It PC transmits authentication information of voter to Election Central Election Central transmits ballot to PC PC displays ballot PC records vote PC transmits vote to Election Central server Slide 57 Computers and Elections February 11, 2011

Internet Voting First Version: How to Do It PC transmits authentication information of voter to Election Central Election Central transmits ballot to PC PC displays ballot PC records vote PC transmits vote to Election Central server Every step can be compromised Slide 58 Computers and Elections February 11, 2011

Internet Voting First Version: How to Attack It PC transmits authentication information of voter to Election Central PC contacts fake Election Central site PC has a Trojan horse that constructs bogus data User requests wrong ballot Election Central transmits ballot to PC Ballot is a PDF with malicious content Wrong ballot is sent PC displays ballot Display does not match underlying ballot Slide 59 Computers and Elections February 11, 2011

Internet Voting First Version: How to Attack It PC records vote User cannot cast vote for desired candidates, races Displayed votes on ballot do not match votes stored in computer PC transmits vote to Election Central server PC cannot contact Election Central PC again contacts fake Election Central site PC sends incorrect votes to EC Attacker intercepts ballot in transit, either deletes it or changes it Software, hardware maybe compromised by vendors, third parties Slide 60 Computers and Elections February 11, 2011

Internet Voting Server at Election Central As is on the Internet, anyone can access it Standard server side technology riddled with holes Need to write your own server from scratch Even if server carefully written, relies on flawed libraries, operating systems, and network infrastructure Small configuration errors may create gaping vulnerabilities Procedures and policies may also cause security problems Attacker only needs to find one problem Slide 61 Computers and Elections February 11, 2011

Internet Voting Bottom Line NASDAQ, Pentagon, government sites regularly penetrated If those experts cannot stop compromises, why should we assume election servers will be invulnerable? Slide 62 Computers and Elections February 11, 2011

Internet Voting Bottom Line NASDAQ, Pentagon, government sites regularly penetrated If those experts cannot stop compromises, why should we assume election servers will be invulnerable? Key Question: as a citizen and a voter, are you comfortable that your vote will not be altered or discarded undetectably? Slide 63 Computers and Elections February 11, 2011

Conclusion Security should be part of the design and implementation of the system and not added on after the fact Policies and procedures should be either designed with, or drive the design of, the system as it is being designed and implemented Slide 64 Computers and Elections February 11, 2011

Acknowledgements Process modeling work done with Prof. Lee Osterweil, Prof. Lori Clarke, and their graduate students at UMass Amherst, and our graduate students and post-doc at UC Davis Funding provided by NSF grant CCF-0905530 CA TTBR co-led by David Wagner Team leaders Bob Abbott, Matt Blaze, Joseph Lorenzo Hall, Candice Hoke, Dick Kemmerer, Deirdre Mulligan, Eric Rescorla, Noel Runyan, Giovanni Vigna Special thanks to Yolo County, CA Clerk-Recorder Freddie Oakley and Chief Deputy Tom Stanionis Slide 65 Computers and Elections February 11, 2011

Contact Information Matt Bishop Dept. of Computer Science University of California at Davis 1 Shields Ave. Davis, CA 95616-8562 email: bishop@cs.ucdavis.edu web: http://seclab.cs.ucdavis.edu/ bishop phone: (530) 752-8060 Slide 66 Computers and Elections February 11, 2011

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback