Pathways to a Trusted Electronic Voting System

In 2002, Congress passed the Help America Vote Act (HAVA) [1], largely in response to voting irregularities in the 2000 presidential election in Florida. Congress intended that HAVA resolve the lingering public confidence issues arising from inconsistent local election administration procedures, punch card voting machines, and voter registration. With HAVA, Congress authorized payments to the states to implement significant reforms of the voting system. However, the use of electronic voting machines to meet HAVA requirements threatens to damage public confidence in the voting system. Several reports have been published that note security flaws in voting systems in use all over the country [2]. California sued a manufacturer claiming that the company had misrepresented the security of its voting machines and falsified certification information [3]. In Ohio, a battleground state, recount irregularities also resulted in a lawsuit [4]. The public outcry and enormous media attention on these problems prompted Congress's Government Accountability Office (GAO) to launch an investigation [5]

Resolving the Unexpected in Elections: Election Officials\u27 Options

This paper seeks to assist election officials and their lawyers in effectively handling the technical issues that can be difficult to understand and analyze, allowing them to protect themselves and the public interest from unfair accusations, inaccuracies in results, and conspiracy theories. The paper helps to empower officials to recognize which types of voting system events and indicators need a more structured analysis and what steps to take to set up the evaluations (or forensic assessments) using computer experts

Final Report of the Cuyahoga County Election Review Panel

The Panel was charged with identifying the deficiencies in the May 2, 2006 Cuyahoga County election, ascertain the causes and contributing factors of those deficiencies and provide recommendations to remedy the deficiencies

The Machinery of Democracy: Voting System Security, Accessibility, Usability, and Cost

This report is the final product of the first comprehensive, empirical analysis of electronic voting systems in the United States. It comes after nearly two years of study with many of the nations leading academics, election officials, economists, and security, usability and accessibility experts.Up until this point, there has been surprisingly little empirical study of voting systems in the areas of security, accessibility, usability, and cost. The result is that jurisdictions make purchasing decisions and adopt laws and procedures that have little to do with their overall goals.The Brennan Center analysis finds that there is not yet any perfect voting system or set of procedures. One system might be more affordable, but less accessible to members of the disabled community; certain election procedures might make the systems easier to use, but they compromise security. Election officials and community members should be aware of the trade-offs when choosing one voting system or set of procedures over another, and they should know how to improve the system they choose.Included in this full report is an executive summary of the Brennan Centers analysis of voting system security, voting system usability, as well as voting system accessibility and cost.The Brennan Center analysis of cost is in part based upon a review of voting system contracts provided by jurisdictions around the country and a cost calculator [no longer available]. The cost calculator and contracts should assist jurisdictions in determining the initial on ongoing costs of various voting systems

Electronic voting: Methods and protocols

The act of casting a ballot during an election cycle has been plagued by a number of problems, both intrinsic and extraneous. The old-fashioned paper ballot solves a number of problems, but creates its own. The clear 21st Century solution is the use of an automated electronic system for collection and tallying of votes, but the attitude of the general populace towards these systems has been overwhelmingly negative, supported in some cases by fraud and abuse. The purpose of this thesis is to do a broad survey of systems available on the market now (both in industry and academia) and then compare and contrast these systems to an “ideal” system, which we attempt to define. To do this we survey academic and commercial literature from many sources and selected the most popular, current, or interesting of the designs—then compare the relative strengths and weaknesses of these designs. What we discovered is that devices presented by industry are not only closed-box (which makes them inherently untrustworthy), but also largely inept in security and/or redundancy. Conversely, systems presented by academia are relatively strong in security and redundancy, but lack in ease-of-use or miss helpful features found on industry devices. To combat these perceived weaknesses, we present a prototype of one system which has not previously been implemented, described in Wang [1]. This system brings together many ideas from academia to solve a significant number of the issues plaguing electronic voting machines. We present this solution in its entirety as open-source software for review by the cryptographic and computer science community. In addition to an electronic voting implementation this solution includes a graphical user interface, a re-encryption mix network, and several decryption methods including threshold decryption. All of these items are described in-depth by this thesis. However, as we discuss in the conclusion, this solution falls short in some areas as well. We earmark these problem areas for future research and discuss alternate paths forward

Individual Liberties and Intellectual Property Protection—Proprietary Software in Digital Electronic Voting Machines: The Clash Between a Private Right and a Public Good in an Oligopolistic Market.

The convergence of intellectual property protections afforded software, the fundamental liberty interests of voting rights of Americans and the conduct of voting machine vendors within an oligopolistic marketplace signals grave consequences for the public. In an election, Direct Recording Electronic voting machines (“DREs”) could be subject to malfunctions, inaccuracies and security problems. The DRE vendors have consistently failed to improve the voting machines or allow access for independent auditing and security testing. The vendors have operated collectively to maintain current inefficient output quality. Acting in concert to obtain higher pricing, the vendors operate against their individual self-interests, claiming proprietary protections. The result of this oligopoly is serious—the voting process, a public good, is diminished. Ultimately the federal judiciary and Congress will face the task of balancing these interests within the context of an oligopolistic marketplace. At risk is an American liberty

Using Formal Methods for Building more Reliable and Secure e-voting Systems

Deploying a system in a safe and secure manner requires ensuring the tech- nical and procedural levels of assurance also with respect to social and regu- latory frameworks. This is because threats and attacks may not only derive from pitfalls in complex security critical system, but also from ill-designed procedures. However, existing methodologies are not mature enough to em- brace procedural implications and the need for multidisciplinary approach on the safe and secure operation of system. This is particularly common in electronic voting (e-voting) systems. This dissertation focuses along two lines. First, we propose an approach to guarantee a reasonable security to the overall systems by performing for- mal procedural security analysis. We apply existing techniques and define novel methodologies and approaches for the analysis and verification of procedural rich systems. This includes not only the definition of adequate modeling convention, but also the definition of general techniques for the injection of attacks, and for the transformation of process models into rep- resentations that can be given as input to model checkers. With this it is possible to understand and highlight how the switch to the new tech- nological solution changes security, with the ultimate goal of defining the procedures regulating system and system processes that ensure a sufficient level of security for the system as well as for its procedures. We then investigate the usage of formal methods to study and analyze the strength and weaknesses of currently deployed (e-voting) system in order to build the next generation (e-voting) systems. More specifically, we show how formal verification techniques can be used to model and reason about the security of an existing e-voting system. To do that, we reuse the methodology propose for procedural security analysis. The practical applicability of the approaches is demonstrated in several case studies from the domain of public administrations in general and in e-voting system in particular. With this it can be possible to build more secure, reliable, and trustworthy e-voting system

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd