Electronic Voting Rights and the DMCA: Another Blast from the Digital Pirates or a Final Wake Up Call for Reform? , 23 J. Marshall J. Computer & Info. L. 533 (2005)

Electronic voting machines are the new version of pirated music. Like digital music, electronic voting was designed to make voting rights easily available to the masses. However, technology has once again demonstrated how easy it is to circumvent a good idea through better “hacker” technology. In reality, any electronic voting software can be hacked no matter how good the encryption technology protecting it. The issue is not creating a fool-proof anti-circumvention system – an impossible task – but creating the necessary digital safeguards to make circumvention difficult, to make security breaches more readily detectable, and to provide back-up systems to protect the integrity of the voting process even in the face of an electronic breach. To solve the problem of providing adequately secure electronic voting systems, just as in the case of music piracy, we will need both technological fixes (including better record-keeping to reduce the equivalent of an electronic hanging chad) and better legal protection for those fixes. Unfortunately, the legal regime established in the 1990’s to “solve” the problem of digital piracy – the Digital Millennium Copyright Act (“DMCA”)– which was originally crafted as a compromise between copyright owners and internet service providers to assure both continuing protection of copyright owners\u27 property rights, and continuing growth of the internet,has been even less successful in protecting the integrity of the voting process confirming the perception that whenever law is combined with technology, the result is bound to be a legislative solution that has unforeseen loopholes in protection and unanticipated barriers to use. After the 2000 Presidential election, Congress rushed to enact the Help America Vote Act ( HAVA ) intending to modernize the election process, moving the voting public into the purportedly precise and accurate world of computerized voting. But when in March 2003, a hacker broke into a Diebold computer and leaked about 15,000 internal company memoranda regarding Diebold’s e-software, including memoranda containing discussions of bugs in Diebold’s software and warnings that its computer networks were poorly protected against hackers, the shortcoming and the potential for abuse of the DMCA became apparent. The use by Diebold of procedures designed to protect music from digital pirates to prohibit the dissemination of information regarding e-voting security underscores the problems that current DMCA procedures pose to the free circulation of speech and information. The DMCA was never created to stifle either speech or public debate. Yet the use by Diebold of notice and take down procedures as currently crafted achieved such a result. Use of the DMCA notices to seek removal of this material was clearly outside the scope of DMCA procedures and if a few public-minded students had not reacted to such misuse, Diebold’s abuse of the DMCA might have gone unchallenged. Reform of the DMCA is long past due. The Act must be strengthened to continue to allow copyright owners to bring legitimate claims to stop the rampant digital piracy that threatens the economic bargain contained in the Constitution and mirrored in the DMCA. At the same time, reforms must be made to remedy the potential for abuse. Only when such reforms are achieved can the Copyright Act re-take its position as a supporter of First Amendment values

Threat modeling in web applications

Todays competitive and profit-driven online environment needs a web application to be much secure as it is going to be tested in all possible ways by the attackers for any sign of vulnerability which can be converted into a big success for him to gain control to the maximum of the software. In order to produce a secure application, it has to be securely built right from the design phase throughout the software development life cycle. The most effective methodology of implementing this is threat modeling. There have been a lot of improvements and researches on the process of threat modeling and its approaches. Following these, Some tools are developed by some Enterprises to support the process of systematic threat modeling. In this thesis, the most widely accepted process of threat modeling, that has been proposed by Microsoft, is explained along with other approaches for it. Two industrial projects, with the support of Microsoft SDL tool for Threat modeling have been threat modeled and discussed. Towards the end, some modifications to the hybrid approach of threat modeling have been proposed and have been implemented on the open source workbench supporting that approach

Formally Verified Verifiable Electronic Voting Scheme

Since the introduction of secret ballots in Victoria, Australia in 1855, paper (ballots) are widely used around the world to record the preferences of eligible voters. Paper ballots provide three important ingredients: correctness, privacy, and verifiability. However, the paper ballot election brings various other challenges, e.g. it is slow for large democracies like India, error prone for complex voting method like single transferable vote, and poses operational challenges for large countries like Australia. In order to solve these problems and various others, many countries are adopting electronic voting. However, electronic voting has a whole new set of problems. In most cases, the software programs used to conduct the election have numerous problems, including, but not limited to, counting bugs, ballot identification, etc. Moreover, these software programs are treated as commercial in confidence and are not allowed to be inspected by members of the public. As a consequence, the result produced by these software programs can not be substantiated. In this thesis, we address the three main concerns posed by electronic voting, i.e. correctness, privacy, and verifiability. We address the correctness concern by using theorem prover to implement the vote counting algorithm, privacy concern by using cryptography, and verifiability concern by generating a independently checkable scrutiny sheet (certificate). Our work has been carried out in the Coq theorem prover