Scribd
Upload
26 views22 pages

Lecture 10 - E-Voting and Public Policy

Uploaded by

Tony
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views22 pages

Lecture 10 - E-Voting and Public Policy

Uploaded by

Tony
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Securing g Digital

g Democracyy
Lecture 10 | E‐Voting
g and Public Policyy

J. Alex Halderman
University of Michigan
10.1 Election Policy in the U.S. Securing Digital Democracy

Election Policy in the U.S.


US
10.1 Election Policy in the U.S. Securing Digital Democracy

Federal State Local


Civil Rights Requirements Equipment Purchases
Minimum Standards Certification Implementation
Advisory Guidelines Central Administration Run elections
10.1 Election Policy in the U.S. Securing Digital Democracy

St t L
State Laws
Lack of uniformityy or consistencyy

Regulatory capture Vendors Regulators

Antiquated
t quated rules
u es
10.1 Election Policy in the U.S. Securing Digital Democracy

1990 FEC Standards


St d d
Federal Election Commission
Voluntary minimum standards,
eventually adopted by majority of states

Requirements:
“Shake
Shake and bake
bake” tests
Weak software standards
Extremely weak security standards
10.1 Election Policy in the U.S. Securing Digital Democracy
10.1 Election Policy in the U.S. Securing Digital Democracy

H
Help
l AAmerica
i V Vote
t AActt (HAVA)
Replace
p p
punched cards and lever machines
>$2 billion to provided to states
Passed in 2002;; Deadline in 2006

Created new agency,


g y, Election Assistance Commission ((EAC))
EAC maintains Voluntary Voting System Guidelines (VVSG)
First
st VVSG
SG sta
standards
da ds took
too eeffect
ect 2007
007
10.1 Election Policy in the U.S. Securing Digital Democracy
10.1 Election Policy in the U.S. Securing Digital Democracy

V l t
Voluntary V
Voting
ti S System
t G
Guidelines
id li (VVSG)
Technical Guidelines Development Committee, managed by NIST
2005 Guidelines – became effective in 2007
Much more detailed guidelines
g
Large loopholes (e.g., COTS, doesn’t require paper trail)

2007 Draft Guidelines – never adopted by the EAC


Complete rewrite
Software independence!
Open‐ended vulnerability testing!
10.1 Election Policy in the U.S. Securing Digital Democracy

Th Holt
The H lt Legislation
L i l ti
Require
q a voter‐verified p
paper
p record
(Later: a voter marked paper ballot)
Prohibit undisclosed software
Prohibit Internet connection
Mandatory random audits

Official photo of Rep Rush Holt; public domain


10.1 Election Policy in the U.S. Securing Digital Democracy

State‐by‐State
State by State Efforts

Map and data from Verified Voting. http://www.verifiedvoting.org/article.php?list=type&type=13


10.2 Testing and Certification Securing Digital Democracy

Testing and Certification


10.2 Testing and Certification Securing Digital Democracy

I d
Independent
d t Testing
T ti Authorities
A th iti (ITAs)
(ITA )
Majority
j y of states incorporate
p Federal g
guidelines
Require machines to be tested for compliance by ITAs
pp
Small number of approved private companies
p p

Incentives? Transparency? Adequacy?


10.2 Testing and Certification Securing Digital Democracy

A
Approaches
h tot Security
S it Testing
T ti
Conformance Testing Open ended Testing
Open‐ended
Checklist approach Adversarial approach
Mechanical inspection and Creative application of
application of tools security mindset
Presence of required Presence of exploitable
mechanisms vulnerabilities
10.2 Testing and Certification Securing Digital Democracy

Conformance Testing

ITA Certification

Open‐ended Testing

Hopkins Report Princeton Report

Hursti Hack California TTBR

SAIC Report
R Ohi EVEREST
Ohio
10.3 Recommendations Securing Digital Democracy

Recommendations
10.3 Recommendations Securing Digital Democracy

St
Strengthened,
th d Uniform
U if Standards
St d d
Cover entire election system,
y not jjust equipment
q p
Address accuracy, security, accessibility, usability, transparency
Require public reporting and disclosure of problems
10.3 Recommendations Securing Digital Democracy

El ti Ad
Election Administration
i i t ti
Ensure transparency
p y and p
public p
participation
p
Provide adequate resources to election officials
Reduce number of races,
races simplify ballot design
10.3 Recommendations Securing Digital Democracy

R ti T
Routine Testing
ti and
d Auditing
A diti
Auditabilityy must be a technical requirement
q
Mandate realistic pre‐election testing of usability and function
Mandate risk‐limiting
risk limiting post‐election
post election audits to high confidence
Allow time to conduct audits and recounts before certification
10.3 Recommendations Securing Digital Democracy

C
Conservative
ti A Approach
h tto New
N Technology
T h l
Internet voting
g should be p
prohibited for the foreseeable future
Ensure new technology really solves an actual problem
Open technology to realistic,
realistic public,
public independent review
and simulated adversarial testing
S stems used
Systems sed for counting
co nting votes
otes must
m st be soft
software
are independent
10.3 Recommendations Securing Digital Democracy

What You Can Do!


Discuss
i Reach
h Out Get in
i Touch
h
voting security issues to your local election with your elected
with your friends and officials and talk about representative to
in your community your concerns encourage reform

L
Learn M
More V l t
Volunteer V t !
Vote!
about election security as a poll worker or and carefully watch
issues; links from the election observer; apply the process as you do;
course are a start the
h security mindset
d b a micro‐observer
be b
Securing g Digital
g Democracyy
Lecture 10 | E‐Voting
g and Public Policyy

J. Alex Halderman
University of Michigan

You might also like