25 October

Elections and Voting

Punch Card MachinePunch cards stacked here

Punched here

US Attitudes re e-government Beliefs:

45% agree that giving personal information would improve service

Same percentage believe that doing so risks security and privacy

Balance: 54% believe that government should proceed slowly

Actions: Only 25% of e-government users use it for

transactions Yet 70% execute commercial transactions

Is this a difference in attitudes or availability?

Homeland security Ability to share information

Between federal agencies With local governments

Potential benefit to terrorists Hacking More information

National identity cards US citizens against Other countries more positive

Exploring e-government

Federal: www.us.gov State: www.nc.gov County: www.co.orange.nc.us City: www.ci.chapel-hill.nc.us

Electronic voting:What are the issues? What are the requirements for elections? Key ones

Secret ballot Assurance that your vote is counted

New York Times editorial (13 June 04): “a vote for president should be at least as secure as a 25-cent bet in Las Vegas.”

Should we be worried about possible manipulations?

Did you have problems reading the article? What voting problems did you find?

Voting Problems Ballot stuffing Buying votes Improperly marked ballots

Under voting People who give up

Over voting Which of these are addressed with electronic

voting? Which of these are exacerbated with electronic

voting? Experience

India ended up with worse corruption problems

What is included in e-voting Range of Systems

Optically scanned paper Touch screen systems Internet voting

All Processes (what is the weakest link?) Registration Ballot design Voting Counting of votes Recounts

Major concerns raised

Correctness Certification process Digital divide System set up Auditing (recounts) Accessibility Internet vulnerability

Correctness

Should code be open source? Belief that more eyes are valuable Easier to hack

Corruption Vulnerability – improved by open source

Checking for errors that hackers can exploit Malicious changes – primarily a concern

of which version is running

Certification process

More than 40 states require certification

But what does it mean? Need to guarantee certification of last

minute fixes or changes – not always possible

Both California and Indiana found themselves using uncertified code

Digital Divide More generally an e-government

concern Intimidation

Could become a new literacy test California recall

Less than 1% missed (under voted) for yes/no

But nearly 10% under voted in the candidate selection

System Set Up

Lack of local technical skills Large number of local polling

stations Short set up time

Auditability vs. Privacy

Storing the full record means that someone could get at the information

Acceptable in England Secret Ballot Act of 1872 Requires that each ballot be tied to

the voter Records held as a state secret

Auditing (recounts) Voter Verified Audit Trail

Print a copy Voter verifies Puts it into a ballot box

Used for Routine audits (random) Recounts

Problems Cost: Australia opted out Training

Why do an audit?

If you can only identify a problem, what is the remedy?

If audit can also produce the corrected results, more valuable

Broward County, Florida

special election to fill a state House seat

victor won by only 12 votes 137 of the electronic ballots were

blank Florida law requires a manual recount

but no paper ballots recount isn't possible

Are there other options? Code can be verified against manipulating

Example: encryption within the system But, needs to get into the system

User interface is the vulnerable spot Assuming no program errors, can we be

sure that people will read a screen version correctly if they made a voting mistake?

Depends … Primarily on the quality of the ballot design

Partial Solutions Turnout: separate track of how

many people voted Number of votes cast should

match Need to count abstentions Need to track people who quit in the

middle Does not help to determine if the

vote went to the right person

Accessibility Florida ban on plastic templates with

holes for use by the visually impaired because NOT CERTIFIED

How do you address this problem without compromising privacy?

How is it done today? Generally, advocates for the visually

impaired prefer electronic voting Techniques to support them, primarily audio

What about the paper audit trail?

New Mexico this past weekend

Only two voting machines certified by the federal government for disabled and non-English speaking

Neither measures up to state law that requires voter-verified paper record Upgrade would require

$1000/machine

Internet vulnerability

Denial of Service Attacks Spoofing and Man-in-the-Middle Lack of Control of the Voting

Environment

Denial of Service Attacks Prevents people from getting at a server

Particularly problematic when there’s a time limit

Disrupted election in Canada in 2003 One study: 10,000 attacks in one week in

2001 Distributed Denial of Service

Large number of machines, called zombies or slaves, are used to perpetrate

Regional attacks

Spoofing and Man in the Middle

Basically, insert a component between the client and the server

User interacts with what appears to be a real server, but component in the middle can change votes!

Real server Client/server Real client

Voting Environment

Worms, Viruses, Trojan Horses Problematic if you need to have

special software on your system Spyware compromises privacy

A case study: Georgia 2000 – potpourri of voting

2 hand-counted paper 73 mechanical lever 17 punch card 67 optical scan 0 touch screen

3.5% “under votes” – no vote cast for president

Overall 4.4% under vote rate

Georgia Current Status Complete conversion to touch screen by

November 2002 Testing of 250,000 ballots Signature of code that detects

modification with a probability of 1/10,000,000,000

Oversight of the deployment process Under vote rate of less than 1% No recount capability

Florida (NY Times, July 15 ‘04)

The touch-screen voting machines intended to cure many of the ills of 2000 have raised a host of other concerns here just four months before the election.

A new state rule excludes the machines from manual recounts

The integrity of the machines was questioned after a problem was discovered in the audit process of some of them

Sun-Sentinel reported that touch screens failed to record votes six times more often than optical-scans in presidential primary

Voting rights groups filed a lawsuit last week challenging the recount ban

A Democratic congressman has also sued to request a printed record of every touch-screen vote

New North Carolina Law

Let’s try to find it www.nc.gov Hints:

House Bill 238 and Senate Bill 223 Title: Public Confidence in Elections

Key NC Requirements Machine requirements

vendor cover damages resulting from defects in the voting system, including costs of a new election

comply with all federal requirements for voting systems include in precinct returns votes cast outside of the precinct electronic voting systems generate a paper record of each

individual vote cast paper record generated by the DRE voting system be

viewable by the voter before the vote is cast electronically and voter may correct any discrepancy

vendor will supply source code if they fail to debug, modify, repair, or update the software or file bankruptcy

For optical scan and direct record electronic voting systems, sample hand‑to‑eye count of the paper ballots or paper records of a sampling of a statewide ballot item in every county

Next Area: Medicine

Impact of computers in medicine Two assignments (again paper):

Precis of a procedure or device made possible by computers

A website with useful medical advice