1 / 13

Internet Voting

Internet Voting. Technology and policy issues. Selective History of Voting (US). early 1800’s: public oral voting at County Hall 1800’s: free-form, non-secret paper ballots 1884: widespread vote fraud 1888: adoption of Australian secret ballot 1930’s: lever machines widely adopted

neviah
Download Presentation

Internet Voting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Voting Technology and policy issues

  2. Selective History of Voting (US) • early 1800’s: public oral voting at County Hall • 1800’s: free-form, non-secret paper ballots • 1884: widespread vote fraud • 1888: adoption of Australian secret ballot • 1930’s: lever machines widely adopted • 1960’s: punchcard voting developed • 2000: hanging chads: Florida voting snafu • 2002: Help America Vote Act

  3. Registration fraud: Register in multiple jurisdictions Graveyard voting Voter fraud: Vote multiple times (ballot box stuffing) Impersonation Insider fraud: Throw ballot boxes into the bay Stuff ballot box after polls close Sleight of hand Voter intimidation “Run out of ballots” Tallying attacks: Malicious talliers might calculate wrong results Give talliers bogus tools Attacks on the Secret Ballot Registration fraud: • Register in multiple jurisdictions • Graveyard voting Voter fraud: • Vote multiple times (ballot box stuffing) • Impersonation Insider fraud: • Throw ballot boxes into the bay • Stuff ballot box after polls close • Sleight of hand • Voter intimidation • “Run out of ballots” Tallying attacks: • Malicious talliers might calculate wrong results • Give talliers bogus tools

  4. How Secure is the Secret Ballot? It’s easy to forge a few fraudulent votes But: It’s very hard to forge a lot of fraudulent votes… Summary: Australian secret ballot is quite robust; a well-designed security system.

  5. History of Internet Voting • 2000: 36,000 Arizona citizens vote in Democratic primary over the Internet; 85 military personnel vote in November elections over the Internet • 2000: California studies Internet voting; task force recommends against it • 2000: NSF panel warns of security risks in Internet voting • 2004: SERVE will accept votes over the Internet

  6. The SERVE Project • A DoD project for overseas voters • Register & vote from abroad • Vote over the Internet, using your computer

  7. Who is eligible for SERVE? Overseas & military voters from participating jurisdictions (7 states, 51 counties)

  8. ** Voter Registration Voter Status Check I & A Process Ballot Definition Voting Engine Ballot Reconciliation The SERVE Architecture * Citizen * HTTPS Ballot Def. Data Web Server Overseas voters SERVEUSA.gov Encrypted Voted Ballots Internet HTTPS, SFTP UVS Control Data • LEO Processes • Voter Registration • Ballot Definition • Ballot Decryption • Ballot Tabulation • Voter History UVS Control Data Ballot Definitions Voted Ballots (Encrypted) * Firewall ** Identification & Authentication Process UVS Laptop Election officials SERVE server infrastructure

  9. Software flaws: Unintentional bugs might enable remote attacks Malicious code might contain a backdoor COTS software might be insecure or backdoored Insider attacks: Votes cast could be modified or deleted Election officials could learn how you voted, or count your votes incorrectly Sys-admins, developers could bypass security Security Risks in SERVE (1)

  10. Attacks on the client: Worms, viruses Remote attacks Malicious websites, ActiveX Denial of service attacks: DDoS might render servers unreachable Targeted disenfranchisement Website spoofing: Voters might be re-directed to the wrong site (DNS hijacking, email) Spoofed site might observe or change votes Automated vote swapping and vote buying Security Risks in SERVE (2)

  11. Summary • How do you know that your vote was counted? • How much security is enough? • How much security is too much? You won the election, but I won the count. -- Somoza

  12. Arguments • Internet voting is a danger to democracy • No voting system will ever be perfectly secure; why worry? • Absentee vote-by-mail is already insecure; why should Internet voting be held to a higher standard? • 30% of our military today can’t vote; a little insecurity is worth it if it fixes the problem • The threat of extraterritorial election fraud is new, and requires new laws

  13. Sources http://www.servesecurityreport.org/ http://www.sims.berkeley.edu/academics/courses/is290-17/f03/ http://fecweb1.fec.gov/hava/hava.htm http://www.nsf.gov/od/lpa/news/press/01/pr0118.htm

More Related