1 / 16

Privacy in the Voting Booth

Privacy in the Voting Booth. By: Chris Groves. Reason for Privacy. Voters worry that their vote may be held against them in the future People shouldn’t be rewarded or punished for who they voted for Voters don’t want to feel socially pressured to vote a particular way

orien
Download Presentation

Privacy in the Voting Booth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy in the Voting Booth By: Chris Groves

  2. Reason for Privacy • Voters worry that their vote may be held against them in the future • People shouldn’t be rewarded or punished for who they voted for • Voters don’t want to feel socially pressured to vote a particular way • Voters shouldn’t feel peer pressure at the voting booth

  3. Issues • The system needs to have a physical paper trail incase the results come into question • Trail can be used to keep track of the order of votes • Must be sure that there is no record of the order that people voted ie. Video or paper

  4. Non-Technical Measures • The physical paper trail has to have the records randomized before any person is able to physically touch it • No cameras may be permitted in the location or at entrance/exit to prevent any tracing back to database logs (if the person has video to link the time of the vote to the person then that’s a privacy issue)

  5. Technical Issues • Recorded data needs to be heavily encrypted in the event that the physical storage medium is lost or stolen • Where do electronic votes get stored? • Local or Remote

  6. Local Storage • Must be stored on physical storage • Need to collect all of the results to get the final tallies. • After the election all of the physical media must be collected to be stored securely so that nobody can access them

  7. Central Server • Each voting terminal will transfer it’s votes to the central server via the Internet • Central server then maintains the totals • Still need physical paper trail created at the voting terminal

  8. Privacy/Security Concerns • System sends messages over the internet and so they can be intercept and read along the way • Both the voting machines and the central server have to be exposed to the internet during the voting period to allow for traffic to be sent

  9. IP Addresses • System would use static IP addresses • Server would filter traffic so that only accepts traffic that it knows are from the network of voting machines • Must be kept a closely guarded secret

  10. IP Addresses Cont’d • If IP addresses became known traffic could be intercepted between voting machine and central server • Attacker could spoof the IP of a voting machine and send false votes • Would also leave the system open to DoS attacks

  11. Trusted Connection • In this case we could use a public key system to ensure traffic is between voting terminal and the server. • Better option is to use a confidential key • All machines are known ahead of time so all can be given the key before hand • Saves the overhead of exchanging keys • Must be kept strictly confidential

  12. Encryption • With these precautions packets need to be encrypted because they can be intercepted en route • Must be very high levels of encryption because the government has a great deal of computing power

  13. Data to Store • Stored Information should be kept to a bare minimum to minimize possibility of linking vote to voter • For this system 3 parts shall be stored • Date – Needed in the case of a discrepancy and an audit of the results • Candidate • Identifier – Confirms that the vote came from a legitimate source

  14. Identifier • Must be unique to each voter but cannot identify the voter from the ID • In Canada everyone has a Social Insurance Number to uniquely identify them. Can use that to generate our identifier • Can keep a database of generated IDs so that only people that have actually showed up to vote have IDs.

  15. Generating the ID • We need a one way function • Could use a one way hash function • This would be computationally infeasible to get the voters Social Insurance Number from the ID • Use a hash function on the persons Social Insurance Number

  16. Conclusion • For this system to work effectively it’s important that all parts work together • It’s particularly important that the Confidential Key and the list of IP Addresses be kept private • If they are confidential the technologies can ensure that the data is secure and that it can’t be linked back to an individual voter

More Related