1 / 17

Security, Paper Trails, Accountability

Michael I. Shamos presents findings on inadequate testing in voting systems, proposes fixes for transparency, source code disclosure, and VVPAT efficiency, emphasizing the need for secure practices.

timberlake
Download Presentation

Security, Paper Trails, Accountability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security,Paper Trails,Accountability Michael I. Shamos, Ph.D., J.D. Institute for Software Research International Carnegie Mellon University

  2. Outline • My role: performing state certifications in • Pennsylvania (1980-2000, 2004- ) • Texas (1987-2000) • >110 systems examined • Certification is a test for compliance with state law • Not intended to substitute for federal qualification

  3. Testing Is Inadequate At All Levels • Too many systems pass ITA qualification but shouldn’t • State certifications can’t replace ITAs – too brief, too cheap • Required pre- and post-election testing is often not performed • Acceptance testing is not revealing unreliable machines • About 10% of DREs fail on Election Day – way too high

  4. ITA Testing • In Pennsylvania, ITA qualification is required by law • BUT: over 50% of systems fail state certification,about 25% for reasons particular to PA • This has been true for 25 years • The ITA system did not improve the pass rate • Most of the failures are glaring and apparent within 30 minutes, e.g. failure to tabulate properly • What are the ITAs doing? • I don’t know and I can’t find out

  5. The Fix • No more business as usual • Full transparency, reports made public • No vendor choice of ITA; no vendor payment of ITA • Require vendors to publish bug lists • Failed systems reported, not just passed systems • Fix the standards faster • Don’t need a full new set right away • Requirements can be added incrementally

  6. Source Code • All voting system software should be disclosed to the public • Despite vendor trade secret claims • Escrow doesn’t work • Pennsylvania requires source code to be submitted to the examiner. Likewise, FL, GA, MN, NC • California requires open (disclosed) source for verification mechanisms effective July 1, 2006

  7. VVPATs • I’m not against VVPATs • Should not be required until effectively engineered systems are available that comply with law • None currently do • Discrepancy between paper and electronic record, neither should automatically govern

  8. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll)

  9. VVPATs COMPLETE VIOLATION OF VOTER PRIVACY VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll)

  10. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll)

  11. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll) NOT VOTER-VERIFIABLE

  12. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll)

  13. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll) CAN BE USED AS PROOF OF VOTE

  14. VVPATs VVPAT SYSTEMS CUT SHEET CONTINUOUS ROLL VOTER-HANDLED VIEW-ONLY CRYPTO INDICIA (e.g. Sequoia) NO INDICIA (e.g. Diebold) CRYPTO INDICIA (e.g. Avante) NO INDICIA TAKE-HOME (e.g. VoteHere) DEPOSIT (e.g. AccuPoll)

  15. VVPAT • No continuous rolls • No thermal paper! • No crypto indicia, barcodes, etc. that can be used to invalidate ballot • No identifying strings (e.g. pointer to electronic record) • No fiddling with the voter’s choices • No reversing the VVPAT tape • No walking out with the VVPAT (except take-home systems)

  16. Wireless • There is no legitimate use of wireless communications in voting systems • One manufacturer uses RFID for no reason except its parent company manufactures RFIDs • Wireless is proposed for accessible headsets. Why? • Forbid cellphones • The draft standards should be revised to forbid wireless

  17. Q A &

More Related