Upload
neviah
View
23
Download
1
Embed Size (px)
DESCRIPTION
Internet Voting. Technology and policy issues. Selective History of Voting (US). early 1800’s: public oral voting at County Hall 1800’s: free-form, non-secret paper ballots 1884: widespread vote fraud 1888: adoption of Australian secret ballot 1930’s: lever machines widely adopted - PowerPoint PPT Presentation
Citation preview
Internet VotingInternet Voting
Technology and policy issuesTechnology and policy issues
Selective History of Voting (US)Selective History of Voting (US)
early 1800’s: public oral voting at County Hallearly 1800’s: public oral voting at County Hall
1800’s: free-form, non-secret paper ballots1800’s: free-form, non-secret paper ballots
1884: widespread vote fraud1884: widespread vote fraud
1888: adoption of Australian secret ballot1888: adoption of Australian secret ballot
1930’s: lever machines widely adopted1930’s: lever machines widely adopted
1960’s: punchcard voting developed1960’s: punchcard voting developed
2000: hanging chads: Florida voting snafu2000: hanging chads: Florida voting snafu
2002: Help America Vote Act2002: Help America Vote Act
Attacks on the Secret BallotAttacks on the Secret Ballot
Registration fraud:Registration fraud:Register in multiple Register in multiple jurisdictionsjurisdictionsGraveyard votingGraveyard voting
Voter fraud:Voter fraud:Vote multiple times (ballot Vote multiple times (ballot box stuffing)box stuffing)ImpersonationImpersonation
Insider fraud:Insider fraud:Throw ballot boxes into the Throw ballot boxes into the baybayStuff ballot box after polls Stuff ballot box after polls closecloseSleight of handSleight of handVoter intimidationVoter intimidation““Run out of ballots”Run out of ballots”
Tallying attacks:Tallying attacks:Malicious talliers might Malicious talliers might calculate wrong resultscalculate wrong resultsGive talliers bogus toolsGive talliers bogus tools
Registration fraud:Registration fraud:Register in multiple Register in multiple jurisdictionsjurisdictionsGraveyard votingGraveyard voting
Voter fraud:Voter fraud:Vote multiple times (ballot Vote multiple times (ballot box stuffing)box stuffing)ImpersonationImpersonation
Insider fraud:Insider fraud:Throw ballot boxes into the Throw ballot boxes into the baybayStuff ballot box after polls Stuff ballot box after polls closecloseSleight of handSleight of handVoter intimidationVoter intimidation““Run out of ballots”Run out of ballots”
Tallying attacks:Tallying attacks:Malicious talliers might Malicious talliers might calculate wrong resultscalculate wrong resultsGive talliers bogus toolsGive talliers bogus tools
How Secure is the Secret Ballot?How Secure is the Secret Ballot?
It’s easy to forge a few fraudulent votesIt’s easy to forge a few fraudulent votes
But: It’s very hard to forge a lot of But: It’s very hard to forge a lot of fraudulent votes…fraudulent votes…
Summary: Australian secret ballot is quite Summary: Australian secret ballot is quite robust; a well-designed security system.robust; a well-designed security system.
History of Internet VotingHistory of Internet Voting
2000: 36,000 Arizona citizens vote in 2000: 36,000 Arizona citizens vote in Democratic primary over the Internet; 85 military Democratic primary over the Internet; 85 military personnel vote in November elections over the personnel vote in November elections over the InternetInternet
2000: California studies Internet voting; task 2000: California studies Internet voting; task force recommends against itforce recommends against it
2000: NSF panel warns of security risks in 2000: NSF panel warns of security risks in Internet votingInternet voting
2004: SERVE will accept votes over the Internet2004: SERVE will accept votes over the Internet
The SERVE ProjectThe SERVE Project
A DoD project for A DoD project for overseas votersoverseas voters
Register & vote Register & vote from abroadfrom abroad
Vote over the Vote over the Internet, using Internet, using your computeryour computer
Arkansas
Utah
Washington
Minnesota
Ohio
Pennsylvania
South Carolina
Florida
Hawaii
North Carolina
Key
State-wide Participation
Select county Participation
Legislation in Place
Who is eligible for SERVE? Overseas & military voters from participating jurisdictions (7 states, 51 counties)
The SERVE ArchitectureThe SERVE Architecture
Internet
CitizenHTTPS
UVS Control Data Ballot Definitions
Voted Ballots(Encrypted)
LEO Processes•Voter Registration
•Ballot Definition
•Ballot Decryption
•Ballot Tabulation
•Voter History
WebServer
HTTPS, SFTP
SE
RV
EU
SA
.go
v
*
*
* Firewall** Identification & Authentication Process
SERVE server infrastructureElection officials
UVS Laptop
Ballot Definition
Voting Engine
Ballot Reconciliation
Voter Registration
I &
A P
roc
ess
**
Voter Status CheckOverseas voters
EncryptedVoted Ballots
Ballot Def. Data
UVS Control Data
Security Risks in SERVE (1)Security Risks in SERVE (1)
Software flaws:Software flaws:Unintentional bugs might Unintentional bugs might enable remote attacksenable remote attacksMalicious code might Malicious code might contain a backdoorcontain a backdoorCOTS software might be COTS software might be insecure or backdooredinsecure or backdoored
Insider attacks:Insider attacks:Votes cast could be Votes cast could be modified or deletedmodified or deleted
Election officials could Election officials could learn how you voted, or learn how you voted, or count your votes count your votes incorrectlyincorrectly
Sys-admins, developers Sys-admins, developers could bypass securitycould bypass security
Security Risks in SERVE (2)Security Risks in SERVE (2)
Attacks on the client:Attacks on the client:Worms, virusesWorms, virusesRemote attacksRemote attacksMalicious websites, Malicious websites, ActiveXActiveX
Denial of service Denial of service attacks:attacks:DDoS might render DDoS might render servers unreachableservers unreachableTargeted Targeted disenfranchisementdisenfranchisement
Website spoofing:Website spoofing:Voters might be re-Voters might be re-directed to the wrong site directed to the wrong site (DNS hijacking, email)(DNS hijacking, email)Spoofed site might Spoofed site might observe or change votesobserve or change votesAutomated vote swapping Automated vote swapping and vote buyingand vote buying
SummarySummary
How do you know that your vote How do you know that your vote was counted?was counted?
How much security is enough?How much security is enough?
How much security is too muchHow much security is too much??
You won the election, but I won the count.-- Somoza
ArgumentsArguments
Internet voting is a danger to democracyInternet voting is a danger to democracy
No voting system will ever be perfectly secure; No voting system will ever be perfectly secure; why worry?why worry?
Absentee vote-by-mail is already insecure; Absentee vote-by-mail is already insecure; why should Internet voting be held to a higher why should Internet voting be held to a higher standard?standard?
30% of our military today can’t vote; a little 30% of our military today can’t vote; a little insecurity is worth it if it fixes the probleminsecurity is worth it if it fixes the problem
The threat of extraterritorial election fraud is The threat of extraterritorial election fraud is new, and requires new lawsnew, and requires new laws
SourcesSources
http://www.servesecurityreport.org/http://www.servesecurityreport.org/http://www.sims.berkeley.edu/academics/courses/is290-17/f03/http://www.sims.berkeley.edu/academics/courses/is290-17/f03/
http://fecweb1.fec.gov/hava/hava.htmhttp://fecweb1.fec.gov/hava/hava.htmhttp://www.nsf.gov/od/lpa/news/press/01/pr0118.htmhttp://www.nsf.gov/od/lpa/news/press/01/pr0118.htm