Punchscan

Scantegrity II at EVT08 July 31, 2008

Posted by Aleks Essex, Richard Carback and in : Uncategorized , 14 comments

We presented Scantegrity II at this year’s 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ‘08).

The paper can be read here [PDF].

Event Photos

Photo: Me giving the talk at EVT08

Photo: Taking questions

Photo: David and Jeremy going over the slides beforehand

The content of posts to the Punchscan blog belong to the author and do not necessarily reflect the thoughts, feelings, or opinions of the Punchscan voting project.

Shamos on paper trails and E2E April 21, 2008

Posted by Aleks Essex and in : Uncategorized , 1 comment so far

Michael Shamos of Carnegie Mellon had this to say today in an interview with cnet:

The fundamental difficulty with paper trails is that they’re ridiculously kludgey. The problem is that once you mandate paper trails, it cuts off research. There would be no reason to use anything else because it would be illegal.

What we really want are end-to-end verification systems. I want to be able to tell that my vote was counted. These paper trails do not provide end-to-end verification. No serious manufacturer is working on end-to-end verification. We’re not making any progress toward that end except in the theoretical journals.

That’s ok, because it turns out you can have paper-trails that are end-to-end verifiable—that is to say, carry the end-to-end integrity verification properties of the cryptographic systems—but use only paper.

Rick told me the other day about some alleged scandal that George Washington didn’t win over John Adams by nearly as wide a margin as the official historic account indicated. I think it’s interesting to realize that they could’ve been running end-to-end verifiable elections with eighteenth century technology.

I also think this observation lends to the credibility of its cryptographic counterparts, that the concept transcends the technology that realizes it.

Keep watching those journals to find out what I’m talking about

The content of posts to the Punchscan blog belong to the author and do not necessarily reflect the thoughts, feelings, or opinions of the Punchscan voting project.

del.icio.us:Shamos on paper trails and E2E

blinklist:Shamos on paper trails and E2E

blogmarks:Shamos on paper trails and E2E

gifttagging:Shamos on paper trails and E2E

Scantegrity on InterGovWorld March 31, 2008

Posted by Aleks Essex in : Uncategorized , add a comment

Essex and Chaum interviewed by Canadian Government and Technology news source InterGovWorld.

The content of posts to the Punchscan blog belong to the author and do not necessarily reflect the thoughts, feelings, or opinions of the Punchscan voting project.

del.icio.us:Scantegrity on InterGovWorld

gifttagging:Scantegrity on InterGovWorld

EAC Registered Vendors January 8, 2008

Posted by Aleks Essex and Richard Carback in : Uncategorized , 1 comment so far

The EAC provides a list of registered equipment manufacturers. It includes the more well known vendors such as Premier Election Solutions, Inc. (formerly Diebold), a name according to them “synonymous with security.” Another, perhaps lesser known, vendor is Precise Voting. Here is a selection of information from their website:

Precise Voting’s primary product is the “AEVS (Advanced Electronic Voting System).” Features include:
- AEVS Security:
  - “Verified paper trail” (as opposed to “voter verifiable paper audit trail” or “voter verifiable paper record”).
  - “Security Encryption”
- Complete privacy: “You vote in complete privacy, simply by touching an electronic screen. The screen is constructed with a state of the art privacy film rendering it black to anyone who may be looking over your shoulder. Visual barriers also block the view of any onlooker. “
There is a demo. You are “not authorised to view the resource” unless you are logged in.
According to the site, “Voting With Technology” is a registered trademark.

The content of posts to the Punchscan blog belong to the author and do not necessarily reflect the thoughts, feelings, or opinions of the Punchscan voting project.

VVPAT, “nothing else is secure.” December 5, 2007

Posted by Aleks Essex, Richard Carback and in : Uncategorized , 2 comments

Here is an excerpt from the NY Times Freakonomics blog of an interview with Bruce Schneier in which he had this to say:

Q: What is the future of electronic voting?

A: I’ve written a lot about this issue (see here and here as well). Basically, the problem is that the secret ballot means that most of the security tricks we use in things like electronic funds transfers don’t work in voting machines. The only workable solution against hacking the voting machines, or — more commonly — innocent programming errors, is something called a voter-verifiable paper trail. Vote on whatever touch-screen machine you want in whatever way you want. Then, that machine must spit out a printed piece of paper with your vote on it, which you have the option of reviewing for accuracy. The machine collects the votes electronically for a quick tally, and the paper is the actual vote in case of recounts. Nothing else is secure.

Let me repeat that last part: “nothing else is secure.” For an individual made famous assailing cut and dry security assertions, I’m surprised he had that to say. VVPAT is by no means above security criticism. But as much as the idea has advanced the discussion on verifiable elections, it is at its heart, a band-aid security solution. Of all people I would have expected this author to advocate security design simultaneous with system design, and not just slapped on top.

I think sometimes when people live with an idea for long enough, they stop thinking critically about it. But when you’re outside looking in, things jump out at you. The Europeans say, for example, `why do the Americans switch their fork into their knife hand after cutting their food–it makes more sense to have one hand for one utensil.’ Well, some things just emerge through time and are not the product of an original design. The Americans abandoned the hand counted paper ballot in favour of DRE’s because they were faster, but made the election outcome vulnerable to fraud and error in so doing. VVPAT was added on after the fact, yet for it to provide the security of a paper ballot system, you have to do the work of a paper ballot system.

Try to think about this from the perspective of someone who’s never heard the terms DRE or VVPAT. The kind of reaction you get is something like “so you’re giving up paper-based hand counting to switch to an electronic system that you make secure through paper-based hand counting?” Someone told me recently that’s like building a wind turbine to go green, and then powering it with a diesel engine… a self defeating solution.

So are VVPATs the wave of the future? I say yes, if by `wave’ you mean the “na na na na, good-bye” variety. The DRE-VVPAT combo is an awkward mismatch of technological epochs. Though it may be enjoying its day in the sun, there is change on the horizon, and Punchscan, Pret-a-Voter, Scantegrity point to this.

More tangibly however I would draw peoples’ attention to the new innovation class outlined in the 2007 draft VVSG, which has opened the door to new possibilities.

As my voting research colleagues meet in Washington D.C. tomorrow for the First Open Workshop on the “Voluntary Voting System Guidelines” to discuss the aspects of certification of new systems under this innovation class, I’m left thinking Schneier’s vision for the future of electronic voting is in the same league as “640kb of memory should be enough for everybody.”

The content of posts to the Punchscan blog belong to the author and do not necessarily reflect the thoughts, feelings, or opinions of the Punchscan voting project.