The Evolution of Computerized Voting: An Unforeseen Journey

The unfolding narrative of computerized voting, from the optimistic allocation of funds in the Help America Vote Act to the problematic introduction of technologies like Direct Recording Electronic systems. Discover the challenges faced with paperless systems, the transition to Voter Marked Paper Ballot Systems, and the critical issues uncovered during testing and certification processes.

• Computerized Voting
• Help America Vote Act
• Technology Misuse
• Voting Systems
• Election Technology

mbray Follow

Uploaded on Feb 15, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Computerized Voting How did we get here? A story of the inappropriate use of technology 2/15/2025

2. Help America Vote Act (2002) allocated ~$4B for new machines Vendor promises Secure Just touch button at end of election Federally certified Deadline for spending money Gold rush mentality latest and greatest Florida 2000/2002 hanging, pregnant, etc. chads Paper bad; paperless good Voters with disabilities needed paperless systems Computers Computers introduced into introduced into elections elections without analysis without analysis of risks of risks

3. Early use of Computers in voting Early use of Computers in voting Initially many paperless Direct Recording Electronic (DRE) Typically touch screen: displays, records, and tabulates votes Calibration an issue: jumping votes Badly engineered cannot be recounted Failures or insufficient numbers can create long lines In response to calls for paper trails retrofitted DREs Voter Verified Paper Audit Trails as hard copy backup to computer Continuous roll thermal printed like gas receipts easily fade hard to count Often small font hard to read typically under transparent plastic MIT study: few people checked didn t know was intended to validate vote

4. Voter Marked Paper Ballot Systems Voter Marked Paper Ballot Systems Voter manually marks ballot Typically counted by scanners, i.e. computers Can be at polls or in a central location Early scanners could have calibration problems If too sensitive, could pick up stray mark and record overvote If not sufficiently sensitive, could miss an intended vote If long lines or polling place scanner is down, voters can mark paper ballots and deposit in ballot box for later scanning

5. Testing and Certification Testing and Certification Voluntary federal guidelines initially minimal security and accessibility testing computer security experts not involved State testing led by computer security experts California Top-to-Bottom-Review (2006) Many UC scientists involved Tested all aspects of 3 systems, including security & accessibility Everything bad Ohio EVEREST (2007) Confirmed all problems discovered in TTBR and found additional ones Other studies confirmed security problems

6. The solution The solution Voter marked paper ballots ideally hand marked Strong Chain of Custody Statistically sound manual post election ballots audits called Risk Limiting Audits

7. What we should NOT do What we should NOT do Internet voting, including cell phone & blockchain

8. Warnings Warnings [T]here were multiple, systematic efforts to interfere in our election. Robert Mueller, quoted in the NYT, May 29, 2019 He [Putin] tried again to muck around in our elections this last month. We are seeing a continued effort around those lines. James Mattis, Secretary of Defense, December 1, 2018 Russia attempted to interfere with the last election and continues to engage in malign influence operations to this day. Christopher A. Wray, F.B.I. Director, Aug. 2, 2018

9. Senate Intelligence Committee Senate Intelligence Committee DHS assessed that the [Russian] searches, done alphabetically, probably included all 50 states, and consisted of research on 'general election-related web pages, voterID information, election system software, and election service companies . Senate Intelligence Committee report on Russian interference in the 2016 election No evidence exists of votes having been changed No way to know, since can t check paperless systems and most states with paper ballots don t conduct adequate post- election audits

10. Internet Voting Internet Voting Returning a voted ballot over the internet Via web or as email attachment Email voting perhaps even more dangerous than web based Modification en route, lost ballots, no secret ballot, ballot box stuffing with counterfeit ballots, etc. Some confusion re if email is internet voting Personal computer, smart phone, smart tablet, etc. (Ongoing research using crypto, but prominent cryptographers oppose implementation for foreseeable future)

11. Recent Targets Recent Targets Wawa Capital One Marriott Facebook Google+ Ashley Madison Office of Personnel Management (OPM) Pentagon email Jeep Sony IRS Target Anthem Health Insurance White House JP Morgan Kmart State Department Dairy Queen AOL Google Symantec Yahoo! Northrop-Grumman Juniper Networks Charles Schwab FBI Adobe USPS Governments of: Germany, France, Iran, UK, Canada, Australia, , and the UN

12. Stating the Obvious Stating the Obvious How can underfunded, understaffed, under resourced local elections officials with little to no: computing proficiency computer security expertise, Protect their servers in an internet based election from well financed adversaries: Foreign countries Political operatives Rogue hackers ???

13. Vulnerabilities Vulnerabilities Authentication Malware on voters devices can change votes without voters knowledge or discards votes altogether (Jeff Bezos iphone) What you see on the screen many not be what is sent out over the internet Denial of Service attacks can prevent real ballots from reaching election officials Penetration attacks on vote servers can change votes Cannot be audited, since can t be certain that votes accurately recorded Vote buying/selling; voter coercion

14. Regulations for Internet Voting Regulations for Internet Voting None!! No: independent standards, independent testing, government oversight, legal accountability, ability to recount NIST asked to develop standards Produced reports, but no standards Technology that is widely deployed today is not able to mitigate many of the threats to casting ballots via the web. Malware on voters' personal computers poses a serious threat that could compromise the secrecy or integrity of voters' ballots.

15. Internet Voting Used in U.S. Internet Voting Used in U.S. ~30 states: military and overseas voters can return voted ballots over the internet MOVE Act online blank ballot eliminates delivery delay to voter Expedited postal mail return of paper voted ballot A solution in search of a problem Major BC study showed internet voting does NOT increase participation in general or by young people in particular Similar results from Estonia and Switzerland

16. Blockchain Blockchain Voting: Voting: The National Academies of Science (2018) The National Academies of Science (2018) In the particular case of Internet voting, blockchain methods do not redress the security issues associated with Internet voting.

17. Voatz Voatz: Largest, most aggressive vendor : Largest, most aggressive vendor No federal or state certification Voatz claims does not need to be certified, because not a voting systems since doesn t tabulate votes No disclosed source code No open testing by third party experts No testing in mock elections Claims to have done security audit, but nothing made public

18. Voatz Voatz W. Virginia: Used for overseas voters 2018 primaries and midterms City and County of Denver: Military and overseas voters in municipal elections, May 2019 Funded by Tusk Philanthropies Might have been used in Alaskan Democratic caucuses DNC disallowed

19. Iowa Iowa Not Internet Voting, but Not Internet Voting, but

20. Recent history Recent history Caucuses criticized because undemocratic Difficult for poor, single parents also fewer women Initially proposed remote voting from cell phones Would have used new system for first time Nevada also planned to use Major security problems DNC disallowed for all Instead decided on smart phone app to report results Again never used before in major election Didn t provide to poll workers until late Security through obscurity? Thought would make more secure?

21. Developing the app Developing the app App developed by Shadow, which was funded by Acronym A Democratic digital nonprofit Goal: automate computation and send results over internet Tested by independent security testers found 1 major and 2 serious bug Fixed bugs; problem was software bug in backend No information released: NDAs Seems likely that not adequately tested for usability First time users, many elderly For cost of app, could have rented multiple phone lines and hired operators All results will be reported, but unexplained delay has generated conspiracy theories (even though run by Iowa, not the DNC)

22. IMAGINE IMAGINE Imagine if app had been used for actual voting!

23. Questions?