Professional Documents
Culture Documents
Lecture 9 - Using Technology Wisely
Lecture 9 - Using Technology Wisely
Lecture 9 - Using Technology Wisely
g Democracyy
Lecture 9 | Using
g Technology
gy Wiselyy
J. Alex Halderman
University of Michigan
9.1 Criteria Securing Digital Democracy
Criteria
9.1 Criteria Securing Digital Democracy
Transparency
V
Voters can observe
b and
d understand
d t d theh process.
Verifiability
Voters have
V h means to convince
i themselves
h l that
h theh
outcome is correct without having to blindly trust
the
h technology
h l or the
h election
l i authorities.
h ii
9.1 Criteria Securing Digital Democracy
Auditability
The system can be
Th b manually ll checked
h k d after
f theh
election to ensure that the votes have been counted
properly.
l
9.1 Criteria Securing Digital Democracy
Software Independence
A voting system is software
software‐independent
independent
if an undetected change or error in its
software cannot cause an undetectable
change or error in an election outcome.
See: Rivest and Wack, “On the Notion of Software Indepdence in Voting Systems”
http://people.csail.mit.edu/rivest/RivestWack‐
OnTheNotionOfSoftwareIndependenceInVotingSystems.pdf
9.2 Post‐Election Auditing Securing Digital Democracy
Post‐Election Auditing
9.2 Post‐Election Auditing Securing Digital Democracy
Manual Recounts Wh t?
What? Wh ?
When? C t?
Cost?
Redundant Records
AUDIT =?
Slow/expensive
Redundancyto tally failure modesFast/cheap
+ Different to tally
= Greater security
Verified by voter Unverified
But…Redundancy only helps if we use both records!
9.2 Post‐Election Auditing Securing Digital Democracy
Post‐‐Election Audits
Post
Statistical Risk‐
Risk‐Limiting Audits
Audit Example
Alice: 55
55%
Bob: 45% Goal: Reject hypothesis that ≥ 5%
of ballots differ between
electronic and paper
An Alternative Approach
Precinct‐based auditing
(standard practice)
Ballot‐based auditing
9.2 Post‐Election Auditing Securing Digital Democracy
How large
l a sample
l ddo we need
d to d
detect an error?
Example due to Andrew Appel. http://www.cs.princeton.edu/~appel/voting/
9.2 Post‐Election Auditing Securing Digital Democracy
Audit Example
Alice: 55
55%
Bob: 45% Goal: Reject hypothesis that ≥ 5%
of ballots differ between
electronic and paper
ballots
For 95% confidence, hand‐audit 60 precincts
Cost: about $100,000
$1,000
9.2 Post‐Election Auditing Securing Digital Democracy
● Alice
○ Bob
810581
Machine‐‐Assisted Auditing
Machine
○ Alice ○ Alice
● Bob ● Bob
B b
1
1 Bob
B b
Alice: 510 2 Alice
Bob: 419 ...
929 Bob
Machine‐‐Assisted Auditing
Machine
○ Alice ○ Alice
● Bob ● Bob
B b
1
1 Bob
B b
Alice: 510 2 Alice
Bob: 419 ...
929 Bob
=
9.2 Post‐Election Auditing Securing Digital Democracy
Machine‐‐Assisted Auditing
Machine
○ Alice
● Bob
○ Alice 321
● Bob
B b
1
● Alice
○ Bob =
1 Bob
b 716
2 Alice
... 321 Bob
716 Alice
929 Bob
Machine‐‐Assisted Auditing
Machine g
○ Alice
● Bob
○ Alice 321
○ Alice
● Bob ● Bob
1 ● Alice
○ Bob =
1 Bob 716
Alice: 510 2 Alice
... 321 Bob
Bob: 419 716 Alice
929 Bob
Precinct Machine
Based Assisted
# Ballots 1,141,900 2,339
# Precincts 1,252 1,351
See Calandrino, Halderman, and Felten, “Machine‐Assisted Election Auditing.” EVT 2007.
https://jhalderm.com/pub/papers/audit‐evt07.pdf
9.2 Post‐Election Auditing Securing Digital Democracy
The Gold‐
Gold‐Medal Standard
+
Mandatory Risk‐Limiting Audits
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
End‐‐to
End to‐‐End (E2E) Voter
Voter‐‐Verifiability
As a voter, I can be sure that:
• My vote is cast as I intended.
• My vote is counted as cast.
• All votes are counted as cast.
cast Alice Johnson,
Ali J h 123 M
Main
i . . YES
Bob Ramirez, 79 Oak . . . . . NO
Carol Wilson, 821 Market . NO
Not a secret ballot!
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
End‐‐to
End to‐‐End Voter
Voter‐‐Verifiability
As a voter, I can be sure that:
• My vote is cast as I intended.
• My vote is counted as cast.
• All votes are counted as cast.
cast
• No voter can demonstrate how
h or she
he h voted d to a third
h d party.
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
A Verifiable Receipt
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
Carol Wilson,
Wilson 821 Market . . NO
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
End‐‐to
End to‐‐End Verifiable Elections
Anyone who cares to do so can:
Alice Johnson, 123 Main .
No: 2
Bob Ramirez, 79 Oak . . . . Yes: 1
Carol Wilson, 821 Market Mathematical
Proof
Check that their own Check that other Check the mathematical
encrypted votes are voters are legitimate. proof of the correctness
correctly
tl listed.
li t d off the
th tally.
t ll
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
The Voter
Voter’ss Perspective
Voters can …
• Use their receipts to check that their results are properly recorded.
p in the trash.
• Throw their receipts
• Verify the accuracy of the election with apps they wrote themselves.
• D
Download
l d apps from
f sources off th
their
i choice
h i tto verify
if th
the election.
l ti
• Believe verifications done by their political parties.
• Accept the results without question.
question
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
Voter‐‐Initiated Auditing
Voter
19837984723
Encrypted Vote
Voter’ss choice:
Voter Cast or Challenge
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
Voter‐‐Initiated Auditing
Voter
Cast
9.3 End‐to‐End Verifiable Voting Securing Digital Democracy
Voter‐‐Initiated Auditing
Voter
Scantegrity
Helios
E2E Internet
Voting
http://heliosvoting.org/
9.4 Verifying an E2E Result Securing Digital Democracy
Scantegrity
See: Chaum, et al., “Scantegrity II: End‐to‐End Verifiability for Optical Scan
Election Systems using Invisible Ink Confirmation Codes”. EVT 2008.
http://static.usenix.org/event/evt08/tech/full_papers/chaum/chaum.pdf
9.4 Verifying an E2E Result Securing Digital Democracy
Verifiable Tallying
Confirmation Code Table p
Correspondence Table Voted Choice Table
Verifiable Tallying
Confirmation Code Table p
Correspondence Table Voted Choice Table
Verifiable Tallying
Confirmation Code Table p
Correspondence Table Voted Choice Table
Verifiable Tallying
Confirmation Code Table p
Correspondence Table Voted Choice Table
Complexity? Usability?
Comprehensibility? Security?
Securing g Digital
g Democracyy
Lecture 9 | Using
g Technology
gy Wiselyy
J. Alex Halderman
University of Michigan