<$BlogRSDURL$>

Sunday, June 07, 2015

Voting Machines

The electronic voting machine, a purely electronic kiosk where you vote, has many challenges.

The code that the machine runs must be correct (without significant bugs or errors), which is difficult (and expensive).

Worse, you must be certain that the code you have validated is actually the code it runs for every vote during the election, which is impossible.  As in, literally impossible.  The problem is, the only way to find out what code the machine is running is to ask it.  Because machines are programmed by humans, machines can lie, just like humans.

Here's how it works:

Computer running the validated code

1. Computer expert queries the computer about what code it is running
2. Computer says "I am running the validated code"

Computer running hacked code

1. Computer is hacked, adding malicious (lying) code to the validated code
2. Computer expert queries the computer about what code it is running
3. The malicious code lies and says "I am running the validated code"

This is not theoretical, this is exactly what a rootkit does.

So if the machine only records votes electronically, you can never be sure if your vote was correctly recorded.  (This is not to mention the possibility of alteration during a long electronic chain of transmission to get to the final election results.)

The only way to verify your vote is to get a paper printout, so that you can look at the paper and validate that it shows your vote as cast.  But again, remember the computer can lie.  You can vote for party A, the computer can record the vote for party B and then print a paper receipt saying you voted for party A.

The only way to actually be certain of the vote count is to count the paper...

which means you just spent millions of dollars replacing a pen.

These are just the core issues, in an ideal system.
In reality, there are many more problems with voting machines.  Although some were based on ATMs, ATMs are physically bigger, have a simpler job, have much clearer transactional validation (ask for $100, complain if you don't get $100), and have dedicated maintenance teams.  While some voting machines were build by ATM manufacturers (like Diebold), the coding was rushed (at least we assume so, we don't get to see the coding), the machines are only used once a year at most, and the maintenance is done by amateurs who don't have the bank's monetary motivations for maintaining accuracy.  In such a situation, voting machines can have many errors including:

* touchscreen misalignment
* coding errors
* introduction of malicious code e.g. via USB
* failure due to poor storage or aging out
* existing software vulnerabilities (particularly since most run Windows) that are uncovered during the lifetime of the machine but never patched, opening them to network or USB attack

Labels: , ,

Friday, April 17, 2015

Internet voting risks

(And risks associated with other types of voting technology.)

I have been tweeting many links about Internet voting risks on the account @papervote
but now it is time to put them together in a blog post.

You can also find links in my bookmarks (which are drawn from many of my accounts, not just @papervote) under tag voting_tech_risks (click link for full list).

Also see extensive materials at http://www.verifiedvoting.org/resources/internet-voting/

Statements from Computer Scientist Organisations

Computer scientists are best positioned to understand the risks related to the use of computers for voting.  They have made clear statements against the use of Internet voting at this time.

✭ US Association for Computing Machinery (ACM) - Internet voting
Internet voting adds additional concerns about security, verifiability and auditability to those already known about electronic voting. ...
At the present, paper-based systems provide the best available technology to [preserve the ability to audit and/or recount the votes].
Computer Technologists' Statement on Internet Voting
Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable.

Government Reports / Tech Reports

✭ US Office of the Director of National Intelligence - Opening Statement to Worldwide Threat Assessment Hearing (PDF) - February 26, 2015

Remarks from the Honorable James R. Clapper, Director of National Intelligence:
I'll start with cyber threats.  Attacks against us are increasing in frequency, scale, sophistication and severity of impact.
✭ Foundation for Information Policy Research - Response to The Speaker’s Commission on Digital Democracy (PDF) - September 27, 2014
this technology still has very significant issues with security, privacy, coercion resistance, auditability and comprehensibility, which preclude its use in high-stakes contests where capable and well-resourced actors (political parties, lobby groups and even foreign governments) may have an incentive to manipulate the system
✭ Parliament of Australia - Inquiry into... 2013 General Election - Second Interim Report: An assessment of electronic voting options

This excellent report, licensed in the Creative Commons for reuse (CC BY-NC-ND 3.0 Australia) covers many risks related to Internet voting, with very clear language.

Full report (PDF) can be downloaded; individual sections also available.

✭ NISTIR 7770 - Security Considerations for Remote Electronic UOCAVA Voting (PDF) - February 2011

✭ UK Electoral Commission - Key issues and conclusions: May 2007 electoral pilot schemes (PDF; copy from Archive.org) - August 2007
issues with the security and transparency of the solutions

Expert Analysis

Independent Report on E-voting in Estonia

Audio and Video

Security Analysis of Estonia's Internet Voting System by J. Alex Halderman - published to YouTube Dec 28, 2014

From the Chaos Communication Conference (31c3) in 2014.  You can also see the video on their website.

Why electronic voting is a BAD idea - published to YouTube Dec 18, 2014

The above video is a fantastic clear explanation of why electronic voting machines are a security risk and why Internet voting is even worse.

Presented by Tom Scott for Computerphile, filmed by Sean Riley.

Videos from online course Securing Digital Democracy by J. Alex Halderman

SRI International - Podcast (audio) - Internet voting - October 10, 2010

Interviewing Jeremy Epstein.

Articles, Blog Posts, etc.

✭ Freedom to Tinker - Decertifying the worst voting machine in the US - by Jeremy Epstein - April 15, 2015

Remarkable Virginia IT Agency Report Details Reasons for WinVote Decertification - by Doug Chapin - April 15, 2015

✭ Sydney Morning Herald - International experts warn of the risks of Australian online voting tools - March 24, 2015

✭ Communications of the ACM - Security Risks, Privacy Issues Too Great for Internet Voting - March 12, 2015

Above article reports on a presentation by computer scientist David Jefferson.

✭ CBC - Internet voting isn't a big draw for younger voters, researcher says -  February 11, 2015

Note that Nichole Goodman is a social sciences researcher, not a computer scientist.

Analyst opinion: Don’t take online voting for granted - by Nick Wallace - January 30, 2015
Government should consider alternatives to online voting.  ... Preventing fraud is a tall order. ... An additional challenge is preserving the secret ballot...
✭ USA Today - Online voting rife with hazards - November 4, 2014

Above article by computer scientist Barbara Simons.

Education

Learn more about the issues.

... more to come

Wednesday, October 19, 2011

City of Markham's Internet voting story at GTEC 2011

GTEC conference, October 19, 2011 from 10:00 to 11:00

Using Digital Technology to Connect with Citizens in the Town of Markham

Given the apparent decrease in voter engagement, Canadian governments are faced with seeking innovative ways to connect with the public. When used strategically, digital technologies are an effective means to engage citizens. Through the use of Internet voting and the implementation of multiple interactive online initiatives, the Town of Markham has become a leader in eDemocracy. In this session attendees will hear from the Mayor of Markham, the visionary behind Markham’s innovative use of digital technologies to engage citizens, as well as the CEO of Delvinia, the firm behind the initiatives and the only organization to collect consumer data on Internet voting in three consecutive elections.

Speaker - Frank Scarpitti, Mayor, Town of Markham
Co-presenter - Adam Froman, CEO, Delvinia

from GTEC 2011 Conference Program at a Glace


Wednesday, September 28, 2011

in which I help the news media

1) Delvinia releases a report

"Our latest DIG report examines the Town of Markham’s experience with Internet voting in the 2003, 2006 and 2010 municipal election"

http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/

This is good.
In 2010, with the support of Ryerson University, Delvinia secured an Engage Grant from the Natural Sciences and Engineering Research Council (NSERC) to commission Nicole Goodman, a PhD candidate specializing in Canadian political institutions and alternative voting methods, to provide a scholarly perspective on the data collected following the 2010 election as well as a comparison to the data Delvinia collected in the 2003 and 2006 elections.
It is also excellent to see academic research in this field and a rigorous report.

2) However
The DIG report is available online at www.delvinia.com/dig. The full research report is available for purchase through Delvinia. Please refer to our order form to obtain a copy of the report.
from http://www.delvinia.com/delvinia-releases-dig-report-on-edemocracy-and-citizen-engagement/

So objective fact 1: Delvinia is selling the full report.

3) However
In addition to helping the Town raise awareness of Internet voting in the 2003, 2006 and 2010 municipal elections, Delvinia also conducted in-person and online surveys to collect data regarding public attitudes, feelings and beliefs toward Internet voting in each of those elections.
from http://www.delvinia.com/should-canadians-have-the-opportunity-to-vote-online/

So objective fact 2: Delvinia was paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010 (the same years in the same city concerning the same topic that the newly-released evoting report covers).

4) The correct way to report this, providing the full context, would be

Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.  The report concludes Internet voting was a great success.

I am not criticising Delvinia or the report, I am just stating the objective facts of the context of the report.

So I will now help some news reporting organisations.

This is what the Star wrote
Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.

In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting.
http://www.thestar.com/news/article/1059558

You may note that neither in this extract nor indeed anywhere in the entire article does it mention the context I provided above.  The article with context would be
Internet voting in advance polls in Markham has helped increase overall voter turnout, engage non-voters to vote and greatly improve overall voter satisfaction, according to a research and public opinion report released Monday.

In the report by Delvinia, a digital strategy firm, voter turnout in Markham has increased by 35 per cent since the introduction of Internet voting in 2003, and much of that is attributed to the advent of online voting.  Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.
This is what IT World Canada wrote
New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm Delvinia

The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003.
http://www.itworldcanada.com/news/e-voting-gets-almost-unanimous-praise-study-finds/144015

And here, again, is the article with the actual full context added
New data culled from Markham, Ont. voters could make a case for the introduction of Internet voting across all levels of government in Canada, according to a new report from user experience design firm Delvinia

The Toronto-based digital consultancy released the findings of its eDemocracy and Citizen Engagement report on Monday, which focused on the Town of Markham’s recent online voting initiatives. The municipality has offered online voting for its local elections since 2003.  Delvinia, a company paid by the City of Markham to promote Internet voting in 2003, 2006 and 2010, is now selling a detailed report about Internet voting in Markham.
I want to be completely up-front: I am profoundly disappointed that major Canadian news media are not providing the full context of this report.  I expect the news media to provide context for ANY press release, announcement, speech, interview or think-tank report.  Information without context is no foundation for democracy.

UPDATE: I should also mention, in case you think this is a minor nuance on an obscure story buried in the back pages of the paper, that "Online voting changes the game" was the Toronto Star's front-page, above-the-fold, banner full-width headline story for Monday September 26, 2011.  In newspaper terms, they declared it the single most important story in the world for September 26, 2011.

Monday, May 02, 2011

May 2, 2011 - Election Day

Go vote, in the assurance that your vote will be accurately counted.

http://elections.ca/

Labels: ,

Wednesday, April 27, 2011

Canadian online voting discussion on The Rutherford Show

Thursday April 28, 2011 at noon Eastern (10 Mountain) The Rutherford Show will have a discussion about online voting, including Internet voting expert Barbara Simons.

You can listen to the show live - click the large "Listen Live" icon at the top of the web page.

Labels: ,

Wednesday, April 20, 2011

if I can do X online, then why not voting

This is a kind of typical "if I can bank online securely, why not vote online" story by Lena Almeida

Let’s boost participation by allowing online voting

Canada.com - April 15, 2011

And this is a kind of typical "hey our government cybersecurity research lab was hacked" story

Top Federal Lab Hacked in Spear-Phishing Attack

Wired Threat Level - April 20, 2011

Because the answer is, you don't bank online securely. People's online banking is hacked ALL THE TIME. Everyone's systems, including national cybersecurity facilities in the US and Canada, get broken into by determined, sophisticated attackers.

Let me make it clear, I respect Ms. Almeida's question. It is not at all obvious to someone who hasn't stepped through the properties of our current paper-based system one-by-one, and who hasn't analysed the risks of a purely Internet-based system, why online voting shouldn't be as simple as filing your taxes online.

What you CAN do with banking is have their experts follow a forensics trail, undo the unauthorized changes, and return your account to its correct state. As happened to me recently when my credit card number was stolen.

But you CANNOT DO THIS WITH A ONE-TIME, ONE-VOTE, ANONYMOUS ELECTION.
If your vote is reversable 1) it has to be personally identifiable 2) ANYONE with technical knowledge can reverse it.

So that's why you can't vote online. It's not a technical problem. There are no technical barriers to voting online. Amongst many, many other things it's a security problem. Even if you can solve the security problem, you still can't verify what code is running (so open source doesn't help). Even if you could solve the security AND the code verification problems, you still can't stop someone standing over you at home as you vote, and threatening you if you don't vote the correct way (the coercion problem). Or someone can just steal someone's voting credentials and skip the bother of threatening them (the authentication problem).

Hackers will attack your vote, it's just a question of whether they succeed. And the company or individuals writing the code could be malicious, corrupted or threatened. Or the company making the servers. Or the people in the server room. Or actively malicious insiders anywhere along the network chain. Or citizens can be systematically intimidated into voting a certain way. Or the voting credentials of huge numbers of people who don't bother to vote can simply be stolen (e.g. monitoring the mailboxes of students and other young people for convenient mailings with PIN numbers that are unlikely to be used).

Oh, and even if someone miraculously everyone involved in the long chain between you and your vote being recorded on a distant server is trustworthy and not malicious, the software can still have bugs. In fact it's pretty much guaranteed to have bugs. Bugs which may not show up until millions of real users start hammering the real system on election day. So it can still fail spectacularly. Or even worse, fail silently and undetectably, misrecording or losing votes.

But other than that, online voting is a great idea.

PS If you think the TV shows have mastered this problem, I suggest googling so you think you can dance vote hacked or head right to

How the 'Dancing' vote was hacked - MSNBC Cosmic Log - November 19, 2010

Labels: ,

iconic

Just pointing to some official Elections Canada icons for the 41st General Election.

Please note: the following reproductions are a copy of the promotional icons that are published by Elections Canada and the reproductions have not been produced in affiliation with, or with the endorsement of Elections Canada.

UPDATE: Removed in accordance with May 2 deletion requirement. ENDUPDATE

In general Elections Canada could use some major website and social media help.

That would move youth turnout a lot more than online voting.

Note to self: Apparently I am to make these icons disappear after May 2, 2011.


* You are hereby granted a limited license to reproduce and display the promotional icons on your website for purposes of providing information to the public about the current general election by offering a link to Elections Canada's web site;
* The rights granted herein are for a limited term ending on May 2, 2011;
* You must reproduce the promotional icons in the format and in the color displayed herein and you may not modify, alter or adapt the promotional icons or any part of them;
* You will acquire no right or interest in the promotional icons or the copyright therein, except for the limited license granted herein; and
* You must indicate to the public that the reproduction is a copy of the promotional icons that are published by Elections Canada and that the reproduction has not been produced in affiliation with, or with the endorsement of Elections Canada.

Labels:

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?