Tuesday, August 23, 2016
Online voting and computer security expertise
There are people trained in computer science, computer security and/or voting technology who can bring evidence and experience to any analysis of online voting. Canadians first but otherwise no particular order.
- Dr. Barbara Simons
- Dr. Konstantin Beznosov
- Dr. Valerie King
- Dr. Jeremy Clark
- Dr. Aleksander Essex
- Dr. J. Alex Halderman
- Dr. David Dill
- Dr. Aviel (Avi) Rubin
- Dr. David Jefferson
- Dr. Ron Rivest
- Dr. Andrew Appel
- Bruce Schneier
- Dr. Vanessa Teague
- Dr. Joe Kiniry
- Jeremy Epstein
Barbara Simons
Ph.D. in computer science from the University of California, Berkeley
Barbara Simons is a computer scientist and past president of the Association for Computing Machinery (ACM). She is founder and former Chair of USACM, the ACM U.S. Public Policy Committee. Her main areas of research are compiler optimization and scheduling theory. Together with Douglas W. Jones, Simons co-authored a book on electronic voting entitled Broken Ballots.
Key documents:- Internet Voting in the U.S., Communications of the ACM, Vol. 55 No. 10, Pages 68-77, doi:10.1145/2347736.2347754 (subscription)
- Voting and technology: who gets to count your vote?, Communications of the ACM, Vol. 46 No. 8, Pages 29-31, doi:10.1145/859670.859692 (subscription) - also available from ResearchGate
- Online voting rife with hazards - USA Today - November 4, 2014
Websites:
- http://www.brokenballots.com/ or see www.brokenballots.com (from Internet Archive)
- https://en.wikipedia.org/wiki/Barbara_Simons
Konstantin Beznosov
Ph.D. in Computer Science from Florida International University
Dr. Beznosov served on the BC Independent Panel on Internet Voting
Konstantin (Kosta) Beznosov is an Associate Professor at the Department of Electrical and Computer Engineering, University of British Columbia (UBC), Vancouver, where he founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE). His primary research interests are distributed systems security, usable security, secure software engineering, and access control.
Key documents: British Columbia Independent Panel on Internet Voting - Recommendations Report (PDF)Websites:
Twitter: not an active Twitter user
Valerie King
Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley
Dr. King served on the BC Independent Panel on Internet Voting
Valerie King is Professor of Computer Science at the University of Victoria and has been a faculty member there since 1992. She received an A.B. degree in Mathematics from Princeton University and a Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley. She was a post-doctoral fellow at the University of Toronto and Princeton University, a Research Scientist at NECI, Compaq SRC and HP Labs, a Visiting Researcher at Microsoft Research SVC, and a Visiting Professor at the University of Copenhagen and Hebrew University.
Key documents: British Columbia Independent Panel on Internet Voting - Recommendations Report (PDF)Website:
Jeremy Clark
Ph.D. in computer science from the University of Waterloo
Assistant professor at the Concordia Institute for Information Systems Engineering
Key document: City of Toronto RFP #3405-13-3197 - Internet Voting for Persons with Disabilities - Security Assessment of Vendor Proposals (PDF)Website: http://users.encs.concordia.ca/~clark/
Twitter: @pulpspy
Aleksander Essex
Ph.D. in computer science from the University of Waterloo
Assistant professor of software engineering in the Department of Electrical and Computer Engineering at Western University
Key document: City of Toronto RFP #3405-13-3197 - Internet Voting for Persons with Disabilities - Security Assessment of Vendor Proposals (PDF)Websites: Twitter: @aleksessex
J. Alex Halderman
Ph.D. in Computer Science, Princeton University
Dr. Halderman has extensive expertise in examining Internet voting systems, including Estonia's system
J. Alex Halderman is an assistant professor of Computer Science and Engineering at the University of Michigan, where his research spans applied computer security and tech-centric public policy. Halderman has studied topics ranging from web security, data privacy, digital-rights management, and cybercrime to technological aspects of intellectual-property law and government regulation. He is known for helping to introduce the ”cold-boot attack,” which breaks encryption by literally freezing a computer's memory, and for exposing Sony’s rootkit digital-rights management and other harmful copy-protection technologies. A noted expert on electronic voting security, Halderman demonstrated the first voting-machine virus and helped lead California’s ”top-to-bottom” electronic-voting review. He has uncovered vulnerabilities in numerous deployed voting systems. He holds a Ph.D. from Princeton University.
Key quotes:- "Frankly, I think it's ridiculously irresponsible for governments and voting system vendors to be pushing online voting with current technology" - from Washington Post - Online voting could be really convenient. But it’s still probably a terrible idea. - August 18, 2016
- Practical Attacks on Real-world E-voting (including Internet voting in section 7.3), to appear in Feng Hao and Peter Y. A. Ryan (Eds.), Real-World Electronic Voting: Design, Analysis and Deployment, pages 145–171, CRC Press, 2016
- Internet Voting: What Could Go Wrong? (presentation slides, PDF)
- The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election, E-Voting and Identity, Volume 9269 of the series Lecture Notes in Computer Science, pp. 35-53, ISBN (print): 978-3-319-22269-1, ISBN (online): 978-3-319-22270-7, ISSN (series): 0302-9743, doi:10.1007/978-3-319-22270-7_3 (landing page) - also available from arxiv
- Security Analysis of the Estonian Internet Voting System, CCS '14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Pages 703-715, ISBN: 978-1-4503-2957-6, doi:10.1145/2660267.2660315 (landing page) - also available from jhalderm.com website
- Attacking the Washington, D.C. Internet Voting System, Financial Cryptography and Data Security, Volume 7397 of the series Lecture Notes in Computer Science, pp. 114-128, ISBN (print): 978-3-642-32945-6, ISBN (online): 978-3-642-32946-3, ISSN (series): 0302-9743, doi:10.1007/978-3-642-32946-3_10 (landing page) - also available from jhalderm.com website
- Internet Voting: What Could Go Wrong?
- Why Internet-Based Voting Is a Bad Idea
- Security Analysis of Estonia's Internet Voting System (media.ccc.de) - also on YouTube
- https://www.eecs.umich.edu/eecs/faculty/eecsfaculty.html?uniqname=jhalderm
- https://jhalderm.com/
- https://estoniaevoting.org/
David Dill
Ph.D. in Computer Science, Carnegie-Mellon University
David Dill is Professor of Computer Science at Stanford University. He was named a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2001 for his contributions to verification of circuits and systems, and a Fellow of the ACM in 2005 for contributions to system verification and for leadership in the development of verifiable voting systems. In 2008, he received the first "Computer-Aided Verification" award, with Rajeev Alur, for fundamental contributions to the theory of real-time systems verification. In 2013, he was elected to the National Academy of Engineering and the American Academy of Arts and Sciences.
He has been on the faculty at Stanford since 1987. He has an S.B. in Electrical Engineering and Computer Science from Massachusetts Institute of Technology (1979), and an M.S and Ph.D. from Carnegie-Mellon University (1982 and 1987).
Prof. Dill has been working actively on policy issues in voting technology since 2003. He is the author of the "Resolution on Electronic Voting", which calls for a voter-verifiable audit trail on all voting equipment, and which has been endorsed by thousands of people, including many of the top computer scientists in the U.S. He has testified on electronic voting before the U.S. Senate and the Commission on Federal Election Reform, co-chaired by Jimmy Carter and James Baker III. He is the founder of the Verified Voting Foundation and VerifiedVoting.org and is on the board of those organizations. In 2004, he received the Electronic Frontier Foundation's "Pioneer Award" for "for spearheading and nurturing the popular movement for integrity and transparency in modern elections."
Key quotes:- elections must feature “non-coercibility” ... “The system goes to great lengths to destroy the link between my name and the ballot that I cast. That’s a property that’s special to elections that almost no other system of electronic transactions deals with in the U.S.” - from The Daily Dot - Online voting is a cybersecurity nightmare - by Eric Geller - June 6, 2016
- "From the perspective of election trustworthiness, Internet voting is a complete disaster." - from Stanford Engineering News - Why Online Voting Is a Danger to Democracy - June 3, 2016
- “Basically, [online voting] relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense.” - from MIT Technology Review - Why You Can’t Vote Online - November 5, 2012
- Voting and technology: who gets to count your vote?, Communications of the ACM, Vol. 46 No. 8, Pages 29-31, doi:10.1145/859670.859692 (subscription) - also available from ResearchGate
- E-voting security, IEEE Security & Privacy (Volume: 2, Issue: 1), pp. 22-23, doi:10.1109/MSECP.2004.1264849 (subscription)
Avi Rubin
Ph.D., Computer Science and Engineering, University of Michigan
Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. His primary research area is Computer Security, and his latest research focuses on security for healthcare IT systems. He is Director of the Health and Medical Security (HMS) Lab at Johns Hopkins. He also founded Harbor Labs, a company that provides security consulting, professional training, and technical expertise and testimony in high tech litigation.
He is a frequent speaker on Information Security. Some highlights include TED talks in October, 2011 and September, 2015 about hacking devices, a TED Youth talk, testimony in Congressional hearings, and a high level security briefing at the Pentagon to the Assistant Secretary of the Army and a group of generals. Authored a book on electronic voting entitled Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.
Key quotes:- "Internet voting is a terrible idea" - from The Guardian - Will the US elections be hacked? It's doubtful, but machines could be 'rigged' - August 6, 2016
- Internet voting "would take a bad situation and make it a lot worse" - from NPR Science Friday (audio) - How Secure Are U.S. Voting Systems? - August 5, 2016
- "voting over the Internet or smartphones is a non-starter. You can't control the security of the platform." - from Scientific American - The Challenges of Digital Voting - February 1, 2016
- "Online voting is a very unsafe idea and a very bad idea and something I think no technological breakthrough I can foresee can ever change" - from TechCrunch - New Jersey Allows Voting By Email And Fax For Hurricane Victims - November 3, 2012
- Why Internet Voting Is a Nonstarter, Johns Hopkins Whiting School of Engineering Magazine, Summer 2016
- E-voting security, IEEE Security & Privacy (Volume: 2, Issue: 1), pp. 22-23, doi:10.1109/MSECP.2004.1264849 (subscription)
- RSA Conference blog post about Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting - blog post by Ben Rothke
- Security considerations for remote electronic voting, Communications of the ACM, Volume 45 Issue 12, Pages 39-44, doi:10.1145/585597.585599 (subscription) - also available from avirubin.com
- https://www.cs.jhu.edu/faculty/aviel-rubin/
- http://avirubin.com/
- https://en.wikipedia.org/wiki/Avi_Rubin
David Jefferson
Ph.D. in Computer Science from Carnegie-Mellon University
David Jefferson is computer scientist in the Center for Applied Scientific Computing, where he works on parallel entity-based simulation. He is interested in scalable parallel "middleware" supporting high-performance computing applications, including scalable operating system and communication software, discrete simulation engines, Java platforms, load balancing, checkpointing, performance instrumentation.
David has served (and continues to serve) on a number of government panels at the state and federal levels, advising on election security issues, especially with regard to electronic and Internet voting. He also sits on the board of directors of the California Voter Foundation.
Key quotes:- “We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have” - from The Daily Dot - Online voting is a cybersecurity nightmare - by Eric Geller - June 6, 2016
- "Internet voting is a serious threat to national security. Neither the U.S. nor any other democratic country should open the door to Internet voting -- not now, and not in the foreseeable future -- until such distant time as all of the fundamental security problems are satisfactorily resolved." - from Lawrence Livermore National Laboratory News - Security risks and privacy issues are too great for moving the ballot box to the Internet - March 10, 2015
Twitter: not an active Twitter user
Ron Rivest
Ph.D. in Computer Science from Stanford University
Ron Rivest is a cryptographer and an Institute Professor at MIT. He is a member of MIT's Department of Electrical Engineering and Computer Science (EECS) and a member of MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). He was a member of the Election Assistance Commission's Technical Guidelines Development Committee, tasked with assisting the EAC in drafting the Voluntary Voting System Guidelines.
Rivest is one of the inventors of the RSA algorithm (along with Adi Shamir and Len Adleman). He is the inventor of the symmetric key encryption algorithms RC2, RC4, RC5, and co-inventor of RC6. The "RC" stands for "Rivest Cipher", or alternatively, "Ron's Code".
Rivest is a member of the National Academy of Engineering, the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptologic Research, and the American Academy of Arts and Sciences. Together with Adi Shamir and Len Adleman, he has been awarded the 2000 IEEE Koji Kobayashi Computers and Communications Award and the Secure Computing Lifetime Achievement Award. He also shared with them the Turing Award.
Key quotes:- “We do need to be concerned about the integrity of our voting systems in the face of possible attacks by foreign nation-states.” - from Boston Globe - the hacking of an American election - July 27, 2016
- “Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well.” - from MIT Technology Review - Why You Can’t Vote Online - November 5, 2012
- Internet Voting--Seriously? (presentation slides, PDF) - from Election Verification Network (EVN) Conference 2016
Twitter: not active on Twitter
Andrew Appel
PhD in computer science from Carnegie Mellon University
Andrew W. Appel is Eugene Higgins Professor of Computer Science at Princeton University, where he has been on the faculty since 1986. He served as Department Chair from 2009-2015. His research is in software verification, computer security, programming languages and compilers, and technology policy. He received his A.B. summa cum laude in physics from Princeton in 1981, and his PhD in computer science from Carnegie Mellon University in 1985. He has been Editor in Chief of ACM Transactions on Programming Languages and Systems and is a Fellow of the ACM (Association for Computing Machinery). He has worked on fast N-body algorithms (1980s), Standard ML of New Jersey (1990s), Foundational Proof-Carrying Code (2000s), and the Verified Software Toolchain (2010s).
Key documents:- Security against Election Hacking – Part 2: Cyberoffense is not the best cyberdefense - Freedom to Tinker - August 18, 2016
- Security against Election Hacking – Part 1: Software Independence - Freedom to Tinker - August 17, 2016
- Studies of Voting Technology
Websites:
Bruce Schneier
Master's in Computer Science from American University in Washington, DC
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 13 books--including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World--as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient, an IBM Company.
Key quotes:- "Everything we know about voting machines, electronic ones, computerized ones is they're not very secure. They're not tested. They're not designed rigorously. And in many cases there's no way to detect or recover from fraud." - from NPR Science Friday (audio) - How Secure Are U.S. Voting Systems? - August 5, 2016
- Voting and technology: who gets to count your vote?, Communications of the ACM, Vol. 46 No. 8, Pages 29-31, doi:10.1145/859670.859692 (subscription) - also available from ResearchGate
Twitter: the automatic (non-interactive) account @schneierblog tweets links to new blog entries on his website
Vanessa Teague
Ph.D. in computer science (cryptography and game theory) from Stanford University
Her main research interest is in electronic voting, with a focus on cryptographic schemes for end-to-end verifiable elections and a special interest in complex voting schemes such as STV. She was a major contributor to the Victorian Electoral Commission's end-to-end verifiable electronic voting project, the first of its kind to run at a state level anywhere in the world, joint work with Chris Culnane, Peter Ryan and Steve Schneider. She discovered, with Alex Halderman, serious security vulnerabilities in the NSW iVote Internet voting system.
She has been invited to appear before several Australian parliamentary inquiries into elections at the state and federal level, to answer questions on electronic voting.
She is on the advisory board of Verifiedvoting.org and has been co-chair of the USENIX Electronic Voting Technologies Workshop and the International conference on E-voting and identity.
Key quotes:- "Voting over the Internet is a really bad idea. We haven’t yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes." - from USA Today - Internet voting is just too hackable, say security experts - January 28, 2016
- Submission to Parliament of Victoria [Australia] Electoral Matters Committee (EMC) Inquiry into Electronic Voting, 2016 (EMC Submission 11, from Submissions page)
- The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election, E-Voting and Identity, Volume 9269 of the series Lecture Notes in Computer Science, pp. 35-53, ISBN (print): 978-3-319-22269-1, ISBN (online): 978-3-319-22270-7, ISSN (series): 0302-9743, doi:10.1007/978-3-319-22270-7_3 (landing page) - also available from arxiv
Joe Kiniry
Ph.D. in Computer Science from the California Institute of Technology
Dr. Kiniry is the CEO and Chief Scientist of Free & Fair, a Galois spin-out focusing on high-assurance elections technologies and services. He is also the Research Lead at Galois of several programs: Rigorous Software Engineering, Verifiable Elections, High-assurance Cryptography, and Audits-for-Good.
Prior to joining Galois in 2014, Dr. Kiniry was a Full Professor at the Technical University of Denmark (DTU). There, he was the Head of DTU’s Software Engineering section. Dr. Kiniry also held a guest appointment at the IT University of Copenhagen. Over the past decade, he has held permanent positions at four universities in Denmark, Ireland, and The Netherlands.
Dr. Kiniry has around fifteen years experience in the design, development, support, and auditing of supervised and internet/remote electronic voting systems while he was a professor at various universities in Europe. He co-led the DemTech research group at the IT University of Copenhagen and has served as an adviser to the Dutch, Irish, and Danish governments in matters relating to electronic voting. He now advises the U.S. government on these matters via his participation in the EAC-NIST VVSG public working groups.
Key quotes:- “The tricky bit for people to grasp is that the set of requirements around elections look and taste different than any other modern online system.” - from The Daily Dot - Online voting is a cybersecurity nightmare - by Eric Geller - June 6, 2016
Jeremy Epstein
Master's in Computer Sciences from Purdue University
Jeremy Epstein joined DARPA as a program manager in February 2016. His technical research interests span cybersecurity, with particular interest in systems security. He was previously the lead for the National Science Foundation's cybersecurity research program.
Jeremy Epstein is a senior computer scientist with SRI International in Arlington, Virginia. At SRI, he has been principal investigator on the NSF-funded ACCURATE research program (www.accurate-voting.org) and supported the Department of Homeland Security Science & Technology cybersecurity research program. He is also a member of the US Election Assistance Commission's Voting Security Risk Assessment (VSRA) team. Prior to joining SRI, Jeremy spent almost nine years as head of product security for Software AG, a global business software company.
Key quotes:- "Internet voting is far from being ready for use, if we care about the accuracy of our elections." - from Prepared statement of Jeremy Epstein to the Congressional Forum: “Lessons from Election Day 2012: Examining the Need for Election Reform” - January 14, 2013
- Computer Technology and Voting, Social Issues in Computing blog, December 28, 2013
- Are All Types of Internet Voting Unsafe?, IEEE Security & Privacy ( Volume: 11, Issue: 3, May-June 2013 ), doi:10.1109/MSP.2013.57 (landing page)
- Internet Voting, Security, and Privacy, William & Mary Bill of Rights Journal 19, 885 (2011) (landing page)
- Internet Voting: Will We Cast Our Next Votes Online? - Computing Reviews - December 21, 2009
- http://www.darpa.mil/staff/mr-jeremy-epstein
- https://www.sri.com/about/people/jeremy-epstein
- http://accurate-voting.org/pubs/ (publications from Epstein and many other authors)
Labels: computer security, expertise, internet voting, online voting
https://freedom-to-tinker.com/blog/jeremyepstein/hacking-newspapers-vs-hacking-elections/#comment-20696
--Bob.