<$BlogRSDURL$>

Tuesday, August 23, 2016

Online voting and computer security expertise

There are people trained in computer science, computer security and/or voting technology who can bring evidence and experience to any analysis of online voting.  Canadians first but otherwise no particular order.

Barbara Simons

Ph.D. in computer science from the University of California, Berkeley

Barbara Simons is a computer scientist and past president of the Association for Computing Machinery (ACM). She is founder and former Chair of USACM, the ACM U.S. Public Policy Committee. Her main areas of research are compiler optimization and scheduling theory. Together with Douglas W. Jones, Simons co-authored a book on electronic voting entitled Broken Ballots.

Key documents:
Key videos:
Websites:
Twitter: not an active personal Twitter user, however there are tweets from book account @BrokenBallots

Konstantin Beznosov

Ph.D. in Computer Science from Florida International University

Dr. Beznosov served on the BC Independent Panel on Internet Voting

Konstantin (Kosta) Beznosov is an Associate Professor at the Department of Electrical and Computer Engineering, University of British Columbia (UBC), Vancouver, where he founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).  His primary research interests are distributed systems security, usable  security, secure software engineering, and access control.

Key documents: British Columbia Independent Panel on Internet Voting - Recommendations Report (PDF)

Websites:
Twitter: not an active Twitter user

Valerie King

Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley

Dr. King served on the BC Independent Panel on Internet Voting

Valerie King is Professor of Computer Science at the University of Victoria and has been a faculty member there since 1992.  She received an A.B. degree in Mathematics from Princeton University and a Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley.  She was a post-doctoral fellow at the University of Toronto and Princeton University, a Research Scientist at NECI, Compaq SRC and HP Labs, a Visiting Researcher at Microsoft Research SVC, and a Visiting Professor at the University of Copenhagen and Hebrew University.

Key documents: British Columbia Independent Panel on Internet Voting - Recommendations Report (PDF)

Website:

Jeremy Clark

Ph.D. in computer science from the University of Waterloo

Assistant professor at the Concordia Institute for Information Systems Engineering

Key document: City of Toronto RFP #3405-13-3197 - Internet Voting for Persons with Disabilities - Security Assessment of Vendor Proposals (PDF)

Website: http://users.encs.concordia.ca/~clark/
Twitter: @pulpspy

Aleksander Essex

Ph.D. in computer science from the University of Waterloo

Assistant professor of software engineering in the Department of Electrical and Computer Engineering at Western University

Key document: City of Toronto RFP #3405-13-3197 - Internet Voting for Persons with Disabilities - Security Assessment of Vendor Proposals (PDF)

Websites: Twitter: @aleksessex

J. Alex Halderman

Ph.D. in Computer Science, Princeton University

Dr. Halderman has extensive expertise in examining Internet voting systems, including Estonia's system

J. Alex Halderman is an assistant professor of Computer Science and Engineering at the University of Michigan, where his research spans applied computer security and tech-centric public policy. Halderman has studied topics ranging from web security, data privacy, digital-rights management, and cybercrime to technological aspects of intellectual-property law and government regulation. He is known for helping to introduce the ”cold-boot attack,” which breaks encryption by literally freezing a computer's memory, and for exposing Sony’s rootkit digital-rights management and other harmful copy-protection technologies. A noted expert on electronic voting security, Halderman demonstrated the first voting-machine virus and helped lead California’s ”top-to-bottom” electronic-voting review. He has uncovered vulnerabilities in numerous deployed voting systems. He holds a Ph.D. from Princeton University.

Key quotes:
Key documents:
Key videos:
Websites:
Twitter: not an active Twitter user

David Dill

Ph.D. in Computer Science, Carnegie-Mellon University

David Dill is Professor of Computer Science at Stanford University.  He was named a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2001 for his contributions to verification of circuits and systems, and a Fellow of the ACM in 2005 for contributions to system verification and for leadership in the development of verifiable voting systems. In 2008, he received the first "Computer-Aided Verification" award, with Rajeev Alur, for fundamental contributions to the theory of real-time systems verification. In 2013, he was elected to the National Academy of Engineering and the American Academy of Arts and Sciences.

He has been on the faculty at Stanford since 1987. He has an S.B. in Electrical Engineering and Computer Science from Massachusetts Institute of Technology (1979), and an M.S and Ph.D. from Carnegie-Mellon University (1982 and 1987).

Prof. Dill has been working actively on policy issues in voting technology since 2003. He is the author of the "Resolution on Electronic Voting", which calls for a voter-verifiable audit trail on all voting equipment, and which has been endorsed by thousands of people, including many of the top computer scientists in the U.S. He has testified on electronic voting before the U.S. Senate and the Commission on Federal Election Reform, co-chaired by Jimmy Carter and James Baker III. He is the founder of the Verified Voting Foundation and VerifiedVoting.org and is on the board of those organizations. In 2004, he received the Electronic Frontier Foundation's "Pioneer Award" for "for spearheading and nurturing the popular movement for integrity and transparency in modern elections."

Key quotes:
Key documents:
Websites:

Avi Rubin

Ph.D., Computer Science and Engineering, University of Michigan

Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. His primary research area is Computer Security, and his latest research focuses on security for healthcare IT systems. He is Director of the Health and Medical Security (HMS) Lab at Johns Hopkins. He also founded Harbor Labs, a company that provides security consulting, professional training, and technical expertise and testimony in high tech litigation.

He is a frequent speaker on Information Security. Some highlights include TED talks in October, 2011 and September, 2015 about hacking devices, a TED Youth talk, testimony in Congressional hearings, and a high level security briefing at the Pentagon to the Assistant Secretary of the Army and a group of generals.  Authored a book on electronic voting entitled Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.

Key quotes:
Key documents:
Websites:
Twitter: @avirubin

David Jefferson

Ph.D. in Computer Science from Carnegie-Mellon University

David Jefferson is computer scientist in the Center for Applied Scientific Computing, where he works on parallel entity-based simulation. He is interested in scalable parallel "middleware" supporting high-performance computing applications, including scalable operating system and communication software, discrete simulation engines, Java platforms, load balancing, checkpointing, performance instrumentation.

David has served (and continues to serve) on a number of government panels at the state and federal levels, advising on election security issues, especially with regard to electronic and Internet voting. He also sits on the board of directors of the California Voter Foundation.

Key quotes:
Website:
Twitter: not an active Twitter user

Ron Rivest

Ph.D. in Computer Science from Stanford University

Ron Rivest is a cryptographer and an Institute Professor at MIT. He is a member of MIT's Department of Electrical Engineering and Computer Science (EECS) and a member of MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). He was a member of the Election Assistance Commission's Technical Guidelines Development Committee, tasked with assisting the EAC in drafting the Voluntary Voting System Guidelines.

Rivest is one of the inventors of the RSA algorithm (along with Adi Shamir and Len Adleman). He is the inventor of the symmetric key encryption algorithms RC2, RC4, RC5, and co-inventor of RC6. The "RC" stands for "Rivest Cipher", or alternatively, "Ron's Code".

Rivest is a member of the National Academy of Engineering, the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptologic Research, and the American Academy of Arts and Sciences. Together with Adi Shamir and Len Adleman, he has been awarded the 2000 IEEE Koji Kobayashi Computers and Communications Award and the Secure Computing Lifetime Achievement Award. He also shared with them the Turing Award.

Key quotes:
Key documents:
Websites:
Twitter: not active on Twitter

Andrew Appel

PhD in computer science from Carnegie Mellon University

Andrew W. Appel is Eugene Higgins Professor of Computer Science at Princeton University, where he has been on the faculty since 1986. He served as Department Chair from 2009-2015. His research is in software verification, computer security, programming languages and compilers, and technology policy. He received his A.B. summa cum laude in physics from Princeton in 1981, and his PhD in computer science from Carnegie Mellon University in 1985. He has been Editor in Chief of ACM Transactions on Programming Languages and Systems and is a Fellow of the ACM (Association for Computing Machinery). He has worked on fast N-body algorithms (1980s), Standard ML of New Jersey (1990s), Foundational Proof-Carrying Code (2000s), and the Verified Software Toolchain (2010s).

Key documents:
Key videos:
Websites:

Bruce Schneier

Master's in Computer Science from American University in Washington, DC

Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 13 books--including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World--as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Chief Technology Officer at Resilient, an IBM Company.

Key quotes:
Key documents:
Websites:
Twitter: the automatic (non-interactive) account @schneierblog tweets links to new blog entries on his website

Vanessa Teague

Ph.D. in computer science (cryptography and game theory) from Stanford University

Her main research interest is in electronic voting, with a focus on cryptographic schemes for end-to-end verifiable elections and a special interest in complex voting schemes such as STV. She was a major contributor to the Victorian Electoral Commission's end-to-end verifiable electronic voting project, the first of its kind to run at a state level anywhere in the world, joint work with Chris Culnane, Peter Ryan and Steve Schneider. She discovered, with Alex Halderman, serious security vulnerabilities in the NSW iVote Internet voting system.

She has been invited to appear before several Australian parliamentary inquiries into elections at the state and federal level, to answer questions on electronic voting.

She is on the advisory board of Verifiedvoting.org and has been co-chair of the USENIX Electronic Voting Technologies Workshop and the International conference on E-voting and identity.

Key quotes:
Key documents:
Website:

Joe Kiniry

Ph.D. in Computer Science from the California Institute of Technology

Dr. Kiniry is the CEO and Chief Scientist of Free & Fair, a Galois spin-out focusing on high-assurance elections technologies and services.  He is also the Research Lead at Galois of several programs: Rigorous Software Engineering, Verifiable Elections, High-assurance Cryptography, and Audits-for-Good.

Prior to joining Galois in 2014, Dr. Kiniry was a Full Professor at the Technical University of Denmark (DTU). There, he was the Head of DTU’s Software Engineering section. Dr. Kiniry also held a guest appointment at the IT University of Copenhagen. Over the past decade, he has held permanent positions at four universities in Denmark, Ireland, and The Netherlands.

Dr. Kiniry has around fifteen years experience in the design, development, support, and auditing of supervised and internet/remote electronic voting systems while he was a professor at various universities in Europe. He co-led the DemTech research group at the IT University of Copenhagen and has served as an adviser to the Dutch, Irish, and Danish governments in matters relating to electronic voting.  He now advises the U.S. government on these matters via his participation in the EAC-NIST VVSG public working groups.

Key quotes:
Twitter: @kiniry

Jeremy Epstein

Master's in Computer Sciences from Purdue University

Jeremy Epstein joined DARPA as a program manager in February 2016. His technical research interests span cybersecurity, with particular interest in systems security. He was previously the lead for the National Science Foundation's cybersecurity research program.

Jeremy Epstein is a senior computer scientist with SRI International in Arlington, Virginia. At SRI, he has been principal investigator on the NSF-funded ACCURATE research program (www.accurate-voting.org) and supported the Department of Homeland Security Science & Technology cybersecurity research program. He is also a member of the US Election Assistance Commission's Voting Security Risk Assessment (VSRA) team. Prior to joining SRI, Jeremy spent almost nine years as head of product security for Software AG, a global business software company.

Key quotes:
Key documents:
Websites:

Labels: , , ,

Monday, August 22, 2016

City of Kitchener 2012 Report on Internet Voting

The City of Kitchener did a report in 2012, titled FCS-12-191 Alternative Voting - Internet Voting (link will open a page viewer).

Because the City of Kitchener website provides a page viewer and a button to generate a PDF download, I've made a copy of the PDF, you can view and download it from Google Drive (click the down-pointing arrow in the upper right of that screen to download).

The report is particularly good is in the area of turnout.  It concludes
there is no clear indication that [internet voting] increases voter turnout. There is data that shows internet voting does not increase voter turnout amongst younger voters. 
The conclusion is supported by tables in the Results and Outcomes section showing data from Markham, Peterborough, and Burlington, with a particularly detailed breakdown for Markham.  See the image extracted from the document below:


Let me re-emphasize the last sentence in the above extract:

There is clear evidence that, regardless of geography internet voting does not attract younger voters.

I believe it is the Markham evidence that underlies the Canadian Internet Voting Project's (@ivotingproject) October 31, 2015 tweet stating "Young ontario voters (aged 18-24) more likely to use paper ballots than internet voting"
The Kitchener report however unfortunately comes to an incorrect conclusion about security "Security issues are a real threat but most studies conclude that the risk is small to medium." The reality is most studies conclude the risk is large.

The staff report's Executive Summary recommended against adopting Internet voting and indeed Kitchener rejected Internet voting for 2014.

Executive Summary (extract)

Staff is of the opinion that [internet voting] should not be introduced in 2014 based on several factors outlined in greater detail in this report such as:
Previously
June 23, 2016  City of Mississauga report on Internet Voting

Labels: , , , , , ,

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?