Lecture on electronic voting
September 30th, 2003 | by aobaoill |When I spoke to the Computer Society at NUI, Galway earlier this year – on the topic of the introduction of electronic voting in Ireland – I didn’t put anything online, as my notes were all handwritten. I have now transcribed them, and include them below.
AIM
- Provide an overview of current and new electoral systems
- Discuss some of the concerns raised in relation to electronic voting
- Stimulate debate on what response to the issue should be
CURRENT SYSTEM
- Irish Constitution Article 12.2.3
The voting shall be by secret ballot and on the system of proportional representation by means of the single transferable vote
- register of electors maintained at a local level
- How we vote
- How count happens – including random surplus
- Weaknesses
- Register fallible
- random sample -> imprecision
- Manual count – small error, time
- Strengths
- Tally
- independent oversight
- Secondary – political information (but legal issues around that)
- Paper trail – large scale fraud difficult
- Tally
- Other points
- PR/STV unusual
- Q = ((valid poll)/(seats + 1)) + 1
NEW SYSTEM
- Voting experience
- Staff give voter a token
- Voter gives token to another staff member who “activates the voting machine”
- Vote by pressing buttons in order, then pressing button at top to cast vote
- Official sees a vote has been cast because of a signal on ‘control unit’
- Voting system
- Voting machine:
- NEDAP voting machine
- with voting module – votes stored at random in this module
- Suitcase sized
- Can have multiple papers
- At close of poll, ballots are copied to a back-up module in the machine
- Integrated election system
- Used in Germany, Netherlands, Ireland – but Ireland first to use for all election types
- Runs on standard computer running MS Windows 95 or later versions
- 200,000 lines of code in 150/180 source code units
- records data in MS Access Database
- Software reinstalled before each election as security feature
- Voting machine:
SOFTWARE DETAILS
- Borland Delphi 5 to develop applications [Object Pascal]
- Opus Direct Access to interface with MS Access (replaces Delphi’s normal database interface)
- Turbo Power’s Async Professional -> serial comms facilities
- Multilizer -> different language support
COUNT
- modules inserted in reading slot in programming unit – then stored securely
- All votes mixed, then numbered. [using Lehmer algorithm]
- Then counts, using election rules
- Then displays results
POINTS
- Currently still random surplus
- Report by ZERFLOW consultants late last year uncovered flaws [reported in RISKS Digest 22.44 30/12/2002 quoting Irish Independent 9/12/2002. Submitted by Derek Harnett]
- Paste dummy ballot paper over real paper
- Keys copied
- No paper audit trail
- Recounts
- No option
- Assumption that system is infallible?
GENERAL OBSERVATIONS
From Rebecca Mercuri – (Bryn Mawr College) notablesoftware.com reports various concerns:
- Voter confidentiality
- Audit trail and auditing
- Access control
- Recount
- Voter authentication and control
- How can we know the system is working properly (various concerns here)
- Prevent ballot-selling
- but allow voter to know vote has been recorded
- Downtimes? Alternate systems?
- “Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside of a voting system”
- If no printout, then no independent audit trail -> Mercuri method
- Voting systems are not certified to any standards, such as ISO Common Criteria
- “Any computerized election process is thus entrusted to the small group of individuals who program, construct and maintain the machines.”
Thesis (from U Penn): “The requirement for ballot privacy creates an unresolvable conflict with the use of audit trails in providing security assurance in a fully automated system.”
OTHER PROBLEMS
- Dept of Environment say new system is easier. Is it?
- Blank votes, spoilt votes not possible
- Moves election from social and cultural event – which provides a sense of occasion – to administrative process. Moves election away from the people.
- Doesn’t address fundamental problems with register.
- Postal ballots become quite distinct, and have a two-step process [read, enter into machine….]
- Open to new forms of attack and subversion
- Tied to COTS products – MS Windows/Access base.
- Not open to inspection. Software specs are available, but actual code appears not to be. And even if it was?
Sorry, comments for this entry are closed at this time.