From Blindside

The UK is to hold more electronic voting pilots during the May 2007 elections.

Contents 1 What is it? 2 Executive Summary 2.1 Impact and Maturity 3 Common forms of e-voting 3.1 Kiosk 3.2 Remote 3.3 Phone 3.4 e-Counting 4 Issues 4.1 The IA issues 4.2 Timescale 4.3 Examples 4.4 Severity 4.5 Comments 5 Organisations 6 Documents 7 Academic experts

[edit] What is it?

What is E-Voting? Electronic voting covers the range of products that allow the casting and counting votes using electronic means.

[edit] Executive Summary

The government is to trial electronic and internet voting at the local authority elections in England next May. The current pen and paper based system has evolved over time into a very effective system to avoid fraud, it has the advantage of being easy to understand and does not required specialist skills or knowlage to verfy its integrity.

Electronic voting does not have these features, the systems pose a serious, and likely undetectable, risk of fraud.

[edit] Impact and Maturity

We assign this an Impact Level of 3, our highest level, based on the severe consequences of even a one-time failure of an election. However, alternative methods (er, pen and paper) are available and have been used in instances of technological failure in the recent past. We assign this a Maturity Level of 2, as although there are numerous applications of each of the remote voting systems described below, no national and few regional (e.g., the U.S. State of Oregon) depend entirely on remote data collection procedures (and Oregon uses snail mail), which has allowed technical development of solutions to proceed at a leisurely pace.

The real risk in e-Voting is coercion of vote casting that is enabled by the vote process occurring outside of a polling station (see below). This is happening now and is a serious problem--however, it does not have IA implications.

[edit] Common forms of e-voting

[edit] Kiosk

Kiosk e-voting consists of dedicated machines being used in the polling station or elsewhere, such as shopping malls, to let electors cast their votes. Votes are cast using buttons or a touch screen and are stored in an electronic memory. If used in a polling place, kiosk systems have the advantage of being supervised.

[edit] Remote

Voters sit at home or in a library and use a computer or digital television to mark their ballot. Note:The DCA has excluded interactive TV voting from the 2007 pilots, but not ruled it out in the future.

[edit] Phone

Votes are cast either through a touch-tone system (similar to that used for television votes) or through SMS text messages on mobile phones. Authentication is achieved through the use of PIN and access codes that are mailed to voters ahead of the ballot. Note:The DCA has excluded mobile phone voting from the 2007 pilots, but not ruled it out in the future.

[edit] e-Counting

Specially designed ballots are marked by voters in such a way that an optical counting machine, i.e. a computer, can read them. The advantages of the paper ballot system are retained, but counts are quicker and if problems arise recounts of the ballot can still be done by hand. The Hacking Democracy documentary showed that without strict controls (such as mandated manual counts of a small number of randomly selected contents), even optical counting systems can be subject to serious fraud.

[edit] Issues

[edit] The IA issues

• Integrity
• Confidentiality
• Critical National Infrastructure
• Security
• Availability
• Trust
• Coercion and Corruption

Coercion and corruption of electors is specific to unsupervised voting, outside a formal polling station. E-voting is not a requirement for this (postal votes suffer the same problem) but some forms of E-voting are advanced specifically to allow unsupervised voting, and this introduces new problems. This is discussed at more length in Coercion and Corruption in Unsupervised Voting.

• Confabulated Elections and Single Issues

E-voting can enable very complex elections covering many issues. In the US, it is common to have local referendums and elections for local officials on the same electronic ballot as major national elections. E-voting encourages the creation of these confabulated elections by handling the complexity of what could otherwise be an infeasibly large ballot paper. At first sight, it seems that this is an increase in the "amount of democracy", allowing people to vote on many issues. However, the technology has been manipulated in the USA by placing divisive local issues on the same electronic ballot as important national votes. For example, a local referendum on gay marriage drives right-wing fundamentalists to the polls with a high turnout, and these people are known to favour candidates from the Republican party.

[edit] Timescale

• Imminent less than 18 months

Trial of the system occurring during the 3 May elections.

[edit] Examples

E-voting: Democratic or dangerous?

Hart InterCivic selects SOE Software’s Election Software Solutions

[edit] Severity

Worse case the system can be compromised and the result of the election can be fixed with out any one becoming aware of it.

Machines can also viably malfunction, this can lead to delays, lost votes and incorrectly cast votes.

For internet voting the risks are even greater. It relies on the voters computers not being compromised, some thing that is not a reasonable expectation as a large number of the general population are already using computers that have been compromised.

Internet voting can be disrupted by DDOS attacks, making it impossible to use.

[edit] Comments

Electoral Commission's letter to Lord Falconer 1 December 2006

On the basis of the applications submitted we are unable to support any of the proposals...

The Commission considered seven applications for electronic voting pilot schemes, we are concerned that many of these applications contain much less detail than we would expect for schemes of this level of complexity and risk. In particular security issues relating to electronic voting.

The Open Rights Group provide a detailed E-Voting briefing pack on many of the issues in the UK.

Countries worldwide are learning that expensive e-voting technologies are not as secure, accurate or reliable as suppliers promise. Systems fail on election day, software bugs prevent votes being recorded, voters find the interfaces hard to use, and recounts turn out to be impossible. These problems occur even when authorities have implemented testing, certification and audit processes for the systems being used.

Voting is a uniquely difficult question for computer science: the system must verify your eligibility to vote; know whether you have already voted; and allow for audits and recounts. Yet it must always preserve your anonymity and privacy. Currently, there are no practical solutions to this highly complex problem and existing systems are unacceptably flawed.

[edit] Organisations

• Open Rights Group (UK)
• Foundation for Information Policy Research (UK)
• Black Box Voting is a non-partisan, non-profit, organization. The official consumer protection group for elections, funded by citizen donations. (USA)
• verifiedvoting.org to make sure that there is a paper record of every vote and that voters are able to verify the accuracy of that record before the ballot is cast. (USA)
• E-voting Electronic Frontier Foundation (EFF) (USA)
• National Committee for Voting Integrity (USA)
• ACCURATE A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections (funded by the US National Science Foundation) (USA)
• US Election Assistance Commission (USA)
• Catech-MIT Voting Technology Project (USA)
• California Voter Foundation (USA)
• Irish Citizens for Trustworthy Evoting (Ireland)
• CCC Germany (Germany)
• Ordinateurs-de-vote.org Citizens and computer scientists for verifiable elections (France)
• PourEVA For an ethical computerised vote (Belgium)
• 'We Do Not Trust Voting Machines' (The Netherlands)
• EFVE - Europeans For Verifiable Elections (EU)
• Open Voting Foundation (USA)
• European Digital Rights (EU) (ERDI mailing list on electronic voting)
• Microsoft Corporation
• Open Source als Onderdeel van de Software Strategie
• BigPulse
• Hart InterCivic

[edit] Documents

• e-voting Briefing Pack Open Rights Group January 2007
• Nedap voting computer a security analysis October 2006

90% of the of the votes in The Netherlands are cast on the Nedap/Groenendaal ES3B voting computer. With very minor modifications, the same computer is also being used in parts of Germany and France. Use of this machine in Ireland is currently on hold after significant doubts were raised concerning its suitability for elections. This paper details how we installed new software in Nedap ES3B voting computers. It details how anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results. It also shows how radio emanations from an unmodified ES3B can be received at several

• Rebecca Mercuri's Web site has many of her papers and other writings on the many flaws she has found in expert examininations of voting equipment in the US. Dr. Mercuri completed her doctoral dissertation on electronic voting in 2000.

[edit] Academic experts

Ian Brown / David Chaum / Ben Fairweather / Ari Juels / Jason Kitcat / Rebecca Mercuri / Peter Neumann / Brian Randell / Ron Rivest / Avi Rubin / Peter Ryan / Berry Schoenmakers / Barbara Simons / David Wagner