Year: 2022
-
Is Internet Voting Secure? The Science and the Policy Battles
I will be presenting a similarly titled paper at the 2022 Symposium Contemporary Issues in Election Law run by the University of New Hampshire Law review, October 7th in Concord, NH. The paper will be published in the UNH Law Review in 2023 and is available now on SSRN. I have already serialized parts of…
-
Recommendations for Updating the FTC’s Disclosure Guidelines to Combat Dark Patterns
Last week, CITP’s Tech Policy Clinic, along with Dr. Jennifer King, brought leading interdisciplinary academic researchers together to provide recommendations to the Federal Trade Commission on how it should update the 2013 version of its online digital advertising guidelines (the “Disclosure Guidelines”). This post summarizes the comment’s main takeaways. We focus on how the FTC…
-
The anomaly of cheap complexity
Why are our computer systems so complex and so insecure? For years I’ve been trying to explain my understanding of this question. Here’s one explanation–which happens to be in the context of voting computers, but it’s a general phenomenon about all our computers: There are many layers between the application software that implements an electoral…
-
Magical thinking about Ballot-Marking-Device contingency plans
The Center for Democracy and Technology recently published a report, “No Simple Answers: A Primer on Ballot Marking Device Security”, by William T. Adler. Overall, it’s well-informed, clearly presents the problems as of 2022, and it’s definitely worth reading. After explaining the issues and controversies, the report presents recommendations, most of which make a lot…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2)
By Chong Xiang and Prateek Mittal In our previous post, we discussed adversarial patch attacks and presented our first defense algorithm PatchGuard. The PatchGuard framework (small receptive field + secure aggregation) has become the most popular defense strategy over the past year, subsuming a long list of defense instances (Clipped BagNet, De-randomized Smoothing, BagCert, Randomized…
-
New Study Analyzing Political Advertising on Facebook, Google, and TikTok
By Orestis Papakyriakopoulos, Christelle Tessono, Arvind Narayanan, Mihir Kshirsagar With the 2022 midterm elections in the United States fast approaching, political campaigns are poised to spend heavily to influence prospective voters through digital advertising. Online platforms such as Facebook, Google, and TikTok will play an important role in distributing that content. But our new study…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks
By Chong Xiang and Prateek Mittal Thanks to the stunning advancement of Machine Learning (ML) technologies, ML models are increasingly being used in critical societal contexts — such as in the courtroom, where judges look to ML models to determine whether a defendant is a flight risk, and in autonomous driving, where driverless vehicles are…
-
Switzerland’s E-voting: The Threat Model
Part 5 of a 5-part series starting here Switzerland commissioned independent expert reviews of the E-voting system built by Swiss Post. One of those experts concluded, “as imperfect as the current system might be when judged against a nonexistent ideal, the current system generally appears to achieve its stated goals, under the corresponding assumptions…
-
What the Assessments Say About the Swiss E-voting System
(Part 4 of a 5-part series starting here) In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms. They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”,…
-
How the Swiss Post E-voting system addresses client-side vulnerabilities
(Part 3 of a 5-part series starting here) In Part 1, I described how Switzerland decided to assess the security and accuracy of its e-voting system. Swiss Post is the “vendor” developing the system, the Swiss cantons are the “customer” deploying it in their elections, and the Swiss Parliament and Federal Chancellery are the “regulators,” …