Tag: Voting
-
How NOT to Assess an E-voting System
by Vanessa Teague, an Australian computer scientist, cryptographer, and security/privacy expert. (Part 2 of a 5-part series starting here) Australian elections are known for the secret ballot and a long history of being peaceful, transparent and well run. So it may surprise you to learn that the Australian state of New South Wales (NSW) is…
-
How to Assess an E-voting System
Part 1 of a 5-part series If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several…
-
A PDF File Is Not Paper, So PDF Ballots Cannot Be Verified
A new paper by Henry Herrington, a computer science undergraduate at Princeton University, demonstrates that a hacked PDF ballot can display one set of votes to the voter, but different votes after it’s emailed – or uploaded – to election officials doing the counting. For overseas voters or voters with disabilities, many states provide “Remote Accessible Vote…
-
ES&S Uses Undergraduate Project to Lobby New York Legislature on Risky Voting Machines
The New York State Legislature is considering a bill that would ban all-in-one voting machines. That is, voting machines that can both print votes on a ballot and scan and count votes from a ballot – all in the same paper path. This is an important safeguard because such machines, if they are hacked by…
-
Blockchains and voting
I’ve been asked about a number of ideas lately involving voting systems and blockchains. This blog piece talks about all the security properties that a voting system needs to have, where blockchains help, and where they don’t. Let’s start off a decade ago, when Daniel Sandler and I first wrote a paper saying blockchains would be…
-
Security against Election Hacking – Part 2: Cyberoffense is not the best cyberdefense!
State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the…
-
Security against Election Hacking – Part 1: Software Independence
There’s been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states’ and counties’ election computers as “critical cyber infrastructure” and prioritize the “cyberdefense” of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the…
-
Election security as a national security issue
We recently learned that Russian state actors may have been responsible for the DNC emails recently leaked to Wikileaks. Earlier this spring, once they became aware of the hack, the DNC hired Crowdstrike, an incident response firm. The New York Times reports: Preliminary conclusions were discussed last week at a weekly cyberintelligence meeting for senior officials.…
-
Increasing Civic Engagement Requires Understanding Why People Have Chosen Not to Participate
Last month, I was a poll watcher for the mayoral primary in Washington, DC. My duties were to monitor several polling places to confirm that each Precinct Captain was ensuring that the City’s election laws were being followed on site; in particular, that everyone who believed that they were qualified to vote was able to…
-
Information Facilitating Participation in Elections Must Be Readily Available – Principle #10 for Fostering Civic Engagement Through Digital Technologies
For the final installment of my series of blog posts outlining ten principles that governments and local communities should consider when evaluating whether they are using digital technology effectively to facilitate civic engagement, I will discuss the issue that goes to the core of democracy in our country – the public having access to information…