Tag: Voting
-
Switzerland’s E-voting: The Threat Model
Part 5 of a 5-part series starting here Switzerland commissioned independent expert reviews of the E-voting system built by Swiss Post. One of those experts concluded, “as imperfect as the current system might be when judged against a nonexistent ideal, the current system generally appears to achieve its stated goals, under the corresponding assumptions…
-
What the Assessments Say About the Swiss E-voting System
(Part 4 of a 5-part series starting here) In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms. They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”,…
-
How the Swiss Post E-voting system addresses client-side vulnerabilities
(Part 3 of a 5-part series starting here) In Part 1, I described how Switzerland decided to assess the security and accuracy of its e-voting system. Swiss Post is the “vendor” developing the system, the Swiss cantons are the “customer” deploying it in their elections, and the Swiss Parliament and Federal Chancellery are the “regulators,” …
-
How NOT to Assess an E-voting System
by Vanessa Teague, an Australian computer scientist, cryptographer, and security/privacy expert. (Part 2 of a 5-part series starting here) Australian elections are known for the secret ballot and a long history of being peaceful, transparent and well run. So it may surprise you to learn that the Australian state of New South Wales (NSW) is…
-
How to Assess an E-voting System
Part 1 of a 5-part series If I can shop and bank online, why can’t I vote online? David Jefferson explained in 2011 why internet voting is so difficult to make secure, I summarized again in 2021 why internet voting is still inherently insecure, and many other experts have explained it too. Still, several…
-
A PDF File Is Not Paper, So PDF Ballots Cannot Be Verified
A new paper by Henry Herrington, a computer science undergraduate at Princeton University, demonstrates that a hacked PDF ballot can display one set of votes to the voter, but different votes after it’s emailed – or uploaded – to election officials doing the counting. For overseas voters or voters with disabilities, many states provide “Remote Accessible Vote…
-
ES&S Uses Undergraduate Project to Lobby New York Legislature on Risky Voting Machines
The New York State Legislature is considering a bill that would ban all-in-one voting machines. That is, voting machines that can both print votes on a ballot and scan and count votes from a ballot – all in the same paper path. This is an important safeguard because such machines, if they are hacked by…
-
Blockchains and voting
I’ve been asked about a number of ideas lately involving voting systems and blockchains. This blog piece talks about all the security properties that a voting system needs to have, where blockchains help, and where they don’t. Let’s start off a decade ago, when Daniel Sandler and I first wrote a paper saying blockchains would be…
-
Security against Election Hacking – Part 2: Cyberoffense is not the best cyberdefense!
State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the…
-
Security against Election Hacking – Part 1: Software Independence
There’s been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states’ and counties’ election computers as “critical cyber infrastructure” and prioritize the “cyberdefense” of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the…