The DRE Debate: Getting Unstuck

1
The DRE Debate Getting Unstuck

• Eric Lazarus
• DecisionSmith

2
Debate Must be Advanced

• Could deter people from voting
• Slow adoption of better technologies Perfect as
  enemy of good

• Has not resulted in far more secure systems yet
• We could miss much of the benefit of the HAVA
  opportunity
• Wider issues

3
Lets Take a Moment to Summarize

• Anyone who isnt steeped can contact me to review
  them all

4
Pro-DRE
Many civil rights leaders

• Pre-DRE technology has huge error rates
• Accessibility
• No time to wait for security
• These systems are not worse than older technology
  
• Ballot design is easier w/ touch screen machines

5
Anti-DRE
Nearly all computer security experts

• Easter Eggs are EASY to write and hide
• You cant trust computers
• You cannot test them
• You cannot reliably inspect them
• The current generation is not designed for
  verifiability or security
• It would not be hard to do better with crypto,
  paper ballots, etc. (Example AutoMark)
• Small group theory
• Bathtub problem
• Machines cause long lines that PCOS would not

6
Anti-VVPT

• Voters may well not study the printed ballot even
  if you ask them to intersection is too small.
• Asking them to will undermine their confidence in
  the voting system and make them less likely to
  vote.
• DRE machines with paper added will break down, be
  expensive, not add security as ballot boxes can
  be stuffed.
• Election officials will be able to violate ballot
  secrecy

7
Pro-VVPT

• While paper does not solve all problems (a
  candidate can be dropped from the ballot, for
  example) it can be used to detect Easter Egg and
  make them less effective.
• Paper can be made countable as we see with paper
  money and with Precinct Count Optical Scan (PCOS)
  systems
• Ballot privacy can be maintained as long as you
  avoid the roll-to-roll design used in Nevada.
• There are LOTS of ways that paper could be done
  badly but thats not an argument against doing it
  well. AutoMark example.

8
Provable Systems

• Why settle for just VVPT when we can set up
  systems that guarantee integrity and can prove it
  to the voter?

9
Pro-DRE Side Says

• These computer scientist dont know the first
  thing about elections!

• There are real, practical problems associated
  with elections including voter confusion,
  poll-worker confusion, voter intimidation, voter
  roll manipulation. This DRE/VVPT debate is a
  distraction

10
Computer Scientists say

• The elections officials are simply not qualified
  to have an opinion about if an Easter Egg will
  be detected

• Actual studies of security of DRE voting systems
  are rare and show poor results
• There is motivation and opportunity to e-steal
  elections

11
Illustration Gaming Whats Missing

• Ladder of trust with signed firmware at bottom
• Multiple people with different keys
• Field trails as part of certification
• Hash compare in the field randomly every two
  years
• Auditing the auditors
• Certification done by gov. employees willing to
  share/discuss their methods
• Post-employment restrictions on working for
  vendors
• Penalties for messing up
• Assumption of cheating

12
Anti-DRE Points of Vulnerability
Software Developed (Very High)
Terminal Built (High)
Software Built (Very High)
Terminal Shipped (High)
Software Certified (Low)
Terminal Stored (High)
Software Shipped (High)
Terminal Software Refreshed (Very High)
Terminal Tested (Low)
Each technology is different but there are big
vulnerabilities at each stage of the process
which are not addressed. Ratings reflect my
concern areas.
Terminal Shipped to Polling Place (High)
Terminal Stored at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Polling (Medium)
Poll Closing (Low)
Votes Transmitted (High)
Votes Tallied (Medium)
Tallies Transmitted (Low)
13
Pro-DRE The real problems are
Voter Registered
Voter Roll Maintained
Roll Manipulation
Voter Informed of Voting Location
Intimidation
Voter Checked In
Vote Recorded
Ballot Box Stuffing
Vote Tallied
Result Reported
Results Audited
Result Certified
14
We are all people of good will here

• There must be a way to move forward from this
  position

• How can we make sure we are really progressing
  this?
• The US could be an example of excellence in
  elections to the world we are not.

15
Excellence would involve

• Well designed policies and procedures
• Superb training for elections officials including
  poll workers
• Great technology at the terminal level
• Great technology at the tally level
• Great ballot design
• Great systems for maintaining voter rolls

16
Excellence would involve

• Encouraging voter participation
• Defense-in-depth for entire system
• Reform of reapportionment so it can be done by
  machine w/o legislative input
• UCC of Voting

17
What Keeps Us Stuck?

• Customer not demanding
• Technical attacks seem theoretical and low
  probability
• Election officials are busy / under funded
• There is an assumption that they dont need
  consulting support

• Lack of commitment to addressing the issue
• Between the Sept 11th families and re-run-off in
  Ukraine
• Ask yourself what is keeping us stuck?

18
How can the CSTB help?

• Which direction would actually progress matters?
• Find for each of these arguments?
• Sponsor an international contest?
• Recommend the development of open source
  technology which meets requirements?
• Focus on a framework for understanding?
• Press for more funding of key elements of
  research?

19
Assess the Arguments

• Are there ways to identify Easter Eggs in
  conventional DRE machines?
• Can voters be successfully encouraged to study
  the VV ballot?
• Will DRE machines w/ paper added be troublesome,
  inaccessible or too expensive?

20
Prestigious International Competition

• The design of a voting system which
• Provides accessibility
• Protects ballot privacy
• Is protected against technical attacks
• Can detect attempts at attack
• Economical
• Usable / low voter error rates
• Big prize for the winner

21
Open-Source Technology

• Other countries have a national voting machine
• One could surely imagine an open source solution
  with paper ballot capabilities perhaps licensing
  a provable technology
• Do we want to have our concern about the welfare
  of vendors get in the way of rolling up sleeves
  and solving the problem, Manhattan project style

22
A Framework for Understanding

• Setting priorities
• How do we evaluate
• Terminals?
• Other voting devices (Davids Printer?)
• Entire voting systems?
• Understanding entire systems and rules

23
What will move this debate forward?

• Worth thinking about this question very hard

24
FDA Error

• Recently criticized better than placebo
  failing at risk mgt
• Likewise we certify machines no better than ones
  out there now
• Should CSTB be pushing the envelope more usable,
  more secure, more accessible?
• or is good enough enough?

25
What is really going to make a difference from
CSTB?
26
Mary Parker Fallet (1866-1933)

• Turning conflict into something positive
• A Wins, B Wins or Compromise.
• Window example
• Creative synthesis Neither A nor B but C
• Focus on our goals rather than our positions
  the situation determines the way forward

27
Election Officials

• Trouble-free elections
• Respected / not to be vilified or disrespected
• Have the budget to do what they are supposed to do

28
Computer Scientists

• Start out wanting terminals that cant be hacked
• As they learn more
• Tally machines
• Voter roll management
• Policies and procedures
• Chain of custody
• Training of poll workers

29
Civil Rights Folks My Constituents

• Accessibility for disabled
• Accessibility for language groups
• Simple, non-intimidating, usable, accurate
• Right now, no delay

30
Brennan Centers Direction

• Evaluate the practical technologies for 2006, an
  important year for HAVA
• Our goal is to bring experts together around the
  facts if not the policy recommendations and
  publish the results
• Anyone who wishes to help us should contact me
  917 589 6579
• We are working with Doug Jones, Sam Reed, Dan
  Wallach, Jim Dickson, Frank W. Abagnale Jr. and
  others.

31
2004 Recommendations

• Retaining independent security experts
• Providing a thorough training program for all
  election officials and workers on security
  procedures
• Establishing a permanent independent technology
  panel
• Establishing standard procedures for regular
  reviews of audit facilities and operating logs
• Preparing and following standardized procedures
  for responses to alleged incidents

32
(No Transcript)