The DRE Debate: Getting Unstuck - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

The DRE Debate: Getting Unstuck

Description:

Election officials will be able to violate ballot secrecy. 9/4/09 ... training for elections officials including ... Election officials are busy / under funded ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 33
Provided by: rciRu
Category:
Tags: dre | debate | getting | unstuck

less

Transcript and Presenter's Notes

Title: The DRE Debate: Getting Unstuck


1
The DRE Debate Getting Unstuck
  • Eric Lazarus
  • DecisionSmith

2
Debate Must be Advanced
  • Could deter people from voting
  • Slow adoption of better technologies Perfect as
    enemy of good
  • Has not resulted in far more secure systems yet
  • We could miss much of the benefit of the HAVA
    opportunity
  • Wider issues

3
Lets Take a Moment to Summarize
  • Anyone who isnt steeped can contact me to review
    them all

4
Pro-DRE
Many civil rights leaders
  • Pre-DRE technology has huge error rates
  • Accessibility
  • No time to wait for security
  • These systems are not worse than older technology
  • Ballot design is easier w/ touch screen machines

5
Anti-DRE
Nearly all computer security experts
  • Easter Eggs are EASY to write and hide
  • You cant trust computers
  • You cannot test them
  • You cannot reliably inspect them
  • The current generation is not designed for
    verifiability or security
  • It would not be hard to do better with crypto,
    paper ballots, etc. (Example AutoMark)
  • Small group theory
  • Bathtub problem
  • Machines cause long lines that PCOS would not

6
Anti-VVPT
  • Voters may well not study the printed ballot even
    if you ask them to intersection is too small.
  • Asking them to will undermine their confidence in
    the voting system and make them less likely to
    vote.
  • DRE machines with paper added will break down, be
    expensive, not add security as ballot boxes can
    be stuffed.
  • Election officials will be able to violate ballot
    secrecy

7
Pro-VVPT
  • While paper does not solve all problems (a
    candidate can be dropped from the ballot, for
    example) it can be used to detect Easter Egg and
    make them less effective.
  • Paper can be made countable as we see with paper
    money and with Precinct Count Optical Scan (PCOS)
    systems
  • Ballot privacy can be maintained as long as you
    avoid the roll-to-roll design used in Nevada.
  • There are LOTS of ways that paper could be done
    badly but thats not an argument against doing it
    well. AutoMark example.

8
Provable Systems
  • Why settle for just VVPT when we can set up
    systems that guarantee integrity and can prove it
    to the voter?

9
Pro-DRE Side Says
  • These computer scientist dont know the first
    thing about elections!
  • There are real, practical problems associated
    with elections including voter confusion,
    poll-worker confusion, voter intimidation, voter
    roll manipulation. This DRE/VVPT debate is a
    distraction

10
Computer Scientists say
  • The elections officials are simply not qualified
    to have an opinion about if an Easter Egg will
    be detected
  • Actual studies of security of DRE voting systems
    are rare and show poor results
  • There is motivation and opportunity to e-steal
    elections

11
Illustration Gaming Whats Missing
  • Ladder of trust with signed firmware at bottom
  • Multiple people with different keys
  • Field trails as part of certification
  • Hash compare in the field randomly every two
    years
  • Auditing the auditors
  • Certification done by gov. employees willing to
    share/discuss their methods
  • Post-employment restrictions on working for
    vendors
  • Penalties for messing up
  • Assumption of cheating

12
Anti-DRE Points of Vulnerability
Software Developed (Very High)
Terminal Built (High)
Software Built (Very High)
Terminal Shipped (High)
Software Certified (Low)
Terminal Stored (High)
Software Shipped (High)
Terminal Software Refreshed (Very High)
Terminal Tested (Low)
Each technology is different but there are big
vulnerabilities at each stage of the process
which are not addressed. Ratings reflect my
concern areas.
Terminal Shipped to Polling Place (High)
Terminal Stored at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Polling (Medium)
Poll Closing (Low)
Votes Transmitted (High)
Votes Tallied (Medium)
Tallies Transmitted (Low)
13
Pro-DRE The real problems are
Voter Registered
Voter Roll Maintained
Roll Manipulation
Voter Informed of Voting Location
Intimidation
Voter Checked In
Vote Recorded
Ballot Box Stuffing
Vote Tallied
Result Reported
Results Audited
Result Certified
14
We are all people of good will here
  • There must be a way to move forward from this
    position
  • How can we make sure we are really progressing
    this?
  • The US could be an example of excellence in
    elections to the world we are not.

15
Excellence would involve
  • Well designed policies and procedures
  • Superb training for elections officials including
    poll workers
  • Great technology at the terminal level
  • Great technology at the tally level
  • Great ballot design
  • Great systems for maintaining voter rolls

16
Excellence would involve
  • Encouraging voter participation
  • Defense-in-depth for entire system
  • Reform of reapportionment so it can be done by
    machine w/o legislative input
  • UCC of Voting

17
What Keeps Us Stuck?
  • Customer not demanding
  • Technical attacks seem theoretical and low
    probability
  • Election officials are busy / under funded
  • There is an assumption that they dont need
    consulting support
  • Lack of commitment to addressing the issue
  • Between the Sept 11th families and re-run-off in
    Ukraine
  • Ask yourself what is keeping us stuck?

18
How can the CSTB help?
  • Which direction would actually progress matters?
  • Find for each of these arguments?
  • Sponsor an international contest?
  • Recommend the development of open source
    technology which meets requirements?
  • Focus on a framework for understanding?
  • Press for more funding of key elements of
    research?

19
Assess the Arguments
  • Are there ways to identify Easter Eggs in
    conventional DRE machines?
  • Can voters be successfully encouraged to study
    the VV ballot?
  • Will DRE machines w/ paper added be troublesome,
    inaccessible or too expensive?

20
Prestigious International Competition
  • The design of a voting system which
  • Provides accessibility
  • Protects ballot privacy
  • Is protected against technical attacks
  • Can detect attempts at attack
  • Economical
  • Usable / low voter error rates
  • Big prize for the winner

21
Open-Source Technology
  • Other countries have a national voting machine
  • One could surely imagine an open source solution
    with paper ballot capabilities perhaps licensing
    a provable technology
  • Do we want to have our concern about the welfare
    of vendors get in the way of rolling up sleeves
    and solving the problem, Manhattan project style

22
A Framework for Understanding
  • Setting priorities
  • How do we evaluate
  • Terminals?
  • Other voting devices (Davids Printer?)
  • Entire voting systems?
  • Understanding entire systems and rules

23
What will move this debate forward?
  • Worth thinking about this question very hard

24
FDA Error
  • Recently criticized better than placebo
    failing at risk mgt
  • Likewise we certify machines no better than ones
    out there now
  • Should CSTB be pushing the envelope more usable,
    more secure, more accessible?
  • or is good enough enough?

25
What is really going to make a difference from
CSTB?
26
Mary Parker Fallet (1866-1933)
  • Turning conflict into something positive
  • A Wins, B Wins or Compromise.
  • Window example
  • Creative synthesis Neither A nor B but C
  • Focus on our goals rather than our positions
    the situation determines the way forward

27
Election Officials
  • Trouble-free elections
  • Respected / not to be vilified or disrespected
  • Have the budget to do what they are supposed to do

28
Computer Scientists
  • Start out wanting terminals that cant be hacked
  • As they learn more
  • Tally machines
  • Voter roll management
  • Policies and procedures
  • Chain of custody
  • Training of poll workers

29
Civil Rights Folks My Constituents
  • Accessibility for disabled
  • Accessibility for language groups
  • Simple, non-intimidating, usable, accurate
  • Right now, no delay

30
Brennan Centers Direction
  • Evaluate the practical technologies for 2006, an
    important year for HAVA
  • Our goal is to bring experts together around the
    facts if not the policy recommendations and
    publish the results
  • Anyone who wishes to help us should contact me
    917 589 6579
  • We are working with Doug Jones, Sam Reed, Dan
    Wallach, Jim Dickson, Frank W. Abagnale Jr. and
    others.

31
2004 Recommendations
  • Retaining independent security experts
  • Providing a thorough training program for all
    election officials and workers on security
    procedures
  • Establishing a permanent independent technology
    panel
  • Establishing standard procedures for regular
    reviews of audit facilities and operating logs
  • Preparing and following standardized procedures
    for responses to alleged incidents

32
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com