Title: The DRE Debate: Getting Unstuck
1The DRE Debate Getting Unstuck
- Eric Lazarus
- DecisionSmith
2Debate Must be Advanced
- Could deter people from voting
- Slow adoption of better technologies Perfect as
enemy of good
- Has not resulted in far more secure systems yet
- We could miss much of the benefit of the HAVA
opportunity - Wider issues
3Lets Take a Moment to Summarize
- Anyone who isnt steeped can contact me to review
them all
4Pro-DRE
Many civil rights leaders
- Pre-DRE technology has huge error rates
- Accessibility
- No time to wait for security
- These systems are not worse than older technology
- Ballot design is easier w/ touch screen machines
5Anti-DRE
Nearly all computer security experts
- Easter Eggs are EASY to write and hide
- You cant trust computers
- You cannot test them
- You cannot reliably inspect them
- The current generation is not designed for
verifiability or security - It would not be hard to do better with crypto,
paper ballots, etc. (Example AutoMark) - Small group theory
- Bathtub problem
- Machines cause long lines that PCOS would not
6Anti-VVPT
- Voters may well not study the printed ballot even
if you ask them to intersection is too small. - Asking them to will undermine their confidence in
the voting system and make them less likely to
vote. - DRE machines with paper added will break down, be
expensive, not add security as ballot boxes can
be stuffed. - Election officials will be able to violate ballot
secrecy
7Pro-VVPT
- While paper does not solve all problems (a
candidate can be dropped from the ballot, for
example) it can be used to detect Easter Egg and
make them less effective. - Paper can be made countable as we see with paper
money and with Precinct Count Optical Scan (PCOS)
systems - Ballot privacy can be maintained as long as you
avoid the roll-to-roll design used in Nevada. - There are LOTS of ways that paper could be done
badly but thats not an argument against doing it
well. AutoMark example.
8Provable Systems
- Why settle for just VVPT when we can set up
systems that guarantee integrity and can prove it
to the voter?
9Pro-DRE Side Says
- These computer scientist dont know the first
thing about elections!
- There are real, practical problems associated
with elections including voter confusion,
poll-worker confusion, voter intimidation, voter
roll manipulation. This DRE/VVPT debate is a
distraction
10Computer Scientists say
- The elections officials are simply not qualified
to have an opinion about if an Easter Egg will
be detected
- Actual studies of security of DRE voting systems
are rare and show poor results - There is motivation and opportunity to e-steal
elections
11Illustration Gaming Whats Missing
- Ladder of trust with signed firmware at bottom
- Multiple people with different keys
- Field trails as part of certification
- Hash compare in the field randomly every two
years - Auditing the auditors
- Certification done by gov. employees willing to
share/discuss their methods - Post-employment restrictions on working for
vendors - Penalties for messing up
- Assumption of cheating
12Anti-DRE Points of Vulnerability
Software Developed (Very High)
Terminal Built (High)
Software Built (Very High)
Terminal Shipped (High)
Software Certified (Low)
Terminal Stored (High)
Software Shipped (High)
Terminal Software Refreshed (Very High)
Terminal Tested (Low)
Each technology is different but there are big
vulnerabilities at each stage of the process
which are not addressed. Ratings reflect my
concern areas.
Terminal Shipped to Polling Place (High)
Terminal Stored at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Terminal Setup at Polling Place (Medium)
Polling (Medium)
Poll Closing (Low)
Votes Transmitted (High)
Votes Tallied (Medium)
Tallies Transmitted (Low)
13Pro-DRE The real problems are
Voter Registered
Voter Roll Maintained
Roll Manipulation
Voter Informed of Voting Location
Intimidation
Voter Checked In
Vote Recorded
Ballot Box Stuffing
Vote Tallied
Result Reported
Results Audited
Result Certified
14We are all people of good will here
- There must be a way to move forward from this
position
- How can we make sure we are really progressing
this? - The US could be an example of excellence in
elections to the world we are not.
15Excellence would involve
- Well designed policies and procedures
- Superb training for elections officials including
poll workers - Great technology at the terminal level
- Great technology at the tally level
- Great ballot design
- Great systems for maintaining voter rolls
16Excellence would involve
- Encouraging voter participation
- Defense-in-depth for entire system
- Reform of reapportionment so it can be done by
machine w/o legislative input - UCC of Voting
17What Keeps Us Stuck?
- Customer not demanding
- Technical attacks seem theoretical and low
probability - Election officials are busy / under funded
- There is an assumption that they dont need
consulting support
- Lack of commitment to addressing the issue
- Between the Sept 11th families and re-run-off in
Ukraine - Ask yourself what is keeping us stuck?
18How can the CSTB help?
- Which direction would actually progress matters?
- Find for each of these arguments?
- Sponsor an international contest?
- Recommend the development of open source
technology which meets requirements? - Focus on a framework for understanding?
- Press for more funding of key elements of
research?
19Assess the Arguments
- Are there ways to identify Easter Eggs in
conventional DRE machines? - Can voters be successfully encouraged to study
the VV ballot? - Will DRE machines w/ paper added be troublesome,
inaccessible or too expensive?
20Prestigious International Competition
- The design of a voting system which
- Provides accessibility
- Protects ballot privacy
- Is protected against technical attacks
- Can detect attempts at attack
- Economical
- Usable / low voter error rates
- Big prize for the winner
21Open-Source Technology
- Other countries have a national voting machine
- One could surely imagine an open source solution
with paper ballot capabilities perhaps licensing
a provable technology - Do we want to have our concern about the welfare
of vendors get in the way of rolling up sleeves
and solving the problem, Manhattan project style
22A Framework for Understanding
- Setting priorities
- How do we evaluate
- Terminals?
- Other voting devices (Davids Printer?)
- Entire voting systems?
- Understanding entire systems and rules
23What will move this debate forward?
- Worth thinking about this question very hard
24FDA Error
- Recently criticized better than placebo
failing at risk mgt - Likewise we certify machines no better than ones
out there now - Should CSTB be pushing the envelope more usable,
more secure, more accessible? - or is good enough enough?
25What is really going to make a difference from
CSTB?
26Mary Parker Fallet (1866-1933)
- Turning conflict into something positive
- A Wins, B Wins or Compromise.
- Window example
- Creative synthesis Neither A nor B but C
- Focus on our goals rather than our positions
the situation determines the way forward
27Election Officials
- Trouble-free elections
- Respected / not to be vilified or disrespected
- Have the budget to do what they are supposed to do
28Computer Scientists
- Start out wanting terminals that cant be hacked
- As they learn more
- Tally machines
- Voter roll management
- Policies and procedures
- Chain of custody
- Training of poll workers
29Civil Rights Folks My Constituents
- Accessibility for disabled
- Accessibility for language groups
- Simple, non-intimidating, usable, accurate
- Right now, no delay
30Brennan Centers Direction
- Evaluate the practical technologies for 2006, an
important year for HAVA - Our goal is to bring experts together around the
facts if not the policy recommendations and
publish the results - Anyone who wishes to help us should contact me
917 589 6579 - We are working with Doug Jones, Sam Reed, Dan
Wallach, Jim Dickson, Frank W. Abagnale Jr. and
others.
312004 Recommendations
- Retaining independent security experts
- Providing a thorough training program for all
election officials and workers on security
procedures - Establishing a permanent independent technology
panel - Establishing standard procedures for regular
reviews of audit facilities and operating logs - Preparing and following standardized procedures
for responses to alleged incidents
32(No Transcript)