It's strange attending from home - no laser show!
Keynote Speaker: Matt Blaze, Georgetown University
Early elections in the US used little technology - they were literally just in a room and raising hands, but that doesn't scale and it is also not secret. The earliest technology was simple paper ballots that were hand counted. As long as the ballot box wasn't tampered with, you could have high confidence your ballot was counted. It was also easy to observe/audit.
We moved onto machine counted ballots or direct-recorded voting machines, and finally computers. The technology doesn't matter as much as the voters trust the technology and the outcome.
It can be hard to get right - do to some conflicting requirements: secrecy and transparency. How do you audit and make sure everyone's vote was counted in the way they wanted it counted, but w/out disclosing how they voted?
It is impossible to re-do an election. They need to be certified by a certain date and you cannot really do them again, there's not enough time to do it before transition of power should occur.
The federal government doesn't have as much oversight over each state for a federal election as you might think - they are mostly run by counties, with guidance and standards set federally. There is no place to change everything nationwide.
The ballots can (and usually do) vary even within the county - think about school board, city council, local ordinances, etc. In 2016, there were 178,217 distinct ballots in the US. Sixty percent of eligible voters participated in the election, 17% cast in-person in early voting and 24% was by mail, but the majority were still in person.
In the US, we spend more money campaigning than on running the election itself.
Traditional threats to voting: vote selling, ballot stuffing or mis-counting. Foreign state adversaries are also a threat, but they may not care about who wins - just that the process is disrupted and cast doubt on the legitimacy of the election.
Taking a walk down memory lane: hanging chads! Florida was using a punch card system (aside: we used the same system in Santa Clara county when I moved here, except we didn't have the "assistance" of the physical ballot - I had to bring in my sample ballot so I'd know which holes to punch. In that case, since the Supreme Court stopped the count, we ended up with a certified election that nobody (but the winner) was satisfied - they did not feel their votes were counted.
This debacle did lead to HAVA (Help America Vote Act) - mandated every one to change their voting equipment and did provide funding to purchase it. Unfortunately, improved tech wasn't widely available, Most common were DRE (Direct Recording) voting machines - it's computerized. This is different than the older model, where we used offline computers to tally the votes. These new machines are networked, and much more reliant on software.
As you are aware - software is hard to secure. There are no general techniques to determine if it is correct and secure. SW is designed to be easily changed - maybe too easy, if you're not authorized and still able to make a change. This is a problem for these voting machines.
E-voting, in practice, has a huge attack surface: firmware, software, networking protocols, USB drives floating around, non-technical poll workers, accidental deletion of records, viruses....
Every current system that is out there now is terrible in at least one way, if not several. There is an exception from the DMCA to do security research on voting machines. This makes the DefCon voting village a lot of fun (and will be available this year as well).
Some people are suggesting hand count all - but, there are just too many items per ballot. The amount of work to do a complete hand count is infeasible.
The other extreme: the blockchain! But, it makes us much more dependent on the SW and the client (and what it puts in the blockchain). This does address tamper detection, but not prevention/recovery. Also, civil elections aren't a decentralized consensus process.
There have been two important breakthroughs - first form Ron Rivest on Software Independence: a voting system is software independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome. .... but not how to accomplish that. Stark came up with Risk-Limiting audits: statistical method to sample a subset of voting machines for post-election hand audit to ensure they reported correct results. if that fails, hand count the rest.
You can learn more in the paper of "Securing the Vote" from the National Academy.
Everything seemed like 2020 was going to go well... until... March. Who would've expected a global pandemic?
When we think about voter disruption, you might not be able to get to the polling place due to travel or disability - you can get an absentee ballot (including "no excuse" ballot) - but, with the exception of states like Oregon, they are a small percentage.
If there are local or regional emergencies, like an earthquake or hurricane, that may prevent polling places from opening. There was an election in NYC on September 11, 2001 - it was definitely disrupted and then highly contested.
Postponing election is a very disruptive thing - have to figure out what that means for the US? Who then becomes president while we wait for the election? Are there other options?
In an emergency, people may not be able to vote in their normal way: there may not be enough poll workers, they may be in the hospital, recently moved, etc. We are seeing increased pressure on the counties for this, in a time of decreased funding.
Matt then did a great walkthrough of vote-by-mail, how signatures are verified and ballot processing. How do we scale this up? Exception handling can be very labor intensive, and there is high pressure on chain of custody. it's hard to know how many people will ask for absentee ballots - they may not have enough, and they can't just copy ballots - so there is a necessary lead time.
how can you help? Volunteer as a poll worker, election judge, wherever your county needs assistance with this election.
Posts
No comments:
Post a Comment