Page 93 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)
P. 93
85
A Secure Architecture for Voting Electronically (SAVE)
and Direct Recording Electronic (DRE touch screens). While great controversy
surrounded the punch card system in the 2000 election, there is a large and
growing concern about the trustworthiness of DRE systems, princinct-counted
optical scan and indeed all computers used in voting systems [15,19]. Clearly,
given the history of continuous improvements in voting systems, new systems
will emerge again in an attempt to ameliorate problems in previous technologies.
2.1 Security Requirements and Desires for the Voting Process
From an experience election researcher’s point of view, new voting systems have a
set of basic requirements that must be satisfied by any new system. For engineers,
implementing these requirements poses new and unique challenges. Voting has
a unique set of security requirements that are more complex and difficult to
combine than other settings [27,20,28,21,22]. The basic security requirements of
the voting process are:
1. Each voter must be verified to be permitted to vote on exactly the races for
which they are permitted to vote, no more and no less.
2. Every vote cast must be counted as the voter intended.
3. The voter must not be able to prove that their vote was cast a particular
way.
At the outset, the first two requirements are fairly straightforward. The first re-
quirement involves the entire voting process, particularly the registration system
and the polling station practices. The second requirement requires the user in-
terface (paper, screen, touchpad) to respond properly to the desired selections,
the chain of custody of that selection to be unbroken, and the final tally to
accurately count each vote. The third requirement (to prevent vote buying or
physical coercion) prevents a plaintext (Alice voted for Bob) receipt process.
2.2 Background Reliability of Electronic Devices
Computerization has been used with great success in the financial sector, a
setting which demands absolute accuracy and reliability.
Computation systems are designed to be the most reliable systems for tab-
ulation. By their very character, they are not subject to the kinds of mechan-
ical failures that plague traditional voting equipment. Despite the advantages
that electronic systems offer, several papers and well-known authors [15,19] have
raised fears, uncertainties and doubts as to the effectiveness and trustworthiness
of electronic voting equipment.
However, it is possible to create electronic voting systems that, by their very
nature, are secure, reliable and trustworthy. An analysis of types of possible
attacks, the possible scope of these attacks, and the likelihood that they will
occur is a place to begin. The architecture should address these vulnerabilities.
