Wombat Voting: Open Audit Elections in Israel

My friend Alon Rosen is leading an effort with colleagues Amon Ta-Shma, Ben Riva, and Yoni Ben-Nun in Israel to implement and deploy in-person open-audit voting. The project is called Wombat Voting. It combines a number of existing cryptographic techniques in a very nice package. Oh, and they’ve implemented it and used it to run a 2000+ voter election, with apparently a few more elections in the pipeline. There’s a ton of press about them. Here’s how it works: Voters use an intuitive, touch-screen interface, receive a paper ballot they can physically cast in a transparent ballot box, and they … Continue reading Wombat Voting: Open Audit Elections in Israel

Online Voting is Terrifying and Inevitable

Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed surreptitiously the users’ machines could get compromised by a virus, which would then flip votes as it chooses with little or no trace even if somehow we secure the entire digital channel, there’s still the issue of your spouse looking over your shoulder, strongly suggesting you vote a certain way So, terrifying. And yet, I’m now pretty sure it is … Continue reading Online Voting is Terrifying and Inevitable

everything I know about voting I learned from American Idol

Tonight, American Idol began online voting. Yes, I’m a fan of American Idol, but don’t let that fool you: I’m still a bitchin’ cryptographer. I suspect that American Idol online voting will give rise to many questions such as “wow, awesome, now when can I vote in US Elections with my Facebook account?” and “Why is online voting so hard anyways?” Perhaps I can be of assistance. the voting process So the process is much like other Facebook-connected sites: using Facebook Connect, you log in and grant the American Idol Voting site some permissions, including reading your profile info (ok), … Continue reading everything I know about voting I learned from American Idol

Crisis in the Java Community… could they have used a secret-ballot election?

There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue appears to be that Oracle, the new Java “owner” since they acquired Sun Microsystems, is paying lip service to the Java Community while taking the language and, more importantly, its licensing, into the direction they prefer, which doesn’t appear to be very open-source friendly. That said, I’m not a Java Community expert, so I won’t comment much more on this … Continue reading Crisis in the Java Community… could they have used a secret-ballot election?

faulty logic, even for good, is still faulty

So Alex Halderman and team hacked the DC Internet Voting pilot. The voting system they attacked was not particularly well secured, and the type of attack used is a fairly simple web input corruption attack with little novelty. This hack, however, performs a very useful task: educating election officials and the public about what hacks against an Internet Voting System look like. What happens next is going to be very interesting. The folks who have been fighting hard against Internet Voting should be careful not to use the same faulty logic they’ve been criticizing for years. When the discussion was … Continue reading faulty logic, even for good, is still faulty

Fort Knox vs. the Barking Dog

Over the last few days, Alex Halderman and his team at the University of Michigan hacked an Internet Voting System being field-tested by the DC Board of Elections. First, we need to commend both Alex’s team for their dutiful analysis of this system, and, more importantly, the DC Board of Elections for running an open security evaluation of their system. I say “more importantly” because there is very little good press to gain from such a test: in fact the DC Board of Elections is already getting a lot of grief, the hah-hah-they-got-haxored articles just write themselves. I think they … Continue reading Fort Knox vs. the Barking Dog

Usenix Security, voting and health security

I’m at Usenix Security 2010 in DC, starting with the EVT/WOTE Workshop on voting where I’ll be presenting an update on Helios, then the HealthSec workshop where I’ll be on a panel discussing my paper with Zak Kohane and Ken Mandl on using a Personally Controlled Health Record for health-information exchange [PDF]. The voting crowd is emerging from a 2-day workshop with election officials on remote voting for military and overseas voters. I’m trying to get a sense of attendees’ impressions from that workshop, but suffice it to say that it seems to have been “exciting.” Ron Rivest compared online … Continue reading Usenix Security, voting and health security

What the Oscars teach us about voting

This year, the voting process for the Oscars has changed. Rather than indicating a single choice as they have done since 1946, members of the Academy will provide a first choice, a second choice, etc.. potentially ranking all 10 nominees for Best Picture if so desired. Some are speculating that this will affect the results. Some are writing really confusing articles about this change, with very misleading lines like “Getting the most votes is no longer enough.” Here’s the short version of this post: (1) of course ranked-voting is going to affect the Oscar results! and (2) this year, the … Continue reading What the Oscars teach us about voting