DOCSLIB.ORG

IN the UNITED STATES DISTRICT COURT for the NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION DONNA CURLING, Et Al. Plaintiff

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IN the UNITED STATES DISTRICT COURT for the NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION DONNA CURLING, Et Al. Plaintiff Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 1 of 188 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION ) DONNA CURLING, et al. ) ) Plaintiff, ) ) CIVIL ACTION FILE NO.: 1:17-cv-2989-AT vs. ) ) ) BRIAN P. KEMP, et al. ) ) ) Defendant. ) DECLARATION OF RICHARD A. DeMILLO RICHARD A. DeMILLO hereby declares as follows: 1. This statement supplements my declaration of August 20, 2018 addressing the Defendants’ incorrect and misleading assertion that the phrase “undetectable manipulation” has been manufactured to suit the present lawsuit by the Plaintiffs “for the convenient reason that it dodges any test for corroboration.” 2. In that declaration I noted that undetectable manipulation is the aim of Advanced Persistent Threats (“APT”) and pointed out that the publicly Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 2 of 188 announced consensus view of U.S. intelligence agencies and legislative committees that have access to classified threat information is that APTs are responsible for past and continuing efforts to scan, penetrate, manipulate and disrupt the American election system. 3. I also cited the many textbooks that analyze the various mechanisms that such threats might use to avoid detection. Although techniques for discovering the presence or activity of malware that seeks to cover its tracks through stealth are the basic building blocks of cybersecurity education, students are taught that malware may be undetectable either because proper countermeasures have not been deployed or because the countermeasures are not effective. 4. On September 6, 2018, the National Academy of Sciences, Engineering, and Medicine and the associated National Research Council (NAS) issued a report entitled “Securing the Vote: Protecting American Democracy” [National Academies Publication 25120, Attached as Exhibit 1]. Had the NAS report been publicly available, I would have cited it in my August 20 declaration. 5. I now wish to supplement that declaration to include references to the NAS report. Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 3 of 188 6. The NAS was established by the Congress of the United States of America by an Act of Incorporation in 1863. The Act to Incorporate the National Academy of Sciences1, also known as the Academy Charter, was signed by President Lincoln on March 3, 1863, establishing the Academy as an independent honorary and consulting body with its own governance and structure. The Act also sets out an obligation for the Academy to provide scientific and technical advice to any department of the Government, whenever requested, with the Academy receiving no compensation for its services. The Academy Charter states: " ... the Academy shall, whenever called upon by any department of the Government, investigate, examine, experiment, and report upon any subject of science or art ....” 7. The Charter also applies to the subsequent establishment of the Academies of Engineering and Medicine and the National Research Council. 8. Reports of any of the Academies and the National Research Council are developed by rigorous information gathering and analysis and are subjected to rigorous peer reviews before they are released to the public. A “consensus report” is one in which the study committee without dissent backs the study’s findings and recommendations. 1 http://www.nasonline.org/about-nas/leadership/governing-documents/act-of-incorporation.html Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 4 of 188 9. A consensus report of the NAS therefore represents the highest authority that the U.S. Government can rely upon when it seeks to be advised on matters of science, technology and engineering. 10. The NAS is not an advocacy group. The NAS study “Securing the Vote” was commissioned and members of the committee were selected before filing of the present lawsuit. 11. Although I have served on prior NAS cyber security study committees, I was not involved with the research, writing, or reviewing of this report. 12. In the matter of undetectable manipulation, the NAS report defines the concept of software independence as follows: “A voting system is software independent if an (undetected) change or error in its software cannot cause an undetectable change or error in an election outcome.” [NAP 25120 p. 82] 13. The report further explains how auditability is used to prevent such undetectable changes: “An auditable voting system is software independent.” [NAP 25120 p. 82] 14. For these reasons, the NAS report makes the following recommendation for removing DREs of the kind used in Georgia’s elections from service as soon as possible: “Elections should be conducted with human-readable paper ballots. These may be marked by hand or by machine (using a ballot- marking device); they may be counted by hand or by machine (using an Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 5 of 188 optical scanner). Recounts and audits should be conducted by human inspection of the human-readable portion of the paper ballots. Voting machines that do not provide the capacity for independent auditing (e.g., machines that do not produce a voter-verifiable paper audit trail) should be removed from service as soon as possible.” [NAP 25120 p. 6] 15. The report goes on to recommend as follows: “Every effort should be made to use human-readable paper ballots in the 2018 federal election.” [NAP 25120 p. 7] 16. Recognizing that optical ballot scanners and tabulation computers are not immune from malicious manipulation, in order to detect and remedy such manipulations, the report recommends that “Each state should require a comprehensive system of post-election audits of processes and outcomes.” [NAP 25120 p.8] 17. I note it is the consensus view of the National Academies of Science, Engineering, and Medicine that the 2018 election be conducted consistent with Coalition Plaintiff’s requested relief, requiring the use of paper ballots and post-election auditing of the results. I declare under penalty of perjury, in accordance with 28 U.S.C. § 1746, that the foregoing is true and correct. Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 6 of 188 Executed on this date, September 9, 2018. Richard A. DeMillo Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 7 of 188 EXHIBIT 1 Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 8 of 188 THE NATIONAL ACADEMIES PRESS This PDF is available at http://nap.edu/25120 SHARE Ū ſ Ŷ Þ Securing the Vote: Protecting American Democracy DETAILS 180 pages | 6 x 9 | PAPERBACK ISBN 978-0-309-47647-8 | DOI 10.17226/25120 CONTRIBUTORS GET THIS BOOK Committee on the Future of Voting: Accessible, Reliable, Verifiable Technology; Committee on Science, Technology, and Law; Policy and Global Affairs; Computer Science and Telecommunications Board; Division on Engineering and Physical FIND RELATED TITLES Sciences; National Academies of Sciences, Engineering, and Medicine Visit the National Academies Press at NAP.edu and login or register to get: – $FFHVVWRIUHH3')GRZQORDGVRIWKRXVDQGVRIVFLHQWL¿FUHSRUWV a – 10% off the price of print titles e ±(PDLORUVRFLDOPHGLDQRWL¿FDWLRQVRIQHZWLWOHVUHODWHGWR\RXULQWHUHVWV c – Special offers and discounts Distribution, posting, or copying of this PDF is strictly prohibited without written permission of the National Academies Press. (Request Permission) Unless otherwise indicated, all materials in this PDF are copyrighted by the National Academy of Sciences. Copyright © National Academy of Sciences. All rights reserved. Securing the Vote: Protecting American Democracy Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 9 of 188 Committee on the Future of Voting: $FFHVVLEOH5HOLDEOH9HULÀDEOH7HFKQRORJ\ &RPPLWWHHRQ6FLHQFH7HFKQRORJ\DQG/DZ 3ROLF\DQG*OREDO$IIDLUV &RPSXWHU6FLHQFHDQG7HOHFRPPXQLFDWLRQV%RDUG 'LYLVLRQRQ(QJLQHHULQJDQG3K\VLFDO6FLHQFHV A Consensus Study Report of Copyright National Academy of Sciences. All rights reserved. Securing the Vote: Protecting American Democracy Case 1:17-cv-02989-AT Document 285-1 Filed 09/09/18 Page 10 of 188 THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001 This activity was supported with grants to the National Academy of Sciences from the Carnegie Corporation of New York (#G-16-53637) and the William and Flora Hewlett Foundation (#G-2016-5031) and with funds from National Academy of Sciences’ W. K. Kellogg Foundation Fund and the National Academies of Sciences, Engineering, and Medicine’s Presidents’ Circle Fund. Any opinions, findings, conclu- sions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for the project. International Standard Book Number-13: 978-0-309-47647-8 International Standard Book Number-10: 0-309-47647-X Library of Congress Control Number: 2018952779 Digital Object Identifier: https://doi.org/10.17226/25120 Additional copies of this publication are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu. Copyright 2018 by the National Academy of Sciences. All rights reserved. Printed in the United States of America Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2018. Securing the Vote: Protecting American Democracy. Washington, DC: The National Academies Press. doi: https://doi.org/10.17226/25120. Copyright National Academy of Sciences. All rights reserved. Securing the Vote: Protecting American Democracy
Load more

Recommended publications
  • Security of Voting Systems Ronald L
    Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept. November 9, 2009 Voting is Easy… ??? "What's one and one and one and one and one and one and one and one and one and one?" "I don't know," said Alice. "I lost count." “She can't do addition," said the Red Queen. There are three kinds of people working on elections: 1. those who can count 2. and those who can’t. ? Outline Voting technology survey What is being used now ? Voting Requirements Security Threats Security Strategies and Principles New voting systems proposals: “Twin” and “Scantegrity II” Voting Tech Survey Public voting Paper ballots Lever machines Punch cards Optical scan DRE (Touch-screen) DRE + VVPAT (paper audit trail) Vote by mail (absentee voting) Internet voting (?) New voting methods (“end-to-end”), involving invisible ink, multiple ballots, scratch-off, cryptography, and other innovations… Public Voting The County Election. Bingham. 1846. Paper Ballots Lincoln ballot, 1860, San Francisco “Australian ballot”, 1893, Iowa city Lever Machines Invented in 1892. Production ceased in 1982. See “Behind the Freedom Curtain” (1957) Punch card voting Invented 1960’s, based on computerized punch card. Now illegal, by HAVA (Help America Vote Act) of 2002. The famous “butterfly ballot” A “dimpled chad” ??? Optical scan (“opscan”) First used in 1962 DRE (“Touchscreen”) Direct Recording by Electronics First used in 1970’s Essentially, a stand-alone computer DRE + VVPAT DRE+Voter-Verified Paper Audit Trail. First used in 2003. Vote By Mail Often used for absentee voting, but some states use it as default.
    [Show full text]
  • VVSG Comments
    Before the U.S. ELECTION ASSISTANCE COMMISSION In the Matter of ) COMMENTS SUBMISSION ) VOLUNTARY VOTING SYSTEM ) Pursuant to 84 FR 6775, Doc. No.: 2019-03453 ) GUIDELINES VERSION 2.0 ) Wednesday, May 29th, 2019 ) DEVELOPMENT ) EAC Offices, Silver Spring, MD PUBLIC COMMENTS SUBMISSION OSET INSTITUTE COMMENTS LED BY GLOBAL DIRECTOR OF TECHNOLOGY EDWARD P. PEREZ REGARDING THE VOLUNTARY VOTING SYSTEM GUIDELINES VERSION 2.0 PRINCIPLES AND GUIDELINES Comment #1 Issue: Principles and Guidelines vs. Functional Requirements Reference: Overall VVSG 2.0 Structure The OSET Institute applauds the U.S. Election Assistance Commission (hereinafter, “EAC”) for making efforts to ensure that the future Voluntary Voting System Guidelines (VVSG) certification program is more flexible and agile than it has been in the past. With increasingly faster advances of technology matched by newly emerging cyber-security threats, it is essential for the VVSG to support regular adaptation and modification. Toward that end, VVSG 2.0's initial distinction between "Principles and Guidelines" versus "Functional Requirements" is well placed and laudable. In order to deliver on the promise of such a distinction, the OSET Institute believes that the following programmatic requirements must be adhered to: • “Principles and Guidelines" reflect policy statements, and any modifications to the Principles and Guidelines should require approval of EAC Commissioners. • Functional Requirements (and VSTL test assertions) do not represent policy statements, and their modification should not require approval of EAC Commissioners. Functional Requirements are simply the technical means to operationalize or implement the achievement of policy goals represented in the Principles and Guidelines. • Functional Requirements must support the policy goals represented in the Principles and Guidelines.
    [Show full text]
  • A Secure, Transparent, Auditable, and Reliable Voting System
    USENIX Journal of Election Technology and Systems (JETS) Volume 1, Number 1 • August 2013 STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System Susan Bell, Office of the Travis County Clerk Josh Benaloh, Microsoft Research Michael D. Byrne, Rice University Dana DeBeauvoir, Office of the Travis County Clerk Bryce Eakin, independent researcher Gail Fisher, Office of the Travis County Clerk Philip Kortum, Rice University Neal McBurnett, ElectionAudits Julian Montoya, Office of the Travis County Clerk Michelle Parker, Office of the Travis County Clerk Olivier Pereira, Universite´ catholique de Louvain Philip B. Stark, University of California, Berkeley Dan S. Wallach, Rice University Michael Winn, Office of the Travis County Clerk STAR-Vote is a collaboration between a number of academics and the Travis County (Austin), Texas elections office, which currently uses a DRE voting system and previously used an optical scan voting system. STAR-Vote represents a rare oppor- tunity for a variety of sophisticated technologies, such as end-to-end cryptography and risk limiting audits, to be designed into a new voting system, from scratch, with a variety of real world constraints, such as election-day vote centers that must support thousands of ballot styles and run all day in the event of a power failure. This paper describes the current design of STAR-Vote which is now largely settled and whose development will soon begin. 1. INTRODUCTION A decade ago, DRE voting systems promised to improve many aspects of voting. By having a computer mediating the user’s voting experience, they could ostensibly improve usability through summary screens and a variety of accessibility features including enlarged text, audio output, and specialized input devices.
    [Show full text]
  • The Help America Vote Act and Election Administration: Overview and Selected Issues for the 2016 Election
    The Help America Vote Act and Election Administration: Overview and Selected Issues for the 2016 Election Arthur L. Burris, Coordinator Section Research Manager Eric A. Fischer Senior Specialist in Science and Technology October 18, 2016 Congressional Research Service 7-5700 www.crs.gov RS20898 The Help America Vote Act and Election Administration: Overview for 2016 Summary The deadlocked November 2000 presidential election focused national attention on previously obscure details of election administration. Congress responded with the Help America Vote Act of 2002 (HAVA; P.L. 107-252). HAVA created the Election Assistance Commission (EAC), established a set of election administration requirements, and provided federal funding, but it did not supplant state and local control over election administration. Several issues have arisen or persisted in the years since HAVA was enacted. Some observers have criticized the EAC for being obtrusive, slow, ineffectual, or even unnecessary. Others believe that the agency is an important resource for improving the election administration. The EAC lacked a quorum of commissioners between 2011 and 2015. HAVA requires computerized state voter registration systems, and its voting-system requirements promote the use of electronic voting systems. However, those systems, especially the kinds that record votes directly into a computer’s memory (DREs), raise concerns about security and reliability. In response, many states have enacted requirements for paper ballot records that can be verified by the voter and used in recounts. All states now use paper-based optical scan systems for at least some voters, and most use them in at least some polling places. DRE systems are also used in most states, in many cases to meet HAVA accessibility requirements, but in several states to serve as the primary voting system in at least some jurisdictions.
    [Show full text]
  • STS Recommendations for the TGDC
    Discussion Draft Context Description: Posted Dec. 1, 2006 This draft report was prepared by NIST staff at the request of the Technical Guidelines Development Committee (TGDC) to serve as a point of discussion at the Dec. 4-5 meeting of the TGDC. Prepared in conjunction with members of a TGDC subcommittee, the report is a discussion draft and does not represent a consensus view or recommendation from either NIST or the TGDC. It reflects the conclusions of NIST research staff for purposes of discussion. The TGDC is an advisory group to the Election Assistance Commission, which produces voluntary voting system guidelines and was established by the Help America Vote Act. NIST serves as a technical advisor to the TGDC. The NIST research and the draft report's conclusions are based on interviews and discussions with election officials, voting system vendors, computer scientists, and other experts in the field, as well as a literature search and the technical expertise of its authors. It is intended to help in developing guidelines for the next generation of electronic voting machine to ensure that these systems are as reliable, accurate, and secure as possible. Issues of certification or decertification of voting systems currently in place are outside the scope of this document and of the TGDC's deliberations. Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC November 2006 Acronyms and Terms Used in This Paper The following acronyms and terms are used in this paper. Some of these terms are also defined in the draft VVSG 2007 glossary, located at http://vote.nist.gov/TGDC/VVSG2007- glossary-20061011.doc.
    [Show full text]
  • Voluntary Voting System Guidelines VVSG 2.0 Requirements for the Voluntary Voting System Guidelines 2.0
    Voluntary Voting System Guidelines VVSG 2.0 Requirements for the Voluntary Voting System Guidelines 2.0 February 10, 2021 Prepared for the Election Assistance Commission At the direction of the Technical Guidelines Development Committee 1 Acknowledgements Chair of the TGDC: Dr. Walter G. Copan Director of the National Institute of Standards and Technology (NIST) Gaithersburg, MD Representing the EAC Standards Board: Robert Giles Paul Lux Director Supervisor of Elections New Jersey Division of Elections Okaloosa County Trenton, NJ Crestview, FL Representing the EAC Board of Advisors: Neal Kelley Linda Lamone Registrar of Voters Administrator of Elections Orange County Maryland State Board of Elections Orange County, CA Annapolis, MD Representing the Architectural and Transportation Barrier, and Compliance Board (Access Board): Marc Guthrie Sachin Pavithran Public Board Member Public Board Member Newark, OH Logan, UT Representing the American National Standards Institute (ANSI): Mary Saunders Vice President, Government Relations & Public Policy American National Standards Institute Washington, DC Representing the Institute of Electrical and Electronics Engineers: Dan Wallach Professor, Electrical & Engineering Computer Science Rice University Houston, TX Representing the National Association of State Election Directors (NASED): Lori Augino Judd Choate Washington State Director of Elections State Elections Director Washington Secretary of State Colorado Secretary of State Olympia, WA Denver, CO 2 Requirements for VVSG 2.0 February 10, 2021 Individuals with technical and scientific expertise relating to voting systems and equipment: McDermot Coutts Geoff Hale Chief Architect/Director of Technical Computer Security Expert Development Washington, DC Unisyn Voting Solutions Vista, CA Diane Golden David Wagner Accessibility Expert Professor, Electrical & Engineering Grain Valley, MO Computer Science University of California-Berkeley Berkeley, CA 3 Public Working Groups discussed and developed guidance to inform the development of requirements for the VVSG.
    [Show full text]
  • Comments on Voluntary Voting System Guidelines U.S. Public Policy Committee of the Association for Computing Machinery (USACM)
    Comments on Voluntary Voting System Guidelines U.S. Public Policy Committee of the Association for Computing Machinery (USACM) May 5, 2008 On behalf of the U.S. Public Policy Committee of the Association for Computing Machinery (USACM), we are submitting the following comments on the Voluntary Voting System Guidelines (VVSG) released by the Election Assistance Commission (EAC). With over 88,000 members, ACM is the world’s largest educational and scientific computing society, uniting educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. USACM acts as the focal point for ACM’s interaction with the U.S. Congress and government organizations. It seeks to educate and assist policy-makers on legislative and regulatory matters of concern to the computing community. USACM is a standing committee of the ACM. It tracks US public policy initiatives that may impact the membership of ACM and the public at large, and provides expert input to policy-makers. This input is in the form of non-partisan scientific data, educational materials, and technical analyses that enable policy-makers to reach better decisions. Members of USACM come from a wide-variety of backgrounds including industry, academia, government, and end users. Our goal in this review is to ensure technical feasibility and accuracy, best practices, and promotion of voter confidence in election results while protecting potential vendors from unduly onerous or vague requirements, and also providing reasonable, actionable statements for local and Federal officials. We have submitted our comments on specific recommendations through the online submission website. Those comments are also included here, following our general comments about the VVSG.
    [Show full text]
  • Evidence-Based Elections P.B
    IEEE SECURITY AND PRIVACY, SPECIAL ISSUE ON ELECTRONIC VOTING, 2012. LAST EDITED 8 MAY 2012. 1 Evidence-Based Elections P.B. Stark and D.A. Wagner Abstract—We propose an alternative to current requirements While approximately 75% of US voters currently vote on for certifying voting equipment and conducting elections. We equipment that produces a voter-verifiable paper record of the argue that elections should be structured to provide convincing vote, about 25% vote on paperless electronic voting machines affirmative evidence that the reported outcomes actually reflect how people voted. This can be accomplished with a combination that do not produce such a record [1]. of software-independent voting systems, compliance audits, and Because paperless electronic voting machines rely upon risk-limiting audits. Together, these yield a resilient canvass complex software and hardware, and because there is no framework: a fault-tolerant approach to conducting elections that feasible way to ensure that the voting software is free of gives strong evidence that the reported outcome is correct or bugs or that the hardware is executing the proper software, reports that the evidence is not convincing. We argue that, if evidence-based elections are adopted, certification and testing of there is no guarantee that electronic voting machines record voting equipment can be relaxed, saving money and time and the voter’s votes accurately. And, because paperless voting reducing barriers to innovation in voting systems—and election machines preserve only an electronic record of the vote integrity will benefit. We conclude that there should be more that cannot be directly observed by voters, there is no way regulation of the evidence trail and less regulation of equipment, to produce convincing evidence that the electronic record and that compliance audits and risk-limiting audits should be required.
    [Show full text]
  • Election Security Is Harder Than You Think
    Election Security is Harder Than You Think by Matthew Bernhard A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in the University of Michigan 2020 Doctoral Committee: Professor J. Alex Halderman, Chair Assistant Professor Nikola Banovic Research Professor Peter Honeyman Professor Walter R. Mebane, Jr. Institute Professor Ronald L. Rivest Matthew Bernhard [email protected] ORCID iD: 0000-0002-2700-8921 © Matthew Bernhard 2020 DEDICATION To Mom and Dad, who raised me to be thoughtful, compassionate, and curious. ii ACKNOWLEDGEMENTS Thanks to my parents for supporting my going to grad school even though it wasn’t always clear why. Thanks to my mom for supporting me no matter what. I regret that you’ll never get to read this. Thanks to my dad for being a shelter from the storm and a shoulder to lean on throughout the very difficult past year, and for helping me throughout life in all manner of things. Thanks to Monica, without whom the last mile would have been unfinished. Thanks to Ben VanderSloot, who has been in the trenches with me since day one, and who has taught me so much about how to engage critically in the world. Thanks to Allison McDonald, for being a best friend when I needed one most, and for helping me recalibrate my understanding and expectations of the world. Thanks to Ram Sundara Raman for comisserating and listening. Thanks to Reethika Ramesh for giving me hope that good things and good people can survive grad school. Thanks to Sai Gouravajhala, David Adrian, Zakir Durumeric, Pat Pannuto, Eric Wustrow, Drew Springall, Andrew Kwong, Kevin Loughlan, Andrew Quinn, Chris Dzombak, Deepkika Natarajan, Marina Minkin, Haizhong Zheng, Tim Trippel, Ofir Weisse, Renuka Kumar, Steve Sprecher, Connor Bolton, and so many others who made grad school what it was.
    [Show full text]
  • Building Reliable Voting Machine Software
    Building Reliable Voting Machine Software Ka-Ping Yee B. A. Sc. (University of Waterloo) 1998 A dissertation submitted to the Graduate Division of the University of California, Berkeley in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Committee in charge: Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair Professor Henry Brady Professor Joseph Hellerstein Fall 2007 The dissertation of Ka-Ping Yee is approved. Professor David Wagner (Co-chair) Date Professor Marti Hearst (Co-chair) Date Professor Henry Brady Date Professor Joseph Hellerstein Date University of California, Berkeley Fall 2007 Building Reliable Voting Machine Software Copyright © 2007 Ka-Ping Yee Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, version 1.2 or any later version published by the Free Software Foundation, with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the appendix entitled GNU Free Documentation License. Abstract Building Reliable Voting Machine Software Ka-Ping Yee Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today’s voting machines.
    [Show full text]
  • ACCURATE Public Comment on the Voluntary Voting System Guidelines
    PUBLIC COMMENT ON THE VOLUNTARY VOTING SYSTEM GUIDELINES, VERSION II (FIRST ROUND)∗ Submitted to The United States Election Assistance Commission May 5, 2008 ∗This material is based upon work supported by the National Science Foundation under A Center for Correct, Usable, Reliable, Auditable and Transparent Elections (ACCURATE), Grant Number CNS-0524745. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. This public comment narrative was prepared by Aaron Burstein and Joseph Lorenzo Hall of the Samuelson Law, Technology and Public Policy Clinic along with comments from the Principal Investigators and Advisory Board Members of the NSF ACCURATE Center. ACCURATE Principal Investigators Aviel D. Rubin Dan S. Wallach ACCURATE Director ACCURATE Associate Director Department of Computer Science Department of Computer Science Johns Hopkins University Rice University [email protected] [email protected] http://www.cs.jhu.edu/~rubin/ http://www.cs.rice.edu/~dwallach/ Dan Boneh Michael D. Byrne Department of Computer Science Department of Psychology Stanford University Rice University [email protected] [email protected] http://crypto.stanford.edu/~dabo/ http://chil.rice.edu/byrne/ David L. Dill Douglas W. Jones Department of Computer Science Department of Computer Science Stanford University University of Iowa [email protected] [email protected] http://verify.stanford.edu/dill/ http://www.cs.uiowa.edu/~jones/ Deirdre K. Mulligan Peter G. Neumann School of Law Computer Science Laboratory University of California, Berkeley SRI International [email protected] [email protected] http://www.law.berkeley.edu/faculty/ http://www.csl.sri.com/users/neumann/ profiles/facultyProfile.php?facID=1018 David A.
    [Show full text]
  • Software Independence Revisited
    Chapter 1 Software Independence Revisited Ronald L. Rivest Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology (MIT) Cambridge, MA 02139 [email protected] Madars Virza Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology (MIT) Cambridge, MA 02139 [email protected] CONTENTS 1.1 Introduction ....................................................... 4 1.2 Problem: Software complexity of voting systems .................... 4 1.2.1 The difficulty of evaluating complex software for errors ..... 5 1.2.2 The need for software-independent approaches ............. 6 1.3 Definition and rationale for software-independence .................. 6 1.3.1 Refinements and elaborations of software-independence .... 7 1.3.2 Examples of software-independent approaches ............. 8 1.4 How does one test for software-independence? ...................... 9 1.5 Discussion ......................................................... 10 1.5.1 Implications for testing and certification .................... 10 1.5.2 Related issues ............................................. 10 3 4 ⌅ Real-World Electronic Voting: Design, Analysis and Deployment 1.6 Evidence-based elections ........................................... 11 1.7 The use of a public ledger .......................................... 11 1.8 End-to-end verifiable voting systems ............................... 12 1.9 Program verification ............................................... 15 1.10 Verifiable computation and zero-knowledge proofs .................
    [Show full text]