E2E.VIV.Cover

 

[Screenshot image courtesy of usvotefoundation]

Way back in December 2013, I wrote about an ambitious new effort – sponsored by the US Vote Foundation (then the Overseas Vote Foundation) and funded by the Democracy Fund – to “tak[e] a research-based approach to the question of whether or not absentee ballots can be securely cast over the Internet.”

Last Friday, the report from that effort was released, and it lays out the considerations necessary for proper evaluation of voting over the Internet. Here’s the press release:

July 10, 2015 – Today’s release of The Future of Voting: End-to-End Verifiable Internet Voting Specification and Feasibility Assessment Study by U.S. Vote Foundation establishes a new reference for the security, usability and transparency requirements essential to the U.S. in any consideration of Internet voting for public elections.

Developed by a team of the nation’s leading experts in election integrity, election administration, high-assurance systems engineering, and cryptography, the report starts from the premise that public elections in the U.S. are a matter of national security. The authors assert that Internet voting systems must be transparent and designed to run in a manner that embraces the constructs of end-to-end verifiability – a property missing from existing Internet voting systems.

An end-to-end verifiable (E2E-V) voting system allows voters to 1) check that the system recorded their votes correctly; 2) check that the system included their votes in the final tally; 3) count the recorded votes and double-check the announced outcome of the election.  An Internet voting system that is end-to-end verifiable is an E2E-VIV system. The new set of system specifications that could eventually lead to a model E2E-VIV system includes an ideal cryptographic foundation, security, audit, and usability considerations, as well as technical approaches to the system architecture.

As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted, and according to the report, should be particularly avoided by the  premature deployment of Internet voting. The report aims to list the security challenges that exist with Internet voting and emphasizes that research should continue as the threat landscape continues to shift. Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S.

Key recommendations in the report to make Internet voting more secure and transparent include:

  1. Any public elections conducted over the Internet must be end-to-end verifiable – The report asserts that the use of Internet voting systems without end-to-end verifiability is irresponsible, and E2E-V is the only publicly available technology that provides assurance an Internet voting system is secure and transparent.
  2. End-to-End Verifiable systems must be in-person and supervised first – It is critical to first enhance the security of in-person voting systems with E2E-V, and learn from its deployment, before assuming the more complex task of deploying E2E-VIV systems.
  3. End-to-End Verifiable Internet Voting systems must be high assurance – E2E-VIV systems must be designed, constructed, verified, certified, operated and supported according to the most rigorous engineering requirements of mission- and safety-critical systems. A voting system vulnerable to privacy violations, programming errors, and security issues will undermine the trust of the electorate and validity of the results.
  4. End-to-End Verifiable Internet Voting systems must be usable and accessible to all voters – E2E-VIV systems must ensure usability and accessibility for all voters including those with disabilities.
  5. Maintain aggressive election R&D efforts – Formidable challenges in usability, reliability and security remain for the development of E2E-VIV systems and will require continued investment in peer-reviewed research and development to overcome.

The full report – which comes in both technical and non-technical flavors – is available at the US Vote Foundation’s report page.

Congratulations to everyone who participated in the report, especially Foundation President and CEO Susan Dzieduszycka-Suinat and Galois Principal Investigator Joseph Kiniry. Special thanks go to the team at the Democracy Fund for investing in such a crucial project – once which doesn’t necessarily have short-term implications but will structure the discussions about Internet voting for many months and years to come.