State-Wide Elections, Optical Scan Voting Systems, and the Pursuit of Integrity

In recent years, two distinct electronic voting technologies have been introduced and extensively utilized in election procedures: direct recording electronic systems and optical scan (OS) systems. The latter are typically deemed safer, as they inherently provide a voter-verifiable paper trail that enables hand-counted audits and recounts that rely on direct voter input. For this reason, OS machines have been widely deployed in the United States. Despite the growing popularity of these machines, they are known to suffer from various security vulnerabilities that, if left unchecked, can compromise the integrity of elections in which the machines are used. This article studies general auditing procedures designed to enhance the integrity of elections conducted with optical scan equipment and, additionally, describes the specific auditing procedures currently in place in the State of Connecticut. We present an abstract view of a typical OS voting technology and its relationship to the general election process. With this in place, we lay down a ldquotemporal-resourcerdquo adversarial model, providing a simple language for describing the disruptive power of a potential adversary. Finally, we identify how audit procedures, injected at various critical stages before, during, and after an election, can frustrate such adversarial interference and so contribute to election integrity. We present the implementation of such auditing procedures for elections in the State of Connecticut utilizing the Premiere (Diebold) AccuVote OS; these audits were conducted by the UConn VoTeR Center, at the University of Connecticut, on request of the Office of the Secretary of the State. We discuss the effectiveness of such procedures in every stage of the process and we present results and observations gathered from the analysis of past election data.

[1]  David Chaum,et al.  Evaluation of voting systems , 2004, CACM.

[2]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[3]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[4]  Aggelos Kiayias,et al.  Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[5]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  Dan S. Wallach,et al.  Hack-a-vote: Security issues with electronic voting systems , 2004, IEEE Security & Privacy Magazine.

[7]  Aggelos Kiayias,et al.  Taking total control of voting systems: firmware manipulations on an optical scan voting terminal , 2009, SAC '09.

[8]  Aggelos Kiayias,et al.  An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal , 2007, EVT.

[9]  Aggelos Kiayias,et al.  Pre-Election Testing and Post-Election Audit of Optical Scan Voting Terminal Memory Cards , 2008, EVT.

[10]  David Wagner,et al.  Security Analysis of the Diebold AccuBasic Interpreter , 2006 .

[11]  Vote-Switching Software Provided by Vendors , 2006 .

[12]  Lawrence D. Norden,et al.  The Machinery of Democracy - Protecting Elections in an Electronic World , 2007 .

[13]  Douglas W. Jones Auditing elections , 2004, CACM.