Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Computer Scientists Deploy First Practical, Web-Based, Secure, Verifiable Voting System!

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
BlooInBloo Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Mar-09-09 10:56 PM
Original message
Computer Scientists Deploy First Practical, Web-Based, Secure, Verifiable Voting System!
Edited on Mon Mar-09-09 10:56 PM by BlooInBloo
Apologies if this is a dupe. The game I play is currently undergoing an upgrading, and I'm catching up on some reading.

http://www.physorg.com/news155473407.html

Computer scientists affiliated with the Center for Research on Computation and Society (CRCS), based at the Harvard School of Engineering and Applied Sciences (SEAS), in collaboration with scientists at the Université Catholique de Louvain (UCL) in Belgium, deployed the first practical, web-based implementation of a secure, verifiable voting system for the presidential election held at UCL earlier this week.

Called Helios, the system was developed by Ben Adida, a fellow at CRCS and an instructor/researcher at the Children's Hospital Informatics Program, Harvard Medical School. Professors Jean-Jacques Quisquater and Olivier Pereira and Ph.D. student Olivier de Marneffe at UCL worked closely with the UCL Election Commission to integrate Helios into the University's infrastructure, implement UCL's custom weighted tallying system, and optimize the verification tools for the election size.

"Helios allows any participant to verify that their ballot was correctly captured, and any observer to verify that all captured ballots were correctly tallied," said Adida. "We call this open-audit voting because the complete auditing process is now available to any observer. This revolutionary approach to elections has been described in the literature for more than 25 years, yet this is the first real-world open-audit election of this magnitude and impact of outcome."

The verifiable voting system, available as open-source/free software, implements advanced cryptographic techniques to maintain ballot secrecy while providing a mathematical proof that the election tally was correctly computed.

Helios relies upon public key homomorphic encryption, a method where a public key is used to encrypt a message (in this case, a vote); messages can be combined under the covers of encryption (in this case, tallying the votes); and multiple independent private keys are required to decrypt the message (in this case, the election tally).

In an election, Helios works as follows:

• first, each voter receives a tracking number for his/her vote and the vote is encrypted with the election public key before it leaves the voter's browser;

• second, with the tracking number, a voter can then verify that their ballot was correctly captured by the voting system, which publishes a list of all tracking numbers prior to tallying; and

• finally, the voter, or any observer including election watchers from outside the election, can verify that these tracking numbers (the encrypted votes) were tallied appropriately. The election results contain a mathematical proof of the tally that cannot be "faked" even with the use of powerful computers.

"Because the tallying happens under the covers of encryption, the entire verification process is done without revealing the contents of each individual vote," explained Adida "Moreover, by using Helios, voters no longer need to blindly trust those supervising the election, as officials must provide mathematical proofs that everything was done appropriately."

The system was first tested in smaller elections throughout 2008 and then, in early February 2009, on a population of 3,000 voters at UCL in anticipation presidential election held during the first week of March. The UCL Presidential election was available to 25,000 eligible voters, of which 5,400 registered and 4,000 cast a ballot.


Check out the system itself at: http://www.heliosvoting.org/

It's completely likely there are bugs and what-not. Nevertheless, this sounds like a HUGE step forward.



EDIT: Missed a capitalization opportunity.
Printer Friendly | Permalink |  | Top
backscatter712 Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Mar-09-09 11:04 PM
Response to Original message
1. Cool! Punchscan has some competition!
You can look at Punchscan at http://punchscan.org/ .

Both this and the OP's system use technology for elections the way it should be used. Instead of making an opaque black box with a shiny touchscreen and blinking lights, but no verifiability and countless ways to cheat, technology is used to make the verification process transparent, and absolutely verifiable - to the point where the election can be verified with a mathematical proof.
Printer Friendly | Permalink |  | Top
 
BlooInBloo Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Mar-09-09 11:06 PM
Response to Reply #1
2. Personally, I like the blinky lights. I realize that's not enough for some of you tho....
:P
Printer Friendly | Permalink |  | Top
 
muriel_volestrangler Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 09:39 AM
Response to Reply #1
3. Punchscan looks like it'd be a nightmare of 'voting for the wrong candidate'
because each voter has to think "ah! my candidate is the 2nd one down in the list on this ballot, which has a 'C' beside it, and the 'C' is in the 1st marking spot in the row below, so I put my mark there".

This 2 part process of randomizing, which has to be followed by the voter, seems complicated, and the only reason I can see for it is to allow the voter a choice of whether to shred the top or bottom sheet of their ballot. There is the related Prêt à Voter system, in which the order of the choices on the ballot is randomized, and the names get thrown away after the mark has been made. The process of putting it through a 2 part encryption process after the vote is cast, 1 part of which can be revealed, to an auditor (with them choosing which part, at random) to check there's no cheating going on in tabulating, can remain the same.

If you're familiar with Punchscan, do you know why they think giving the voter a choice of 2 parts to throw away is important? I've searched their site, and so far I haven't found the reasoning. I think the voting process comes out too complicated - it'd make the 'butterfly ballot' look like a model of simplicity. Or do you know of any forums where I could ask the question?
Printer Friendly | Permalink |  | Top
 
backscatter712 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 01:30 PM
Response to Reply #3
6. Interesting points.
Prêt à Voter does look like it accomplishes the task of preserving the secret ballot while allowing the voters to take home proof of their vote and use it to ensure their vote has been recorded correctly.

It has the virtue of being simpler than Punchscan, but Punchscan does its thing the way it does because that enables it to comply with election laws that require ballots to have lists of candidates preserved in a specific order.

Of course, why preserve the candidate lists in a specific order? Yes, it's required by law, so as to reduce perceived bias in the ballot, but randomizing the list of names from ballot to ballot seems to do the same thing.
Printer Friendly | Permalink |  | Top
 
muriel_volestrangler Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 04:06 PM
Response to Reply #6
9. Indeed - I'd say a randomised order on different ballots is better
Using a specified order (alphabetical, reverse alphabetic, whatever) that isn't decided by a person for each election means you don't give an election official the ability to affect it; but, if it possibly does benefit someone to be listed first (that's the idea I've heard), then it'd be better to have different candidates listed first on different ballots - since you're printing them individually anyway (which, in these days of computer printers, isn't a problem - 50 years ago, when printing meant typesetting by hand, I can see they want to set the list of candidates once, and print all the ballots from that).
Printer Friendly | Permalink |  | Top
 
Cid_B Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 09:48 AM
Response to Original message
4. World of Warcaft?
Damn tuesdays
Printer Friendly | Permalink |  | Top
 
hunter Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 11:02 AM
Response to Original message
5. Argh. Another overly complex system designed by the clueless.
Even if the computer system is as perfect as humanly possible, it's the incredibly imperfect humans at the inputs and outputs of the machine who screw things up, sometimes by accident, sometimes on purpose.

The "bandwidth" of paper ballots is so large, and so noisy in comparison to anything electronic, that it is much more difficult to cheat, and any number of forensic examinations are possible when election fraud is suspected.

I can think of a number of flaws in this system right away, the most glaring that voting is done on the internet, where vast numbers of people run computers that are a cesspool of viruses, spyware, and keyloggers.

Election fraud over the internet would be far more lucrative than any credit card fraud, and credit card fraud is already a huge problem. There would be incredible and quite overwhelming incentives to develop effective man-in-the-middle attacks for stealing elections. Do we really want covert agencies of the United States or foreign agencies and governments with multi-billion dollar budgets to have internet access to our election machinery?

The very best ballots are paper and the most secure way to count them is by hand or by using very simple machinary and software that can't possibly be reprogrammed to cheat.
Printer Friendly | Permalink |  | Top
 
backscatter712 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 01:39 PM
Response to Reply #5
7. Yeah, that's why I'm a fan of Punchscan.
Edited on Tue Mar-10-09 02:03 PM by backscatter712
There's definitely the possibility of a voter's computer being infected with a virus that will vote for him. Granted, in this system, you can go on the web site, ideally from any computer, not just your infected one, and doublecheck that your vote was recorded correctly, although I can think of a few ways to cheat - you can't give too much information on the vote-verification page without violating the secret ballot, and the infected machine can display deceptive information during the initial voting process to exploit this.

With Punchscan or Prêt à Voter (which looks similar to Punchscan, but with a different ballot design,) the ballots are cast on paper, and the voter takes home just enough information to verify his vote. That's not enough information for a trojan or virus to be able to use to cheat the system.

As for the back end, yes, the back-end protocols of E2E verified voting systems tend to be complex, but at the same time, the voters don't have to understand that part. The county or city or state conducting the election can hire experts to deal with that. Independent auditors and political parties can bring in their own experts to watch the complicated stuff and make sure it's done right - the protocols are designed to make room for that. And the complex parts are there for a reason - to provide cryptographic authentication protocols that are impossible to cheat, and make verification of the election's integrity a matter of mathematical proof.
Printer Friendly | Permalink |  | Top
 
muriel_volestrangler Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 04:19 PM
Response to Reply #7
10. This is not designed for government elections
I think people here are trying to put too much on this system. The designers mean Helios to be used in 'low-coercion' elections:

We present Helios, the first web-based, open-audit
voting system. Helios is publicly accessible today: anyone
can create and run an election, and any willing observer
can audit the entire process. Helios is ideal for online
software communities, local clubs, student government,
and other environments where trustworthy, secretballot
elections are required but coercion is not a serious
concern. With Helios, we hope to expose many to the
power of open-audit elections.
...
Low-Coercion Elections. Voting online or by mail is
typically insecure in high-stakes elections because of the
coercion risk: a voter can be unduly influenced by an attacker
looking over her shoulder. Some protocols <13>
attempt to reduce the risk of coercion by letting voters
override their coerced vote at a later (or earlier) time. In
these schemes, the privacy burden is shifted from vote
casting to voter registration. In other words, no matter
what, some truly private interaction is required for coercion
resistance.
With Helios, we do not attempt to solve the coercion
problem. Rather, we posit that a number of settings—
student government, local clubs, online groups such as
open-source software communities, and others—do not
suffer from nearly the same coercion risk as high-stakes
government elections. Yet these groups still need voter
secrecy and trustworthy election results, properties they
cannot currently achieve short of an in-person, physically
observable and well orchestrated election, which is often
not a possibility. We produced Helios for exactly these
groups with low-coercion elections.

http://www.usenix.org/events/sec08/tech/full_papers/adida/adida.pdf


The point about it is that for some communities, using physical polling places may not be practical with their budget, or they may get a far better turnout if an internet connection allows remote voting (which, for instance, allows a long time to vote, without having to have volunteers man a polling place, even if everyone can get to it). This is not designed to be a solution to government voting problems.
Printer Friendly | Permalink |  | Top
 
hunter Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 07:52 PM
Response to Reply #10
12. The canard of "black box" voting...
... was that the mechanisms inside the black box were important.

I think the most corrupt promoters of electronic voting were unconcerned about that. The meat of the issue was always outside the black box, in the messy world of human beings. Electronic voting machines were a disruptive technology and distracted from many much more important issues of election integrity.

It was a flash-bang tossed into the house of politics, and not the direct mechanism by which elections were manipulated, no different than the political circus in which Arnold Schwarzenegger became California Governer.

Nevertheless, electronic voting still sucks. Here's to the nerds nobody knows who will win these "low-coercion elections."

:beer: :hi:
Printer Friendly | Permalink |  | Top
 
backscatter712 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 09:07 PM
Response to Reply #12
14. I'm more of a fan of PunchScan than the OP's Helios system
Edited on Tue Mar-10-09 09:13 PM by backscatter712
Punchscan IS designed to function in a "high coercion" environment - in other words, a real election.

It's ballot design is engineered to preserve the secret ballot, while giving the voter juuuust enough information that he can use it to verify his vote was counted correctly, but not give enough information to break the secret ballot and prove he voted one way or another.

Every single step of the Punchscan process is designed to be open to audit. Unlike Diebold, Punchscan is NOT a black box. The computer code written for Punchscan is Open Source, using the BSD license. You can look at the code yourself to see if it cheats. Every step gets audited, can be observed by people including party watchers and independent observers. The process uses cryptography for authentication - technology in this case which is designed to be the opposite of a black box, meaning that if anyone tries to cheat, they WILL get caught.

You can't monkey with the ballots in advance, you won't get much traction intimidating voters, you can't switch ballot boxes without getting tons of complaints from voters that their ballots didn't verfy. You can't monkey with the tabulation process without watchful eyes catching you in the act. Like I said, this is technology designed to INCREASE election transparency and integrity.

That's the goal of E2E election verifiability. It puts some checks and balances in that even old-school paper ballot voting can't quite match.

Of course, Punchscan is not internet voting. You don't vote in a web browser, you vote in an old-school precinct polling place like normal elections. I don't know if it's possible to make internet voting suitable for a real election.
Printer Friendly | Permalink |  | Top
 
LeftHander Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 01:41 PM
Response to Original message
8. ommitted section....
"Voters then mark candidate selection in black Ink on a pre-printed ballot and deposit it the bin monitored by poll worker..."
Printer Friendly | Permalink |  | Top
 
mrfrapp Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 05:06 PM
Response to Original message
11. Hrmph
Even if it was secure, which I doubt, what's to stop someone from selling their vote or worse, being coerced. I simply don't understand the fascination with Internet voting.
Printer Friendly | Permalink |  | Top
 
muriel_volestrangler Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Mar-10-09 08:35 PM
Response to Reply #11
13. See reply #10; this is designed for elections that aren't important enough
for coercion or vote-selling (they even add a little 'coerce me!' button which emails complete proof of your vote to whomever you choose, so that they hope people realise this system doesn't guarantee privacy).
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Wed Apr 24th 2024, 09:02 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC