UOCAVA Remote Voting Workshop Makes a Strong Finish
24 hours ago I, along with some others, was actually considering asking for a refund. We had come to the EAC, NIST, and FVAP co-hosted UOCAVA Remote Voting Systems 2 Day Workshop, expecting to feast on some fine discussions about the technical details and nuances of building remote voting systems for overseas voters that could muster the demands of security and privacy. And instead we had witnessed an intellectual food fight of ideology.
That all changed in a big way today.
The producers and moderators of the event, I suspect sensing the potential side effects of yesterdays outcome — came together, somehow collectively made some adjustments (in moderation techniques, approach, and topic tweaking), and pulled off an excellent, informative day full of the kind of discourse I willingly laid down money (the Foundation’s money no less) in the first place to attend.
My hat is off; NIST and EAC on the whole did a great job with a comeback performance today that nearly excused all of what we witnessed yesterday. Today, they exhibited self deprecating humor, and even had elections officials playing up their drunk driver characterization from the day before.
Let me share below what we covered; it was substantive. It was detailed. And it was tiring, but in a good way. Here it is:
Breakout Session – Voter Authentication and Privacy
–Identified voter authentication and privacy characteristics and risks of the current UOCAVA voting process.
–Identified potential risks related to voter authentication and privacy of remote electronic absentee voting systems. For example, the group considered:
- Ballot secrecy
- Coercion and/or vote selling
- Voter registration databases and voter lists
- Strength of authentication mechanisms
- Susceptibility to phishing/social engineering
- Usability and accessibility of authentication mechanisms
- Voter autonomy
- Other potential risks
–Considered measures and/or criteria for assessing and quantifying identified risks and their potential impacts.
- How do these compare to those of the current UOCAVA voting processes?
–Identified properties or characteristics of remote digital voting absentee voting systems that could provide comparable authentication mechanisms and privacy protections as the current UOCAVA voting process
–Considered currently available technologies that can mitigate the identified risks. How do the properties or characteristics of these technologies compare to those of the current UOCAVA voting process?
–Started to identify and discuss emerging or future research areas that hold promise for improving voter authentication and/or privacy. For example:
- Biometrics (e.g., speaker voice identification)
- Novel authentication methods
–Chatted about cryptographic voting protocols and other cryptographic technologies
Breakout Session – Network and Host Security
–Identified problems and risks associated with the transmission of blank and voted ballots through the mail in the current UOCAVA voting process.
–Identified risks associated with electronic transmission or processing of blank and voted ballots. For example, the breakout group considered:
- Reliability and timeliness of transmission
- Availability of voting system data and functions
- Client-side risks to election integrity
- Server-side risks to election integrity
- Threats from nation-states
- Other potential risks
–Considered and discussed measures and/or criteria for assessing and quantifying identified risks and their potential impacts.
- How do these compare to those of the current UOCAVA voting process
–Identified properties or characteristics of remote digital absentee voting systems that could provide for the transmission of blank and voted ballots at least as reliably and securely as the current UOCAVA voting process.
–Discussed currently available technologies that can mitigate the identified risks and potential impact.
- How do the properties and characteristics of these technologies compare to those of the current UOCAVA voting process?
–Identified and discussed emerging or future research areas that hold promise for improving network and host security. For example:
- Trusted computer and trusted platform models
- End point security posture checking
- Cloud computing
- Semi-controlled platforms (e.g., tablets, smart phones, etc.)
- Use of a trusted device (e.g., smart card, smart phone, etc.)
As you can see, there was a considerable amount of information covered in each 4 hour session, and then the general assembly reconvened to report on outcomes of each breakout group.
Did we solve any problems today? Not so much. Did we come a great deal forward in challenge identification, guiding principles development, and framing the issues that require more research and solution formulation? Absolutely.
Most importantly, John Sebes, our CTO and myself gained a great deal of knowledge we can incorporate into the work of the TrustTheVote Project, had some badly needed clarifying discussions with several, and feel we are moving in the right direction.
We clarified where we stand on use of the Internet in elections (its not time beyond anything but tightly controlled experimentation, and there is a lacking of understanding of the magnitude of resources required to stand up sufficiently hardened data centers to make it work, let alone figuring out problems at the edge.)
And we feel like we made some small contributions to helping the EAC and NIST figure out the kind of test Pilot they wish to stand up as a guiding principles reference model sometime over the next 2 years.
Easily a day’s work for the 50-60 people in attendance over the two days.
Back to the west coast (around 3am for my Pacific colleagues 😉
Its a wrap
2 responses to “UOCAVA Remote Voting Workshop Makes a Strong Finish”
You all always do a great job at reporting these events. You summarize the key issues brilliantly.
Weirdly commenting on my own post, but as an update, I recently had a nice eMail exchange with the individual I cited in the previous post as having likened elections officials to drunk drivers in his presentation during the NIST Workshop on remote voting. This individual made a cogent clarification to me, reprinted below (with editorial liberty to allow the individual to remain anonymous at least in this venue and to support readability and truncation to the point)…
Just wanted to say that I was certainly not intending the “drunk driving” metaphor to be any kind of “ad hominem” attack, and I apologize to you and others who might have misinterpreted it that way for the use of a metaphor subject to such misinterpretation.
I would be very happy to hear suggestions for a better metaphor. The “drunk driving” metaphor captures the notion of making a choice that puts not only oneself at risk, but also others, and also allow discussion of “technology intoxication”, which is another relevant theme. I was also thinking of a story line that involved the old-style choice of having a kitchen fireplace inside the house or out in the back; the former risks a fire that burns the house down (and perhaps the neighbor’s too), but this storyline seemed a bit hard to set up and not present-day enough to be interesting… In any case, it was good to see that some folks could have some fun with the driving metaphor.
But as to presentation approach, maybe I could have used the “drunk driving” metaphor in a better way, had I said something like:
“I need to be careful in using this metaphor, so folks
don’t get offended. We are all in this effort to
together to improve our election systems. But to the
extent that we as a society choose to explore voting
systems that return cast ballot information over the
public internet, we are collectively engaging in a bit
of `drunk driving.’ ”
Anyway, reading your postings, it sounds like we basically agree on the tenet that we shouldn’t be using the public Internet to transmit cast ballot records. Glad to see that.