E-voting system lets voters verify their ballots are counted
Takoma Park, Md. voters are the first in U.S. to try new technology
Computerworld - A new electronic voting system being used today for the first time in a government election in the U.S. will allow voters and elections auditors in Takoma Park, Md. to go online and verify whether votes have been correctly recorded.
The voting system is called Scantegrity and was developed by independent cryptographer David Chaum, along with researchers from the University of Maryland-Baltimore, the George Washington University, MIT, the University of Ottawa and the University of Waterloo. It uses cryptographic techniques to let both voters and election auditors check whether votes have been cast and counted accurately.
The Scantegrity technology is being used to augment regular optical-scan voting systems in Takoma Park's city council election. To cast a vote, an individual takes a paper ballot and fills in the optical-scan oval next to the name of the selected candidate using a pen with a special type of ink. When the bubble is filled, it reveals a three-digit confirmation number already printed on the ballot using an invisible marker.
That three-digit code is a sort of randomly generated cryptographic marker that's used to associate the voter's choice with the appropriate candidate. The codes are separately randomized for each oval and for each ballot, ensuring that the codes don't reveal who an individual voted for, Chaum said in an interview with Computerworld.
Voters can use that confirmation code to later log into the city's election Web site to confirm that their votes were recorded accurately. If the code is present on the Web site, it means the ballot was counted correctly, he said.
Scantegrity also lets election auditors -- and even third-party observers -- check whether the results were accurately tabulated without revealing how each individual vote was cast, Chaum said. Though it is not possible to link an individual ballot to a specific candidate, auditors can verify that the codes do lead to the recorded votes.
Scantegrity uses cryptographic techniques to first map each code to the associated candidate and then completely conceals the link. It then uses a concept known as "zero-knowledge proof" to show auditors that the codes do in fact correspond to the right candidates, said Aleks Essex, a PhD. student in computer science at the University of Ottawa who was involved in the Scantegrity effort.
Zero-knowledge proof is a way to demonstrate the authenticity of a statement without revealing any other details about the statement, said Essex. For example, an individual could use a piece of paper with a hole cut in it to prove to a child that he knows the location of Waldo in a "Where's Waldo" puzzle, Essex said. By placing the hole over Waldo, he shows he knows Waldo's location in the puzzle, but doesn't reveal the exact location to child.
Scantegrity enables auditors to get the same sort of proof to show that confirmation codes in an election map to the right candidates, without revealing an individual voter's choice, he said.
The results of today's elections in Takoma Park are being audited by two officials, one of whom is from Harvard University. "It is a really powerful thing to have public transparency of the tabulation process and yet preserve ballot secrecy," Chaum said. Because Scantegrity is built on open-source software, it can be used elsewhere to run similar audits against election results using custom tools, he said.
Pamela Smith, President of the Verified Voting Foundation, said that technologies such as Scantegrity do add an additional layer of integrity to the election process. But to a large extent, optical-scan voting machines already offer a relatively high degree of verification support. Because such machines save a record of the voter's intent, auditors can go back and verify results if necessary, she said.
The bigger issue in Maryland is that the state needs to adopt optical-scan systems on a larger scale, she said. Maryland is one of the few states that rely on touch-screen voting systems, which are costlier to operate and maintain than optical scan systems, she said.
Read more about Government IT in Computerworld's Government IT Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Knowledge Center White Papers | Webcasts