Software independence

Last updated

The term "software independence" (SI) was coined by Dr. Ron Rivest and NIST researcher John Wack. A software independent voting machine is one whose tabulation record does not rely solely on software. The goal of an SI system is to definitively determine whether all votes were recorded legitimately or in error. [1]

Contents

The technical definition of SI is: [2]

A voting system is software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome.

SI has been redefined as a global property for a tabulation of votes rather than of each individual vote, aiming to detect rather than prevent error and fraud through human processes. [3]

TGDC Resolution

The Election Assistance Commission's Technical Guidelines Development Committee adopted an SI resolution for the next iteration of the Voluntary Voting System Guidelines (VVSG): [4]

Election officials and vendors have appropriately responded to the growing complexity of voting systems by adding more stringent access controls, encryption, testing, and physical security to election procedures and systems. The TGDC has considered current threats to voting systems and, at this time, finds that security concerns do not warrant replacing deployed voting systems where EAC Best Practices are used.

To provide auditability and proactively address the increasing difficulty of protecting against all prospective threats, the TGDC directs STS to write requirements for the next version of the VVSG requiring the next generation of voting systems to be software independent. The TGDC directs STS and HFP to draft usability and accessibility requirements to ensure that all voters can verify the independent voting record.

The TGDC further directs STS and Core Requirements and Testing Subcommittees (CRT) to draft requirements to ensure that systems that produce independently verifiable voting records are reliable and provide adequate support for audits.

Example systems

Examples of software-independent voting systems are optical scan voting systems and direct recording electronic voting computers (DRE) with a voter verified paper audit trail.

Related Research Articles

A voting machine is a machine used to record votes without paper. The first voting machines were mechanical but it is increasingly more common to use electronic voting machines. Traditionally, a voting machine has been defined by its mechanism, and whether the system tallies votes at each voting location, or centrally. Voting machines should not be confused with tabulating machines, which counts votes done by paper ballot.

Electronic voting is voting that uses electronic means to either aid or take care of casting and counting votes.

Help America Vote Act

The Help America Vote Act of 2002, or HAVA, is a United States federal law which passed in the House 357-48 and 92-2 in the Senate and was signed into law by President Bush on October 29, 2002. The bill was drafted in reaction to the controversy surrounding the 2000 U.S. presidential election, when almost two million ballots were disqualified because they registered multiple votes or none when run through vote-counting machines.

Black box voting signifies voting on voting machines which do not disclose how they operate such as with closed source or proprietary operations. If a voting machine does not provide a tangible record of individual votes cast then it can be described as black box voting.

Vote counting is the process of counting votes in an election. It can be done manually or by machines. In the United States, the compilation of election returns and validation of the outcome that forms the basis of the official results is called canvassing.

Voter verifiable paper audit trail (VVPAT) or verified paper record (VPR) is a method of providing feedback to voters using a ballotless voting system. A VVPAT is intended as an independent verification system for voting machines designed to allow voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results. It contains the name of the candidate and symbol of the party/individual candidate.

Election Systems & Software

Election Systems & Software (ES&S) is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, direct-recording electronic (DRE) machines, voter registration and election management systems, ballot-marking devices, electronic poll books, Ballot on Demand printing services, and absentee voting-by-mail services.

Various governments require a certification of voting machines.

ThreeBallot End-to-end auditable anonymous voting system

ThreeBallot is a voting protocol invented by Ron Rivest in 2006. ThreeBallot is an end-to-end (E2E) auditable voting system that can in principle be implemented on paper. The goal in its design was to provide some of the benefits of a cryptographic voting system without using cryptographic keys.

End-to-end auditable or end-to-end voter verifiable (E2E) systems are voting systems with stringent integrity properties and strong tamper resistance. E2E systems often employ cryptographic methods to craft receipts that allow voters to verify that their votes were counted as cast, without revealing which candidates were voted for. As such, these systems are sometimes referred to as receipt-based systems.

Independent verification (IV) systems or Independent Dual Verification (IDV) are voting machines that produce at least two independent auditable records of votes where the second record is used to check the first. To be considered "independent" at least one of the records must not be editable by the voting machine and be directly verifiable by the voter. These systems must allow for the multiple records to be able to be cross-checked.

The Voluntary Voting System Guidelines (VVSG) are guidelines adopted by the United States Election Assistance Commission (EAC) for the certification of voting systems. The National Institute of Standards and Technology's Technical Guidelines Development Committee drafts the VVSG and gives them to the EAC in draft form for their adoption.

The Technical Guidelines Development Committee (TGDC) of the National Institute of Standards and Technology supports the Election Assistance Commission in the United States by providing recommendations on voluntary standards and guidelines related to voting equipment and technologies. It is composed of 14 members selected from various standards boards and for their technical and scientific expertise related to voting systems and equipment.

Election Markup Language (EML) is an XML-based standard to support end to end management of election processes.

Scantegrity is a security enhancement for optical scan voting systems, providing such systems with end-to-end (E2E) verifiability of election results. It uses confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. The codes are privacy-preserving and offer no proof of which candidate a voter voted for. Receipts can be safely shown without compromising ballot secrecy.

Risk-limiting audit

A risk-limiting audit (RLA) is a post-election tabulation auditing procedure which can limit the risk that the reported outcome in an election contest is incorrect. It generally involves (1) storing voter-verified paper ballots securely until they can be checked, and (2) manually examining a statistical sample of the paper ballots until enough evidence is gathered to meet the risk limit.

Election audit

An election audit is any review conducted after polls close for the purpose of determining whether the votes were counted accurately or whether proper procedures were followed, or both.

The Verified Voting Foundation is a non-governmental, nonpartisan organization founded in 2004 by David L. Dill, a computer scientist from Stanford University, focused on how technology impacts the administration of US elections. The organization’s mission is to “strengthen democracy for all voters by promoting the responsible use of technology in elections.” Verified Voting works with election officials, elected leaders, and other policymakers who are responsible for managing local and state election systems to mitigate the risks associated with novel voting technologies.

Electronic voting in the United States

Electronic voting in the United States involves several types of machines: touch screens for voters to mark choices, scanners to read paper ballots, scanners to verify signatures on envelopes of absentee ballots, and web servers to display tallies to the public. Aside from voting, there are also computer systems to maintain voter registrations and display these electoral rolls to polling place staff.

Direct Recording Electronic with Integrity and Enforced Privacy (DRE-ip) is an End-to-End (E2E) verifiable e-voting system without involving any tallying authorities, proposed by Siamak Shahandashti and Feng Hao in 2016. It improves a previous DRE-i system by using a real-time computation strategy and providng enhanced privacy. A touch-screen based prototype of the system was trialed in the Gateshead Civic Centre polling station on 2 May 2019 during the 2019 United Kingdom local elections with positive voter feedback. A proposal that includes DRE-ip as a solution for large-scale elections was ranked 3rd place in the 2016 Economist Cybersecurity Challenge jointly organized by The Economist and Kaspersky Lab.

References

  1. Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC Archived 2009-11-28 at the Wayback Machine , A draft white paper, not representing NIST policy
  2. Rivest, Ron and Wack, John (2006). "On the notion of "software independence" in voting systems" (PDF). DRAFT Version July 28, 2006. Retrieved 2007-02-15.{{cite web}}: CS1 maint: multiple names: authors list (link)
  3. Four Approaches to SI and Accessibility, Prepared at the direction of the HFP and STS Subcommittees of the Technical Guidelines Development Committee (TGDC) (This paper has been prepared by the National Institute of Standards and Technology at the direction of the HFP and STS subcommittees of the TGDC. It may represent preliminary research findings and does not necessarily represent any policy positions of NIST or the TGDC.)
  4. Resolutions Adopted by the TGDC at the December 4 and 5 Plenary Session

See also