Challenges of balancing usability and security in future voting systems

Dana Chisnell@danachis@ChadButterfly

How are the votes counted?

How are the votes counted?

If it’s not usable, it’s not secure.

NowCurrent design demands much of voters

Study 1: Websites

Cataloged 147 election websites

Conducted 41 remote moderated usability tests

What happened?

Voters are ballot-centricthey’re focused on that act,not conscious of the overall process

What’s on the ballot?

?

?

?

?

??

!?

they are more likely to go to third-party sources

they are less likely to show up at the right polling place

they’re likely to undervote down-ballot

they are less likely to turn out

If voters don’t know what is on the ballot

Website design problems are well understood

sites are hard to find find other sources

navigation reflects department don’t know where to go

labels are jargon don’t know how to get to content

dates and deadlines are vague don’t know when to act

graphics are gratuitous get distracted or lost in the site, lose trust

sites are not accessible disenfranchisement

Study 2: Alternative counting methods

San Francisco and Oakland, December 2011

EVN, March 2012

Portland, Maine 2011

Alameda Co. demo ballot

Minneapolis 2011

New York state demo

Voter slate

How is my vote counted?

Ballot design problems are well understood

split contests across columns overvoting

there are responses on both sides of names overvoting

arrows rather than bubbles marking incorrectly

formatting is inconsistent or too consistent undervoting

instructions are complicated or lacking all kinds of crazy things

voters don’t know how to correct their ballots lost votes

How RCV works

n=52

Joe

What does it mean?

Mental models

People make inferences about how things work based on available information and context

Mental models

This is what we teach people

Mental models

Sometimes it really is this simple - but not in the US

Mental models

Sometimes it really is this simple - but not in the US

Much more like signing for a mortgage

This is the ballot we testNIST medium complexity ballot

Point system

Weighted

Reversed

Mental models

Point / weight system

Preparing to vote

Knowing what to expect

Interacting with the ballot

Intent is loaded

What’s on the ballot?

What are my options for voting?

absentee early voting Election Day

what’s the deadline to apply?

what do I have to do to get one?

when is it due?

where do I vote? where do I vote?

what’s the deadline to apply?

what do I have to do to get one?

when is it due?

where do I vote? where do I vote?

who is in office now?

do I need ID to vote?

what’s the deadline for registering?

1. Voters develop faulty mental models

2. Voters don’t understand the consequences of their actions

3. Voters vote counter to their intentions

Portland, Maine 2011

straight party voting+ regular contests

+ RCV+ multi-candidate

+ retention contests+ measures

6 different models

We’re pretty sure there’s a problem

FutureCombinations add complexity. Complexity compromises security.

Voters bear a cognitive burden that design can relieve.

Poor design and instructions on ballots makeunderstanding, marking, and casting difficult, time-consuming, and complicated

Poor design and instructions on ballots makecounting, verifying, and audits difficult, time-consuming, and complicated

Raises questions about what is being secured.

complex ballots = lost votes

complex ballots + vote-by-mail

= lost votes

complex ballots + multi-language

= lost votes

RCV+ VBM

+ multi-language

= 1000s of lost votes

Lack of trust in elections

Lack of trust in officials

Recalls

Scrambling county boards

Security may add to the cognitive burden without thoughtful design.

Security = Counted as cast

Security = Cast as intended + counted as cast

This moment

Voter ed is not the answer.

If it’s not usable, it’s not valid.

If it’s not usable, it’s not countable.

If it’s not usable, it’s not verifiable.

If it’s not usable, it’s not auditable.

If it’s not usable, it’s not secure.

Rick Bond

Cyd Harrell

Ethan Newby

Callie Wheeler

Chelsey Glasson

Sara Cambridge

Laura Paajanen

Beth Lingard

Beth Pickard

Jared Spool

David Cary

Rebecca Sherrill

Frank Castro

Sandy Olson

Nancy Frishberg

Yelena Nakhimovsky

Whitney Quesenbery

Thank you

Andrea Moed

Kristen Johansen

Boaz Gurdin

Ashley Pearlman

Donald A. Cox

Kamaria Campbell

Paul Schreiber

Jenn Downs

Jacqui Adams

Michelle Milla

Josh Keyes

Josh Bright

Doug Hanke

Karen McGrane

Krysta Chauncey

Karen Bachmann

Rosa Moran

Josie Scott

Rachel Goddard

Samantha LeVan

Kate Aurigemma

Erin Liman

Alessandra Brophy

Andrea Fineman

And...

New tools.

Research commissioned by NIST

Usability and Civic Life Project

Research commissioned by NIST

Research commissioned by EAC

Field Guides series

Research commissioned by EAC

Research supported by MacArthur Foundation

Research supported by MacArthur Foundation

Research supported by MacArthur Foundation

Field Guides series

Field Guides To Ensuring Voter Intent

civicdesigning.org/fieldguides

Coming soonAnywhere ballotfunded by ITIF (EAC AVTI)

If it’s not usable, it’s not secure.

Thank you.

Dana Chisnelldana@usabilityworks.netcivicdesign@usabilityworks.net

civicdesigning.org

@danachis@ChadButterfly