12/9-10/2009 TGDC Meeting Vote-by-Phone David Flater / Sharon Laskowski National Institute of...

12/9-10/2009 TGDC Meeting

Vote-by-Phone

David Flater / Sharon LaskowskiNational Institute of Standards and Technology

http://vote.nist.gov

12/9-10/2009 TGDC Meeting 12/9-10/2009 TGDC Meeting

Qui ckTi me™ and a decompressor

are needed to see thi s pi cture.

PublicCommunications

Network

EMS

Private Communications

Network

Paper Record Creation

Polling Location

Central Election Office

Vote Station 1

Vote Station 2

Vote Station 3

CentralVBP Server

VBP Receiving Station

Tabulation and reporting

Vote stations (telephones) connect to Central VBP Server(s) over the public network

Paper records may be created at the central election office

Data from Central VBP Servers route to tabulation and reporting via a private network (maybe sneakernet)


Variables From where can you call? How is the voter authenticated and the ballot style

assigned? Which voters can use VBP effectively? How sophisticated, secure, private, reliable are the

phones? How secure, private, reliable is the public network? Does a paper ballot necessarily get printed at the VBP

server?



Polling place vs. home VBP only from staffed locations

Voters checked in as usual per polling place procedures Poll worker assigns ballot style and activates the ballot Physical control over the phones, maybe internal wiring Uncontrolled variables: security/privacy/reliability of the

public network VBP from anywhere

A new form of absentee / remote voting Nightmare scenario: calling on office phone Smartphone apps—Internet voting



Security and privacy Public network is an uncontrolled variable no matter

where you call from VVSG 2.0 (draft) prohibits use of public network during

polling (I.5.6.1-B) Current and previous standards required added security VVSG 1.0 (2005): I.7.6.1 (Data Transmission), I.7.6.2 (Casting

Individual Ballots) 2002 VSS: I.6.6.1, I.6.6.2 (very similar) Safe to assume that transmission of unencrypted votes

over public network was never envisioned



Software independence No voter-verifiable record seems possible Auditability of VBP is a new question



Accessibility and usability


HAVA and VVSG envisioned a single voting station (at least one per polling place) that would be usable by everyone

Language of HAVA Visual plus audio increases usability for many voters

Speculation re combination of VBP and something else to cover all abilities, without requirement for a catch-all accessible voting station

Audio-only poses cognitive difficulties Voters who are deaf? Dexterity issues


Options VBP remains non-compliant

Challenges similar to Internet voting If Internet voting happens, is VBP then obsolete?

Compliance via double standard (c.f. absentee voting) Compliance via compromise

VBP from polling places only VBP must encrypt data sent over the public network—

adding cost and complexity VVSG must adapt and add requirements as needed (use of

public network, phone security, device classification, etc.) Auditability TBD

Reinterpreting HAVA is a separate policy question, but would have considerable consequences for the VVSG

Restructuring for classes of accessible devices New usability and accessibility requirements


12/9-10/2009 TGDC Meeting Vote-by-Phone David Flater / Sharon Laskowski National Institute of...

Documents

Transcript of 12/9-10/2009 TGDC Meeting Vote-by-Phone David Flater / Sharon Laskowski National Institute of...