12/9-10/2009 TGDC Meeting
Vote-by-Phone
David Flater / Sharon LaskowskiNational Institute of Standards and Technology
http://vote.nist.gov
12/9-10/2009 TGDC Meeting Page 212/9-10/2009 TGDC Meeting
Qui ckTi me™ and a decompressor
are needed to see thi s pi cture.
PublicCommunications
Network
EMS
Private Communications
Network
Paper Record Creation
Polling Location
Central Election Office
Vote Station 1
Vote Station 2
Vote Station 3
CentralVBP Server
VBP Receiving Station
Tabulation and reporting
Vote stations (telephones) connect to Central VBP Server(s) over the public network
Paper records may be created at the central election office
Data from Central VBP Servers route to tabulation and reporting via a private network (maybe sneakernet)
12/9-10/2009 TGDC Meeting
Variables From where can you call? How is the voter authenticated and the ballot style
assigned? Which voters can use VBP effectively? How sophisticated, secure, private, reliable are the
phones? How secure, private, reliable is the public network? Does a paper ballot necessarily get printed at the VBP
server?
Page 312/9-10/2009 TGDC Meeting
12/9-10/2009 TGDC Meeting
Polling place vs. home VBP only from staffed locations
Voters checked in as usual per polling place procedures Poll worker assigns ballot style and activates the ballot Physical control over the phones, maybe internal wiring Uncontrolled variables: security/privacy/reliability of the
public network VBP from anywhere
A new form of absentee / remote voting Nightmare scenario: calling on office phone Smartphone apps—Internet voting
Page 412/9-10/2009 TGDC Meeting
12/9-10/2009 TGDC Meeting
Security and privacy Public network is an uncontrolled variable no matter
where you call from VVSG 2.0 (draft) prohibits use of public network during
polling (I.5.6.1-B) Current and previous standards required added security VVSG 1.0 (2005): I.7.6.1 (Data Transmission), I.7.6.2 (Casting
Individual Ballots) 2002 VSS: I.6.6.1, I.6.6.2 (very similar) Safe to assume that transmission of unencrypted votes
over public network was never envisioned
Page 512/9-10/2009 TGDC Meeting
12/9-10/2009 TGDC Meeting
Software independence No voter-verifiable record seems possible Auditability of VBP is a new question
Page 612/9-10/2009 TGDC Meeting
12/9-10/2009 TGDC Meeting
Accessibility and usability
Page 712/9-10/2009 TGDC Meeting
HAVA and VVSG envisioned a single voting station (at least one per polling place) that would be usable by everyone
Language of HAVA Visual plus audio increases usability for many voters
Speculation re combination of VBP and something else to cover all abilities, without requirement for a catch-all accessible voting station
Audio-only poses cognitive difficulties Voters who are deaf? Dexterity issues
12/9-10/2009 TGDC Meeting
Options VBP remains non-compliant
Challenges similar to Internet voting If Internet voting happens, is VBP then obsolete?
Compliance via double standard (c.f. absentee voting) Compliance via compromise
VBP from polling places only VBP must encrypt data sent over the public network—
adding cost and complexity VVSG must adapt and add requirements as needed (use of
public network, phone security, device classification, etc.) Auditability TBD
Reinterpreting HAVA is a separate policy question, but would have considerable consequences for the VVSG
Restructuring for classes of accessible devices New usability and accessibility requirements
Page 812/9-10/2009 TGDC Meeting
Top Related