24 hours ago I, along with some others, was actually considering asking for a refund. We had come to the EAC, NIST, and FVAP co-hosted UOCAVA Remote Voting Systems 2 Day Workshop, expecting to feast on some fine discussions about the technical details and nuances of building remote voting systems for overseas voters that could muster the demands of security and privacy. And instead we had witnessed an intellectual food fight of ideology. That all changed in a big way today.
The producers and moderators of the event, I suspect sensing the potential side effects of yesterdays outcome -- came together, somehow collectively made some adjustments (in moderation techniques, approach, and topic tweaking), and pulled off an excellent, informative day full of the kind of discourse I willingly laid down money (the Foundation's money no less) in the first place to attend.
My hat is off; NIST and EAC on the whole did a great job with a comeback performance today that nearly excused all of what we witnessed yesterday. Today, they exhibited self deprecating humor, and even had elections officials playing up their drunk driver characterization from the day before.
Let me share below what we covered; it was substantive. It was detailed. And it was tiring, but in a good way. Here it is:
Breakout Session – Voter Authentication and Privacy
--Identified voter authentication and privacy characteristics and risks of the current UOCAVA voting process.
--Identified potential risks related to voter authentication and privacy of remote electronic absentee voting systems. For example, the group considered:
- Ballot secrecy
- Coercion and/or vote selling
- Voter registration databases and voter lists
- Strength of authentication mechanisms
- Susceptibility to phishing/social engineering
- Usability and accessibility of authentication mechanisms
- Voter autonomy
- Other potential risks
--Considered measures and/or criteria for assessing and quantifying identified risks and their potential impacts.
- How do these compare to those of the current UOCAVA voting processes?
--Identified properties or characteristics of remote digital voting absentee voting systems that could provide comparable authentication mechanisms and privacy protections as the current UOCAVA voting process
--Considered currently available technologies that can mitigate the identified risks. How do the properties or characteristics of these technologies compare to those of the current UOCAVA voting process?
--Started to identify and discuss emerging or future research areas that hold promise for improving voter authentication and/or privacy. For example:
- Biometrics (e.g., speaker voice identification)
- Novel authentication methods
--Chatted about cryptographic voting protocols and other cryptographic technologies
Breakout Session – Network and Host Security
--Identified problems and risks associated with the transmission of blank and voted ballots through the mail in the current UOCAVA voting process.
--Identified risks associated with electronic transmission or processing of blank and voted ballots. For example, the breakout group considered:
- Reliability and timeliness of transmission
- Availability of voting system data and functions
- Client-side risks to election integrity
- Server-side risks to election integrity
- Threats from nation-states
- Other potential risks
--Considered and discussed measures and/or criteria for assessing and quantifying identified risks and their potential impacts.
- How do these compare to those of the current UOCAVA voting process
--Identified properties or characteristics of remote digital absentee voting systems that could provide for the transmission of blank and voted ballots at least as reliably and securely as the current UOCAVA voting process.
--Discussed currently available technologies that can mitigate the identified risks and potential impact.
- How do the properties and characteristics of these technologies compare to those of the current UOCAVA voting process?
--Identified and discussed emerging or future research areas that hold promise for improving network and host security. For example:
- Trusted computer and trusted platform models
- End point security posture checking
- Cloud computing
- Semi-controlled platforms (e.g., tablets, smart phones, etc.)
- Use of a trusted device (e.g., smart card, smart phone, etc.)
As you can see, there was a considerable amount of information covered in each 4 hour session, and then the general assembly reconvened to report on outcomes of each breakout group.
Did we solve any problems today? Not so much. Did we come a great deal forward in challenge identification, guiding principles development, and framing the issues that require more research and solution formulation? Absolutely.
Most importantly, John Sebes, our CTO and myself gained a great deal of knowledge we can incorporate into the work of the TrustTheVote Project, had some badly needed clarifying discussions with several, and feel we are moving in the right direction.
We clarified where we stand on use of the Internet in elections (its not time beyond anything but tightly controlled experimentation, and there is a lacking of understanding of the magnitude of resources required to stand up sufficiently hardened data centers to make it work, let alone figuring out problems at the edge.)
And we feel like we made some small contributions to helping the EAC and NIST figure out the kind of test Pilot they wish to stand up as a guiding principles reference model sometime over the next 2 years.
Easily a day's work for the 50-60 people in attendance over the two days.
Back to the west coast (around 3am for my Pacific colleagues ;-)
Its a wrap GAM|out