The purpose of this Briefing is to shed light on the process of how voting systems are purchased, deployed, and updated, with a special emphasis on the challenges that currently inhibit updates. We hope that by illuminating what all of this means for election administrators, vendors, and the nation as a whole, policy makers can better understand what needs to change to ensure the security of the nation’s election infrastructure in the future. This Briefing strives to do just that, led by our Global Director of Technology Development, Eddie Perez whose 15 years direct experience in all of this should be of value to readers.
When the Help America Vote Act was passed in 2002 little thought was given to the sources and methods of potential “attacks” on public elections. The focus 15 years ago was primarily on clearly ascertaining and protecting voter intent. At the time, the thinking was that computers can easily and reliably do that. No one was contemplating “digital attack vectors” on what would be the new machinery of elections. That has all changed. The truth is, today this administrative computing segment, severely lagging behind the majority of Government I.T., has a growing blind spot. Accordingly, it is past time to rethink testing and certification. The OSET Institute takes a position on that topic in this Paper led by our Global Director of Technology Development, Eddie Perez.
It is well settled that current Voting System Technology (VST) is not considered “trustworthy” by definition in a secure computing context, because of its basis on commodity Personal Computing (PC) hardware and Operating Systems (OS) software that does not support trustworthy computing. Of all the voting systems in use for U.S. federal, state, and local elections (as well as for elections in other democracies), none were designed and developed using “trusted computing” concepts and principles that have been used for decades in high-security computing for government critical systems.
This paper presents a new architecture of next generation voting system technology and represents the underlying principles of the ElectOS voting system. Aside from our visual tour of ElectOS (under-going refinement now), this paper, which is a significant revision of our original draft in June 2010, represents the most important narrative for the underlying design thinking of the ElectOS voting system.
All parties to voting systems procurement transactions have an imperative duty to focus on acquisitions that maximize security and integrity, lower costs for taxpayers, and ensure that elections conducted on such equipment are verifiable, accurate, secure and transparent in process. When the Institute observes unusual deviation from this compelled practice, it must be called out and examined. The State of Georgia’s current legislation and efforts to acquire new voting technology for the 2020 election is emerging as a vexing case that cannot and should not be ignored.
The Institute’s Global Director of Technology Development, Edward Perez, himself a 15-year veteran of the commercial voting and election administration technology industry, recently noted the extent to which the Georgia Secretary of State’s Elections Division is proceeding to drive a specific acquisition that defies the logic and warnings of the super majority of computer scientists, election technology and security experts, and election integrity professionals. Why is that? This Briefing examines the costing model for this acquisition in attempt to catalyze exploring an answer.
The Russian government’s cyber operations during the 2016 U.S. election brought to the forefront the idea of “cyber-terrorism,” a bandied-about term with no clearly agreed-to definition.
In this Essay, Joy London a senior member of the leadership team at the OSET Institute, in the office of legal counsel and focused on international development, delivers what we believe is a brief but important commentary on the issue of how to characterize digital attacks on election technology infrastructure. This paper takes a U.S. perspective, but we believe has international applicability, where more has been written on this timely topic.
This Briefing summarizes the current state of commercial offerings for hybrid marking devices and Printed Vote Records; identifies concerns and design challenges reflected in current implementations; presents principles and guidelines for future PVR development; identifies areas in need of additional research; and concludes with high-level considerations about differences between traditional hand-marked ballots and machine-marked Printed Vote Records. Edward Perez a senior member of the leadership team at the OSET Institute delivers what we believe are important considerations to catalyze conversation, as we work to help better defend democracy, principally by increasing trust and confidence in elections and their outcomes.
The topic of "open source" (the information technology industry phrase for "publicly available") has become a hot, at times confusing, and even contentious topic in the domain of election technology. It is time for an intellectually honest pragmatic examination of the potential for open source to bring about innovation in the area of election technology. Historically inherent in our name, OSET (“Oh-Set”) are a pair of words, “open” and “source.” We have always maintained that open source is neither necessary nor sufficient for higher integrity, lower cost, easier to use election administration systems. However, publicly available technology (i.e., open source) is an important ingredient to ensuring transparency and trust in the technology. In the decade since the Institute’s founding, “open source” as a phrase used in conjunction with voting systems has grown to be a provocative and even in some limited situations, controversial topic. It should not be. Therefore, we believe it is essential to understand what exactly open source technology is and is not; can and cannot do; and the appropriate uses of open source methods and means in mission-critical government computing, particularly election administration, which has become a matter of national security. In this paper, Dr. Clifford Wulfman, a senior member of technical staff at the OSET Institute, and John Sebes, co-founder and CTO, explain just that. (Click thru the title above for more and to download the paper.)
Online Voter Registration (“OVR”) is a way to improve the administration (and operational efficiency) of U.S. election voter rolls by automating the existing voter-registration process, thereby providing convenience for voters and cost savings for election officials (“EOs”). Designed and implemented right, it is a perfect “cloud-based” service for election administration. One of the essential challenges to implementing OVR is integrating new OVR technology with pre-existing Voter-Records Management Systems (“VRMS”) technology that itself was never designed to operate in an open Internet environment. This paper provides a detailed description of a "reference architecture" for OVR system deployment and integration with pre-existing VRMS technology (Click thru for more and to download the paper).
This Briefing provides you a thorough review of the technology infrastructure of election administration and operation. We address its "criticality" and what is required for it to be treated as such, and assess the challenges of official designation, as well as the immediate and longer-term challenges to protecting this vital aspect of our democracy. There have been a number of helpful and important reports and white papers produced recently about America’s election security. The OSET Institute’s CDI Briefing is the only one of its kind, researched and developed by election technology specialists with over a decade of experience in election and voting systems engineering to increase integrity, lower costs, and improve usability. This Briefing is intended to be an educational resource on the technology challenges, with a minimum of techno-babble. While we offer recommendations, this paper is not intended to be a policy strategy, although we hope it will inform those discussions. (Click thru for a Foreword by former NSA Dep. Director, William P. Crowell and to download the Briefing).