Electronic Voting (17-803, 17-400)


The project, which counts for 40% of the grade, is a critical part of the course.  The class has been divided into teams, which will work collectively on their chosen project.  The result of each project is (1) a written report to be submitted in electronic form; and (2) a 20-minute presentation to be given to the class on December 8, 2004.  Each team will submit one report.  (Note: at least one project has two teams.)  Each student will be asked to fill out a form evaluating the contribution of each member of the the team, including themselves.  This evaluation will be used to determine in part the individual grades for the project.

Internet Voting

The report will be a survey of the current status of Internet voting around the world.  It is expected that virtually all the material necessary for this project can be found on the Web. You should start out by studying various models of Internet voting (e.g. Lorrie Cranor's SENSUS and DOD Project SERVE) to see what the architecture of such systems looks like.  Then find elections in which Internet voting has actually been used and gauge their "success" (by absence of perceived problems, voter satisfaction, turnout, or other logical measures).

Team: Randy Attai, Serge Egelman, Emma Forges, Elizabeth Lingg

Verification Without Paper Trails

A central tenet of DRE opponents is that it is impossible to provide voter verifiability without producing a contemporaneous paper record of how the voter voted, allow the voter to view the paper, then store the paper securely (if possible) inside the voting machine for use in a later recount, if necessary.  Verifiability is actually a multi-part process.  First, the voter must be assured that the machine captured her vote correctly.  Second, the voter must know that the vote was counted correctly.  Third, the voter must be confident that the record that was created (for recounting) cannot be altered or invalidated and that it will still be in existence at the time of a recount.  The so-called "voter-verified paper audit trail" (VVPAT) only accomplishes the first of the three functions and suffers from other drawbacks.  The goal of this project is to determine whether any voter verification mechanism is possible that meets all three objectives and does not use paper.

Team 1: Daniel Castro & Spike Gronim
Team 2: George Davis & Douglas King

Code Hiding

An allegation made against DRE machines is that they can be tampered with undetectably, whether by an intruder, an election insider or even the manufacturer.  The catastrophe scenario is that of centralized distribution of malware that enters a large number of machines and alters the result of a statewide or national election without being noticed or detected and without leaving any evidence after the fact.  If the hypothesis is correct that arbitrary amounts of code can be hidden in a system such that (1) no amount of testing will reveal its presence; (2) no audit or code read will reveal its presence; and (3) no evidence of its existence remains after it has executed, then we have a serious problem, not just in voting but in any system in which a computer is relied upon.  The goal of this project is to assess whether it is possible to accomplish (1), (2) and (3) to hide more than trivial amounts of code.  The report should conclude something like either (a) it's possible and here's how to do it; (b) it might be possible but here's an effective prevention mechanism (example: you can stop (3) by putting the software in write-once memory so it can't erase or alter itself after use); or (c) it's not possible because the following procedure will detect it ...

Team 1: Eric Burns & Kurt Wescoe
Team 2: Ryan Mahon & Damon Smith

Alternative Voting Systems

A voting systems must interact securely with the public in geographically dispersed locations.  Instead of designing new systems for voting from the ground up, it might be possible to use existing secure infrastructures.  Examples are the ATM network and state lottery systems.  (There are others).  The purpose of this project is to investigate the feasibility of using such alterative systems for voting.  You will need to develop a catalog of secure infrastructures, then examine whether they are suitable for voting or could be made suitable, then discuss potential barriers to adoption (such as cost, cultural factors, etc.) 

Team: Elizabeth Harris, Melissa Ludowise, Colin Rothwell

Voting Privacy Assessment

The objective of this project is to complete a survey of all major types of voting system types (punch card, optical scan, DRE) to determine possible ways in which voter privacy can be compromised, either inadvertently or deliberately.  (Examples: fingerprints on optical scan ballots, discovery of randomization seeds in randomized audit trails, monitoring of radio emissions from machines, planting transmitters in the machine, hiding a wireless TV camera in the booth, malicious recording of votes in the machine, reel-to-reel paper trails.)  You should also do a web search to learn of apparent bugs that resulted in a loss of voter privacy.  The report should be as complete a review as you can generate, but care should be taken not to indulge in far-fetched speculation. (Example: we're not going to do DNA tests on the entire population to match up a hair follicle found on a ballot.)

Team: none so far