VotebyPhone David Flater Sharon Laskowski National Institute of
Vote-by-Phone David Flater / Sharon Laskowski National Institute of Standards and Technology http: //vote. nist. gov 12/9 -10/2009 TGDC Meeting
n Tabulation and reporting n n 12/9 -10/2009 TGDC Meeting Vote stations (telephones) connect to Central VBP Server(s) over the public network Paper records may be created at the central election office Data from Central VBP Servers route to tabulation and reporting via a private network (maybe sneakernet) Page
Variables n n n From where can you call? How is the voter authenticated and the ballot style assigned? Which voters can use VBP effectively? How sophisticated, secure, private, reliable are the phones? How secure, private, reliable is the public network? Does a paper ballot necessarily get printed at the VBP server? 12/9 -10/2009 TGDC Meeting Page
Polling place vs. home n VBP only from staffed locations n n n Voters checked in as usual per polling place procedures Poll worker assigns ballot style and activates the ballot Physical control over the phones, maybe internal wiring Uncontrolled variables: security/privacy/reliability of the public network VBP from anywhere n n n A new form of absentee / remote voting Nightmare scenario: calling on office phone Smartphone apps—Internet voting 12/9 -10/2009 TGDC Meeting Page
Security and privacy n n n Public network is an uncontrolled variable no matter where you call from VVSG 2. 0 (draft) prohibits use of public network during polling (I. 5. 6. 1 -B) Current and previous standards required added security n n n VVSG 1. 0 (2005): I. 7. 6. 1 (Data Transmission), I. 7. 6. 2 (Casting Individual Ballots) 2002 VSS: I. 6. 6. 1, I. 6. 6. 2 (very similar) Safe to assume that transmission of unencrypted votes over public network was never envisioned 12/9 -10/2009 TGDC Meeting Page
Software independence n n No voter-verifiable record seems possible Auditability of VBP is a new question 12/9 -10/2009 TGDC Meeting Page
Accessibility and usability n HAVA and VVSG envisioned a single voting station (at least one per polling place) that would be usable by everyone n n n Language of HAVA Visual plus audio increases usability for many voters Speculation re combination of VBP and something else to cover all abilities, without requirement for a catch-all accessible voting station n Audio-only poses cognitive difficulties Voters who are deaf? Dexterity issues 12/9 -10/2009 TGDC Meeting Page
Options n VBP remains non-compliant n n Compliance via double standard (c. f. absentee voting) Compliance via compromise n n n Challenges similar to Internet voting If Internet voting happens, is VBP then obsolete? VBP from polling places only VBP must encrypt data sent over the public network—adding cost and complexity VVSG must adapt and add requirements as needed (use of public network, phone security, device classification, etc. ) Auditability TBD Reinterpreting HAVA is a separate policy question, but would have considerable consequences for the VVSG n n Restructuring for classes of accessible devices New usability and accessibility requirements 12/9 -10/2009 TGDC Meeting Page
- Slides: 8