rlas and my beefs with bmds
play

RLAs and my Beefs with BMDs NVRTF 3rd National Election Integrity - PowerPoint PPT Presentation

Dec 03, 2022 •23 likes •513 views

RLAs and my Beefs with BMDs NVRTF 3rd National Election Integrity Conference The Coming 2020 Election Crisis: In Paper We Trust Berkeley, CA Philip B. Stark 5 October 2019 University of California, Berkeley 1 Cant have a trustworthy

  1. RLAs and my Beefs with BMDs NVRTF 3rd National Election Integrity Conference The Coming 2020 Election Crisis: In Paper We Trust Berkeley, CA Philip B. Stark 5 October 2019 University of California, Berkeley 1

  2. Can’t have a trustworthy voting system without paper. 2

  3. Can’t have a trustworthy voting system without paper. Paper isn’t enough: how the paper is marked, curated, tabulated, and audited are crucial. 2

  4. Can’t have a trustworthy voting system without paper. Paper isn’t enough: how the paper is marked, curated, tabulated, and audited are crucial. • Images of ballots are not trustworthy. • BMD output is not trustworthy. • No feasible amount of testing can tell whether BMD misbehavior altered election outcomes. 2

  5. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition 3

  6. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Check equipment? Or check outcomes? 3

  7. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Check equipment? Or check outcomes? • Whom must we trust, and for what? 3

  8. Why audit? • Any way of counting votes can make mistakes • Every electronic system is vulnerable to bugs, configuration errors, & hacking • Did error/bugs/hacking cause losing candidate(s) to appear to win? 4

  9. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices 5

  10. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices Not electronic systems nor electronic data, including images. 5

  11. Image audits • Digital images of ballots are not a trustworthy record of voter intent. • Hashes don’t help • Auditing contests against images, then auditing images against paper, requires looking at more paper ballots to get the same assurance. • Examples of hacks that alter images “in flight.” • Examples of scanner firmware altering images. • No way to tell whether there’s one image per ballot, nor whether images are accurate. • Wastes resources that could be used to check something more meaningful 6

  12. Auditing outcomes against paper • If there’s a reliable, voter-verified paper trail, can check whether reported winner really won. • If you permit a small “risk” of not correcting the reported outcome if it is wrong, generally don’t need to look at many ballots if outcome is right. 7

  13. A risk-limiting audit has a known chance of correcting the reported outcome if the reported outcome is wrong (and won’t change a correct reported outcome). 8

  14. A risk-limiting audit has a known chance of correcting the reported outcome if the reported outcome is wrong (and won’t change a correct reported outcome). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. 8

  15. A risk-limiting audit has a known chance of correcting the reported outcome if the reported outcome is wrong (and won’t change a correct reported outcome). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. Worst-case calculation: does not assume anything about how or why the errors occurred. 8

  16. • Audit enough to have strong evidence reported winner really won. 9

  17. • Audit enough to have strong evidence reported winner really won. • “Spoonful of soup”: small sample often enough (depends on margin) 9

  18. • Audit enough to have strong evidence reported winner really won. • “Spoonful of soup”: small sample often enough (depends on margin) • Should be routine, no matter how big the margin 9

  19. 10

  20. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary 11

  21. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” 11

  22. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” • Manually inspect randomly selected paper ballots • individual ballots, batches, unstratified, stratified, w/ or w/o replacement • polling audits: just need ballots • comparison audits: also need to export data & check totals 11

  23. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” • Manually inspect randomly selected paper ballots • individual ballots, batches, unstratified, stratified, w/ or w/o replacement • polling audits: just need ballots • comparison audits: also need to export data & check totals • Routine in CO and soon RI; pilots in 9 states and Denmark • laws in CA, OR, NV, VA 11

  24. BMDs • “electronic pen” 12

  25. BMDs • “electronic pen” • can present ballots in many languages, “accessible” interface 12

  26. BMDs • “electronic pen” • can present ballots in many languages, “accessible” interface • what if they malfunction or are misconfigured or hacked? 12

  27. • research so far: • few voters check BMD printout • checks too brief to help • voters can’t remember selections or even contests 13

  28. • if astute voter catches error: • might get a fresh ballot • has no evidence to prove malfunction, only claim • presumption will be voter error, not machine error • fresh ballot doesn’t ensure correct outcome overall • even a small rate of uncorrected BMD problems can change outcomes 14

  29. • if astute voter catches error: • might get a fresh ballot • has no evidence to prove malfunction, only claim • presumption will be voter error, not machine error • fresh ballot doesn’t ensure correct outcome overall • even a small rate of uncorrected BMD problems can change outcomes • if pollworker convinced, what recourse is there? • new election? (no way to find correct outcome) • “wolf!” 14

  30. BMDs need to be designed to allow disputes to be resolved • If voter observes malfunction, should be able to prove it to others* 15

  31. BMDs need to be designed to allow disputes to be resolved • If voter observes malfunction, should be able to prove it to others* • If LEO has evidence that the outcome is still correct, should be able to prove it to public* (*Without compromising the anonymity of votes.) 15

  32. • BMD printout might not match what voters indicated to the BMD. • RLA of elections conducted on BMDs may confirm the wrong winner. • “Parallel testing” requires unworkable sample sizes (& labor, training, equipment, infrastructure). 16

  33. • BMD printout might not match what voters indicated to the BMD. • RLA of elections conducted on BMDs may confirm the wrong winner. • “Parallel testing” requires unworkable sample sizes (& labor, training, equipment, infrastructure). Current BMDs can be hacked undetectably and alter outcomes: not software independent . 16

  34. Useful ideas for election integrity and security • (Strong) software independence 17

  35. Useful ideas for election integrity and security • (Strong) software independence • Risk-limiting audit 17

  36. Useful ideas for election integrity and security • (Strong) software independence • Risk-limiting audit • Evidence-based elections 17

  37. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Evidence-based elections 17

  38. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Evidence-based elections 17

  39. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Defensibility • Evidence-based elections 17

  40. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Defensibility • Evidence-based elections 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

V erification automatique de multiplicateurs avec les *BMDs Pierre Senellart 10 d ecembre

V erification automatique de multiplicateurs avec les *BMDs Pierre Senellart 10 d ecembre

V erification automatique de multiplicateurs avec les *BMDs Pierre Senellart 10 d ecembre 2002 Introduction BDDs [1] very powerful tools for veifying arithmetic circuits. But exponential on multipliers. *BMDs [2] give a

524 views • 20 slides
RLAS 116 Return to Learn Phase 4 Reopening Plan as of July 20, 2020 ***subject to change***

RLAS 116 Return to Learn Phase 4 Reopening Plan as of July 20, 2020 ***subject to change***

RLAS 116 Return to Learn Phase 4 Reopening Plan as of July 20, 2020 ***subject to change*** This whole situation is unimaginable; we just have to do our best. Contents Planning Priorities Survey Data Health and Safety

953 views • 50 slides
Continuous Models Allen Davis, MSPH Jeff Gift, Ph.D. Jay Zhao, Ph.D. National Center for

Continuous Models Allen Davis, MSPH Jeff Gift, Ph.D. Jay Zhao, Ph.D. National Center for

Benchmark Dose Modeling Continuous Models Allen Davis, MSPH Jeff Gift, Ph.D. Jay Zhao, Ph.D. National Center for Environmental Assessment, U.S. EPA Disclaimer The views expressed in this presentation are those of the author(s) and do not

1.28k views • 111 slides
Robot Motion Planning and Multi-Agent Simulation COMP 790-058 (Fall 2013) Dinesh Manocha

Robot Motion Planning and Multi-Agent Simulation COMP 790-058 (Fall 2013) Dinesh Manocha

Robot Motion Planning and Multi-Agent Simulation COMP 790-058 (Fall 2013) Dinesh Manocha dm@cs.unc.edu http://gamma.cs.unc.edu/courses/planning-f13/ The UNIVERSITY of NORTH CAROLINA at CHAPEL HILL Robot Era is Coming! HRP4C humanoid Swarm

800 views • 51 slides
Disclosures: AORTICA Corporation; Co-Founder Benjamin W. Starnes, MD The Alexander Whitehill

Disclosures: AORTICA Corporation; Co-Founder Benjamin W. Starnes, MD The Alexander Whitehill

Presented at 2018 VEITH Symposium (www.veithsymposium.org) 11/17/2018 Synthetic Grafts that Perform Like Natural Vessels Synthetic Grafts that Perform Like Natural Vessels New AV Graft Remains Patent & Resists Infection Disclosures:

191 views • 3 slides
Targeted agents in Targeted agents in Gynecologic Cancer Gynecologic Cancer Amit M Oza Amit M

Targeted agents in Targeted agents in Gynecologic Cancer Gynecologic Cancer Amit M Oza Amit M

Targeted agents in Targeted agents in Gynecologic Cancer Gynecologic Cancer Amit M Oza Amit M Oza Amit M. Oza Amit M. Oza Professor of Medicine, Professor of Medicine, Princess Margaret Hospital, Princess Margaret Hospital, University of

467 views • 36 slides
1 Decrease in number of intestinal transplants - increase in intestinal rehabilitation programs,

1 Decrease in number of intestinal transplants - increase in intestinal rehabilitation programs,

Long-term complications of TPN Now that my intestinal failure patients are not dying of liver disease, what else should I worry about? Jane P. Balint, MD Co-director, Intestinal Support Service Nationwide Childrens Hospital Columbus, OH

461 views • 10 slides
PEO EIS Connecting the Army. Working for Soldiers. AFCEA NOVA Army IT Day Jan. 21, 2019

PEO EIS Connecting the Army. Working for Soldiers. AFCEA NOVA Army IT Day Jan. 21, 2019

PEO EIS Connecting the Army. Working for Soldiers. AFCEA NOVA Army IT Day Jan. 21, 2019 Distribution Statement A. UNCLASSIFIED//Approved for Public Release AESIP MISSION Army Enterprise Systems Integration Program (AESIP) delivers innovative

769 views • 48 slides
Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in

Hi Hierarchical Models for hi l M d l f Quantifying Uncertainty in Quantifying Uncertainty in Human Health Risk/Safety Assessment Ralph L. Kodell, Ph.D. Department of Biostatistics University of Arkansas for Medical Sciences Little Rock,

600 views • 33 slides
Struct uctur ural l Axial al, S Shear and and Bend Bending ng M Moment oments Positive

Struct uctur ural l Axial al, S Shear and and Bend Bending ng M Moment oments Positive

Struct uctur ural l Axial al, S Shear and and Bend Bending ng M Moment oments Positive Internal Forces Acting on a Portal Frame 1 Recall from mechanics of mater- ials that the internal forces P (generic axial), V (shear) and M

594 views • 42 slides
Homeland Defense DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited

Homeland Defense DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited

Homeland Defense DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited . To: 2014 Space And Missile Defense Conference By: VADM J. D. Syring, USN Director Missile Defense Agency August 13, 2014 Approved for Public

501 views • 34 slides
Hypersonic Weapon and Strategic Stability January 15, 2020 Dean Wilkening Precision Strike

Hypersonic Weapon and Strategic Stability January 15, 2020 Dean Wilkening Precision Strike

UNCLASSIFIED Hypersonic Weapon and Strategic Stability January 15, 2020 Dean Wilkening Precision Strike Mission Area Dean.Wilkening@jhuapl.edu UNCLASSIFIED 1 Strategic Instability Defined Crisis Instability is a broad concept - Any

338 views • 16 slides
Challenges and opportunities Trends to address New concepts for: Offensive sea

Challenges and opportunities Trends to address New concepts for: Offensive sea

Challenges and opportunities Trends to address New concepts for: Offensive sea control Sea based AAW Weapons development Increasing offensive sea control capacity Addressing defensive and constabulary

561 views • 25 slides
Draft Benzo[a]pyrene Charge Question Responses 1 Revised Draft Responses to Charge Questions

Draft Benzo[a]pyrene Charge Question Responses 1 Revised Draft Responses to Charge Questions

Draft Benzo[a]pyrene Charge Question Responses 1 Revised Draft Responses to Charge Questions based on Discussion on April 17, 2015 Public Session. Do not cite or quote. Charge Question #1: Literature search and study selection Please comment

553 views • 53 slides
Found under a Gooseberry Bush? Looking for missing births and baptisms Dr Janet Few Aim To

Found under a Gooseberry Bush? Looking for missing births and baptisms Dr Janet Few Aim To

Found under a Gooseberry Bush? Looking for missing births and baptisms Dr Janet Few Aim To help you find the birth or baptism of your elusive ancestors After 1837 Before 1837 Too many possibilities After 1837 1st July 1837

1.21k views • 71 slides
STAT 545 LINEAR MODELS Conditional expectation linear in parameters. E ( Y | X 1 , X 2 ) = 0

STAT 545 LINEAR MODELS Conditional expectation linear in parameters. E ( Y | X 1 , X 2 ) = 0

STAT 545 LINEAR MODELS Conditional expectation linear in parameters. E ( Y | X 1 , X 2 ) = 0 + 1 X 1 + 2 X 2 0 + 1 X 3 E ( Y | X 1 , X 2 ) = 1 + 2 X 1 X 2 E ( Y | X 1 , X 2 ) = 0 + 1 I { X 1 > 0 } E ( Y | X 1 , X 2 )

300 views • 15 slides
Acyclic edge coloring of graphs with large girth Guillem Perarnau Barcelona Mathematical Days,

Acyclic edge coloring of graphs with large girth Guillem Perarnau Barcelona Mathematical Days,

Acyclic edge coloring of graphs with large girth Guillem Perarnau Barcelona Mathematical Days, Barcelona - November 8th, 2014 McGill University, Montreal, Canada joint work with Xing Shi Cai, Bruce Reed and Adam Bene Watts. Edge colorings A

691 views • 33 slides
Boise Cascade Company Fourth Quarter 2012 Earnings Webcast March 7, 2013 Forward-Looking

Boise Cascade Company Fourth Quarter 2012 Earnings Webcast March 7, 2013 Forward-Looking

Boise Cascade Company Fourth Quarter 2012 Earnings Webcast March 7, 2013 Forward-Looking Statements This presentation includes statements about our expectations of future operational and financial performance that are forward-looking

337 views • 19 slides
Hospital Presumptive Eligibility Making eligibility determinations Providing application

Hospital Presumptive Eligibility Making eligibility determinations Providing application

Hospital Presumptive Eligibility Making eligibility determinations Providing application assistance Notifying OHP Customer Service Checking eligibility Completing the application Reviewing requirements and exclusions Notifying the applicant

500 views • 25 slides
Study 112 Elvitegravir-Cobicistat-TAF-FTC in Renal Impairment Study 112: Design Study Design:

Study 112 Elvitegravir-Cobicistat-TAF-FTC in Renal Impairment Study 112: Design Study Design:

Elvitegravir-Cobicistat-TAF-FTC in Renal Impairment Study 112 Elvitegravir-Cobicistat-TAF-FTC in Renal Impairment Study 112: Design Study Design: Study 112 24 Study Week: 0 48 Background : Open-label, single arm phase 3 trial evaluating

299 views • 10 slides
Bone Density Measurement Normal Normal Osteoporosis Osteoporosis Chalermchai Apinyanurug Who

Bone Density Measurement Normal Normal Osteoporosis Osteoporosis Chalermchai Apinyanurug Who

Bone Density Measurement Normal Normal Osteoporosis Osteoporosis Chalermchai Apinyanurug Who should receive BMD testing? National Osteoporosis North American Menopause American Association of Foundation Society Clinical Endocrinolgist

538 views • 38 slides
GOT TICKS? GET INFORMATION! Tickborne Disease Prevention in Schools and Communities Maureen R.

GOT TICKS? GET INFORMATION! Tickborne Disease Prevention in Schools and Communities Maureen R.

GOT TICKS? GET INFORMATION! Tickborne Disease Prevention in Schools and Communities Maureen R. Richichi, M.S., R.N. Tick Borne Diseases 101 Lyme disease: Borrelia burgdorferi transmitted by blacklegged tick (ixodes scapularis)

294 views • 25 slides
Curve Your Enthusiasm: Using AUC:MIC pharmacokinetics to optimize vancomycin dosing AKPhA 2019

Curve Your Enthusiasm: Using AUC:MIC pharmacokinetics to optimize vancomycin dosing AKPhA 2019

Curve Your Enthusiasm: Using AUC:MIC pharmacokinetics to optimize vancomycin dosing AKPhA 2019 Ryan W. Stevens, PharmD, BCIDP Infectious Diseases Clinical Pharmacy Specialist Providence Alaska Medical Center Phone: 907-212-2252 Email:

1.02k views • 53 slides
VERIFYING LARGE MULTIPLIERS BY COMBINING SAT AND COMPUTER ALGEBRA Daniela Kaufmann, Armin Biere

VERIFYING LARGE MULTIPLIERS BY COMBINING SAT AND COMPUTER ALGEBRA Daniela Kaufmann, Armin Biere

VERIFYING LARGE MULTIPLIERS BY COMBINING SAT AND COMPUTER ALGEBRA Daniela Kaufmann, Armin Biere and Manuel Kauers Johannes Kepler University Linz, Austria FMCAD 2019 October 23, 2019 San Jose, CA, USA Circuits Given: Gate-level multiplier for

579 views • 44 slides

More recommend