trustworthy elections evidence and dispute resolution
play

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con - PowerPoint PPT Presentation

Oct 22, 2023 •206 likes •598 views

Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B. Stark 9 August 2019 University of California, Berkeley 1 Suitably designed and operated paper-based voting systems can be strongly software

  1. Trustworthy Elections: Evidence and Dispute Resolution 2019 Def Con Las Vegas, NV Philip B. Stark 9 August 2019 University of California, Berkeley 1

  2. Suitably designed and operated paper-based voting systems can be strongly software independent, contestable, and defensible, and they can make risk-limiting audits and evidence-based elections possible. (These terms will be defined.) Not all paper-based voting systems have these properties. Systems that rely on ballot-marking devices and voter verifiable paper audit trails produced by electronic voting machines generally do not, because they cannot provide appropriate evidence for dispute resolution, which has received scant attention. An ideal system allows voters, auditors, and election officials to provide public evidence of any problems they observe–and can provide convincing public evidence that the reported electoral outcomes are correct despite any problems that might have occurred, if they are correct. 2

  3. Many collaborators including (most recently) Andrew Appel, Josh Benaloh, Matt Bernhard, Rich DeMillo, Steve Evans, Alex Halderman, Mark Lindeman, Kellie Ottoboni, Ron Rivest, Peter Ryan, Vanessa Teague, Poorvi Vora, Dan Wallach 3

  4. Did the reported winner really win? 4

  5. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition 4

  6. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Check equipment? Or check outcomes? 4

  7. Did the reported winner really win? • Procedure-based vs. evidence-based elections • sterile scalpel v. patient’s condition • Check equipment? Or check outcomes? • Whom must we trust, and for what? 4

  8. Why audit? • Any way of counting votes can make mistakes • Every electronic system is vulnerable to bugs, configuration errors, & hacking • Did error/bugs/hacking cause losing candidate(s) to appear to win? 5

  9. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices 6

  10. Security properties of paper • tangible/accountable • tamper evident • human readable • large alteration/substitution attacks generally require many accomplices Not electronic systems. 6

  11. • If there’s a reliable, voter-verified paper trail, can check whether reported winner really won. • If you permit a small “risk” of not correcting the reported outcome if it is wrong, generally don’t need to look at many ballots if outcome is right. 7

  12. A risk-limiting audit has a known chance of correcting the reported outcome if the reported outcome is wrong (and doesn’t change correct outcomes). 8

  13. A risk-limiting audit has a known chance of correcting the reported outcome if the reported outcome is wrong (and doesn’t change correct outcomes). Risk limit : largest possible chance of not correcting reported outcome, if reported outcome is wrong. 8

  14. • Audit enough to have strong evidence reported winner really won. 9

  15. • Audit enough to have strong evidence reported winner really won. • “Spoonful of soup”: small sample often enough (depends on margin) 9

  16. • Audit enough to have strong evidence reported winner really won. • “Spoonful of soup”: small sample often enough (depends on margin) • Should be routine, no matter how big the margin 9

  17. 10

  18. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary 11

  19. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” 11

  20. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” • Manually inspect randomly selected paper ballots • individual ballots, batches, unstratified, stratified, w/ or w/o replacement • polling audits: just need ballots • comparison audits: also need to export data & check totals 11

  21. Requirements • Voter-verified paper trail • Any jurisdiction with paper can do an RLA • Need to ensure the paper trail is trustworthy • Some equipment makes it easier , but replacing equipment isn’t necessary • “Ballot manifest”: description of how ballots are stored • Should be routine • “It’s the day after the election. Do you know where your ballots are?” • Manually inspect randomly selected paper ballots • individual ballots, batches, unstratified, stratified, w/ or w/o replacement • polling audits: just need ballots • comparison audits: also need to export data & check totals • Routine in CO and soon RI; pilots in 9 states and Denmark • laws in TX, VA, CA? 11

  22. BMDs • “electronic pen” 12

  23. BMDs • “electronic pen” • can present ballots in many languages, “accessible” interface 12

  24. BMDs • “electronic pen” • can present ballots in many languages, “accessible” interface • what if they malfunction? 12

  25. • research so far: • few voters check • checks so brief unlikely to help • voters can’t remember selections 13

  26. • if astute voter catches error: • might get a fresh ballot • has no evidence to show malfunction, only claim • presumption will be voter error, not machine error • fresh ballot doesn’t ensure correct outcome overall 14

  27. • if astute voter catches error: • might get a fresh ballot • has no evidence to show malfunction, only claim • presumption will be voter error, not machine error • fresh ballot doesn’t ensure correct outcome overall • if pollworker convinced, what recourse is there? • new election? (no way to find correct outcome) • “wolf!” 14

  28. BMDs need to be designed to allow disputes to be resolved • If voter observes malfunction, should be able to prove it to others* 15

  29. BMDs need to be designed to allow disputes to be resolved • If voter observes malfunction, should be able to prove it to others* • If LEO has evidence that the outcome is still correct, should be able to prove it to public* (*Without compromising the anonymity of votes.) 15

  30. • BMD printout might not match what voters indicated to the BMD. • RLA of elections conducted on BMDs may confirm the wrong winner. • “Parallel testing” requires unworkable sample sizes (& labor, training, equipment, infrastructure). 16

  31. • BMD printout might not match what voters indicated to the BMD. • RLA of elections conducted on BMDs may confirm the wrong winner. • “Parallel testing” requires unworkable sample sizes (& labor, training, equipment, infrastructure). Current BMDs can be hacked undetectably and alter outcomes: not software independent . 16

  32. Useful ideas for election integrity and security • (Strong) software independence 17

  33. Useful ideas for election integrity and security • (Strong) software independence • Risk-limiting audit 17

  34. Useful ideas for election integrity and security • (Strong) software independence • Risk-limiting audit • Evidence-based elections 17

  35. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Evidence-based elections 17

  36. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Evidence-based elections 17

  37. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Defensibility • Evidence-based elections 17

  38. Useful ideas for election integrity and security • End-to-end verifiability • (Strong) software independence • Risk-limiting audit • Contestability • Defensibility • Evidence-based elections 17

  39. 5 Cs • Create durable, trustworthy record of voter intent • ideally, hand-marked paper ballots + BMDs for voters who benefit from them • Care for the paper record • verifiable chain of custody, 2-person custody rules, ballot accounting, good seal protocols, etc. • Compliance audit: establish whether paper trail is trustworthy • ballot accounting including VRDB, pollbooks, etc.; check chain of custody logs, video, etc.; eligibility • Check reported outcome against the paper by auditing • Correct the reported outcome if it is wrong 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dispute Resolution So Youve Got a Complaint How Conflict Becomes Dispute ...

Dispute Resolution So Youve Got a Complaint How Conflict Becomes Dispute ...

Dispute Resolution So Youve Got a Complaint How Conflict Becomes Dispute ... Personalities Policies Lack of Knowledge none past history individual rights contradictory miscommunication dispute management unclear lack of

733 views • 14 slides
Alternative Dispute Resolution & Online Dispute Resolution DG Justice and Consumers Justice

Alternative Dispute Resolution & Online Dispute Resolution DG Justice and Consumers Justice

Alternative Dispute Resolution & Online Dispute Resolution DG Justice and Consumers Justice and Consumers Legal framework Directive on consumer ADR Set up of ADR entities in all market sectors Quality requirements for ADR

247 views • 12 slides
From CJEU to WTO-type Dispute Resolution Dr. Holger P. Hestermeyer, LL.M. (Berkeley) Shell

From CJEU to WTO-type Dispute Resolution Dr. Holger P. Hestermeyer, LL.M. (Berkeley) Shell

From CJEU to WTO-type Dispute Resolution Dr. Holger P. Hestermeyer, LL.M. (Berkeley) Shell Reader in International Dispute Resolution NIESR UK After Brexit 9 March 2017 Why provide for dispute settlement in a Free Trade Agreement? 2 months

194 views • 7 slides
Dispute Prevention The Dispute Resolution Adviser (DRA) System Colin J Wall Global Mediation

Dispute Prevention The Dispute Resolution Adviser (DRA) System Colin J Wall Global Mediation

Dispute Prevention The Dispute Resolution Adviser (DRA) System Colin J Wall Global Mediation Services Ltd Prague June 2013 The Genesis of the Dispute Resolution Adviser System General research work in the USA in late 1990 Concept of

269 views • 9 slides
THE ROLE AND VALUE OF MEDIATION IN MULTIPLE DISPUTE RESOLUTION MECHANISM YIN WEI SOUTHWEST

THE ROLE AND VALUE OF MEDIATION IN MULTIPLE DISPUTE RESOLUTION MECHANISM YIN WEI SOUTHWEST

CHINAS PROPOSITION FOR BELT AND ROAD DISPUTE RESOLUTION: ASSESSING THE ROLE AND VALUE OF MEDIATION IN MULTIPLE DISPUTE RESOLUTION MECHANISM YIN WEI SOUTHWEST UNIVERSITY OF POLITICAL SCIENCE AND LAW RESEARCH QUESTION What role can

258 views • 11 slides
Presentation Policies, Penalties and Tax Dispute Resolution John Sorensen Gowling Lafleur

Presentation Policies, Penalties and Tax Dispute Resolution John Sorensen Gowling Lafleur

OBA Tax Section Presentation Policies, Penalties and Tax Dispute Resolution John Sorensen Gowling Lafleur Henderson LLP (416) 369-7226 john.sorensen@gowlings.com Fundamentals of Tax Dispute Resolution Stages of a Typical Tax Dispute

442 views • 27 slides
CHINAS PROPOSITION FOR BELT AND ROAD DISPUTE RESOLUTION: ASSESSING THE ROLE AND VALUE OF

CHINAS PROPOSITION FOR BELT AND ROAD DISPUTE RESOLUTION: ASSESSING THE ROLE AND VALUE OF

CHINAS PROPOSITION FOR BELT AND ROAD DISPUTE RESOLUTION: ASSESSING THE ROLE AND VALUE OF MEDIATION IN MULTIPLE DISPUTE RESOLUTION MECHANISM YIN WEI SOUTHWEST UNIVERSITY OF POLITICAL SCIENCE AND LAW RESEARCH QUESTION What role can

132 views • 11 slides
Dispute Resolution Mechanisms in the Hospitality Industry. Presentation notes by Hezron M.

Dispute Resolution Mechanisms in the Hospitality Industry. Presentation notes by Hezron M.

Application of Alternative Dispute Resolution Mechanisms in the Hospitality Industry. Presentation notes by Hezron M. Njuguna. Advocate; Court Accredited Mediator. What is ADR? Alternative Dispute Resolution typically denotes a wide

511 views • 25 slides
Multi-Tier Dispute Resolution Clauses Definition and Examples ASA Conference Henry Peter |

Multi-Tier Dispute Resolution Clauses Definition and Examples ASA Conference Henry Peter |

Multi-Tier Dispute Resolution Clauses Definition and Examples ASA Conference Henry Peter | Stefanie Pfisterer September 15, 2017 | Definition Multi-tier dispute resolution clauses provide for a dispute resolution mechanism using

447 views • 11 slides
Smart Contract Dispute Resolution blockchain, law, blockchainlaw? 14 September, Bern Content

Smart Contract Dispute Resolution blockchain, law, blockchainlaw? 14 September, Bern Content

Smart Contract Dispute Resolution blockchain, law, blockchainlaw? 14 September, Bern Content Legal Tech What is a Smart Contract? The need for Smart Contract Dispute Resolution? How Smart Contract Dispute Resolution works Automated

868 views • 40 slides
Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick

Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick

Alternate Dispute Resolution / Allegation Guidance Memorandum January 19, 2010 Michael Headrick Chairman, BOD, NAECP Alternate Dispute Resolution Feedback from industry on ADR w as generally positive Need consistency in the NRCs

168 views • 5 slides
A DECISION on whether to include con- likely become a matter of public record if it arbitral

A DECISION on whether to include con- likely become a matter of public record if it arbitral

PE/June P24-27 ARBIT 10/6/02 4:36 pm Page 24 Power Dispute Resolution ECONOMICS june 2002 Arbitration and dispute resolution in the electricity industry Arbitration traditionally resolves to settle disputes quickly and painlessly, but

400 views • 4 slides
The Value Proposition of The Value Proposition of Investor Dispute Resolution Investor Dispute

The Value Proposition of The Value Proposition of Investor Dispute Resolution Investor Dispute

The Value Proposition of The Value Proposition of Investor Dispute Resolution Investor Dispute Resolution & & A Case Study on Putting it All Together A Case Study on Putting it All Together Global FC/IE Strategies and Implementation

341 views • 12 slides
DISPUTE RESOLUTION IN DISPUTE RESOLUTION IN AGRICULTURAL/RURAL POLICY AGRICULTURAL/RURAL POLICY

DISPUTE RESOLUTION IN DISPUTE RESOLUTION IN AGRICULTURAL/RURAL POLICY AGRICULTURAL/RURAL POLICY

DISPUTE RESOLUTION IN DISPUTE RESOLUTION IN AGRICULTURAL/RURAL POLICY AGRICULTURAL/RURAL POLICY DISPUTES DISPUTES National Public Policy Planning Conference: National Public Policy Planning Conference: st Century Food Consequences of the 21

217 views • 6 slides
Payments in Canada Payments in Canada Fraud Loss and Dispute Resolution Fraud Loss and Dispute

Payments in Canada Payments in Canada Fraud Loss and Dispute Resolution Fraud Loss and Dispute

Payments in Canada Payments in Canada Fraud Loss and Dispute Resolution Fraud Loss and Dispute Resolution Outline Payment Systems Large Value Transfer System (LVTS) Large Value Transfer System (LVTS) Automated Clearing and

159 views • 13 slides
APHAA Presentation Residential Tenancy Dispute Resolution Service (RTDRS) October 16, 2017

APHAA Presentation Residential Tenancy Dispute Resolution Service (RTDRS) October 16, 2017

APHAA Presentation Residential Tenancy Dispute Resolution Service (RTDRS) October 16, 2017 Residential Tenancy Dispute Resolution Service (RTDRS) RTDRS offers landlords and tenants an alternative means of resolving serious disputes outside

411 views • 18 slides
On Estimating the Size and Confidence of a Statistical Audit Raluca A. Popa and Ronald L. Rivest

On Estimating the Size and Confidence of a Statistical Audit Raluca A. Popa and Ronald L. Rivest

On Estimating the Size and Confidence of a Statistical Audit Raluca A. Popa and Ronald L. Rivest Javed A. Aslam College of Computer and Computer Science and Artificial Information Science Intelligence Laboratory Northeastern University

322 views • 20 slides
Web Mining and Recommender Systems Advanced Recommender Systems This week Methodological papers

Web Mining and Recommender Systems Advanced Recommender Systems This week Methodological papers

Web Mining and Recommender Systems Advanced Recommender Systems This week Methodological papers Bayesian Personalized Ranking Factorizing Personalized Markov Chains Personalized Ranking Metric Embedding This week Goals: This week

1.15k views • 92 slides
Signature sizes: RSA signatures are big. a call to action D. J. Bernstein University of

Signature sizes: RSA signatures are big. a call to action D. J. Bernstein University of

Signature sizes: RSA signatures are big. a call to action D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Signature sizes: RSA signatures are big. a call to action 1990 Schnorr signatures D. J.

355 views • 21 slides
The Implicit Regularization of Stochastic Gradient Flow for Least Squares Alnur Ali 1 , Edgar

The Implicit Regularization of Stochastic Gradient Flow for Least Squares Alnur Ali 1 , Edgar

The Implicit Regularization of Stochastic Gradient Flow for Least Squares Alnur Ali 1 , Edgar Dobriban 2 , and Ryan J. Tibshirani 3 1 Stanford University, 2 University of Pennsylvania, 3 Carnegie Mellon University Outline Overview

666 views • 27 slides
Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked

Evidence-Based Elections: The Role of Risk-Limiting Audits Election Integrity in the Networked Information Era Georgetown Law Washington, DC Philip B. Stark 7 February 2020 University of California, Berkeley 1 Arguments that US elections

489 views • 33 slides
Muzzling the Alligators When you are up to your neck in alligators, it's hard to remember that

Muzzling the Alligators When you are up to your neck in alligators, it's hard to remember that

Muzzling the Alligators When you are up to your neck in alligators, it's hard to remember that the objective is to drain the swamp! Page 1 31/12/99 A Conflict of Advice There are plenty of people with ideas to improve quality, but

639 views • 16 slides
Welcome Six steps to payroll success: to todays webinar The magic of client cloud platforms

Welcome Six steps to payroll success: to todays webinar The magic of client cloud platforms

BrightPay Payroll Software 26th February 2020 Welcome Six steps to payroll success: to todays webinar The magic of client cloud platforms Rachel Hynes Marketing Executive - BrightPay Part 1: Part 2: Ian Jenkinson Six steps to payroll

117 views • 8 slides
Who we are Rana Salzmann , M.A., M.L.S. Director of Library and IT, Meadville Lombard Theological

Who we are Rana Salzmann , M.A., M.L.S. Director of Library and IT, Meadville Lombard Theological

Who we are Rana Salzmann , M.A., M.L.S. Director of Library and IT, Meadville Lombard Theological School Ten years of management experience in public, special, and academic libraries, always at the intersection of technology and patron service

470 views • 16 slides

More recommend