Publications

• UC Davis E-Voting Research Group
  Home	People		Publications
  References		Internal

• Matt Bishop, Sean Peisert, Mark Graff, Candice Hoke, and David Jefferson,

  "E-Voting and Forensics: Prying Open the Black Box"
  Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '09), Montreal, Canada, August 10–11, 2009. PDF

  • Abstract: Over the past six years, the nation has moved rapidly from punch cards and levers to electronic voting systems. These new systems have occasionally presented election officials with puzzling technical irregularities. The national experience has included unexpected and unexplained incidents in each phase of the election process: preparations, balloting, tabulation, and reporting results. Quick technical or managerial assessment can often identify the cause of the problem, leading to a simple and effective solution. But other times, the cause and scope of anomalies cannot be determined. In this paper, we describe the application of a model of forensics to the types of technical incidents that arise in computer-based voting technologies. We describe the elements of e-voting that current forensic techniques can address, as well as the need for a more structured analysis, and how this can be achieved given modifications to the design of e-voting systems. We also demonstrate how some concrete forensic techniques can be utilized today by election officials and their agents, to understand voting system events and indicators. We conclude by reviewing best practices for structuring a formal forensics team, and suggest legal steps and contractual provisions to undergird the team's authority and work.

• Matt Bishop, Mark Graff, Candice Hoke, David Jefferson, Sean Peisert.

  "Resolving the Unexpected in Elections: Election Officials’ Options," October 8, 2008
  from http://www.electionexcellence.org/, PDF

  • Abstract: A new paper reviews the types of voting equipment technical events that merit a closer look, and how to proceed. The authors have expertise in computer engineering, security and forensics, voting technology evaluations, and election administrative processes. The goal of this paper is to assist election officials and their counsel in making sound judgments about when a deeper (forensic) examination by independent experts may be needed to protect an election's accuracy and prevent recurrence of technical problems. The authors invite critical, constructive commentary for a revised edition.

    Currently distributed by the Center For Election Excellence and the American Bar Association.

    Public comments are welcome, via this form.

• Sean Peisert, Matt Bishop, and Alec Yasinsac.

  "Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines,"
  Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Digital Forensics Pedagogy and Foundational Research Activity Minitrack, (January 2008). PDF

  • Abstract: Much recent work has focused on the process of auditing the results of elections. Little work has focused on auditing the e-voting systems currently in use. The facilities for doing the former include the voter-verified paper audit trail; unfortunately, that VVPAT is not particularly helpful in tracking down the source of errors within e-voting systems. This paper discusses the need for a detailed forensic audit trail (FAT) to enable auditors to analyze the actions of e-voting systems, in order to demonstrate either the absence of problems or to find the causes of problems. We also discuss methods to prevent the use of the FAT as a covert channel for violating the necessary properties of secrecy of the ballot, so voters cannot sell their votes, and anonymity of the ballot, so a third party cannot associate a particular ballot with the voter who cast it.

• A. Yasinsac and M. Bishop.

  “The Dynamics of Counting and Recounting Votes,”
  IEEE Security and Privacy 6(3) pp. 22–29 (May 2008). PDF

  • Abstract: This article presents some issues with both paper and electronic ballots and focuses on scientific and engineering processes to improve voting precision, safety, and efficiency. Intuition suggests that computer-based electronic systems offer tremendous potential to provide vital accuracy and accessibility properties, though not without challenges. Similarly, paper-based systems have natural properties that can deter or prevent some types of integrity and security vulnerability inherent to electronic systems, but these too are not without problems. After discussing the strengths and weaknesses of electronic and paper bal- lots with respect to initial counts, we discuss auditing approaches to corroborate the initial reported results and propose protocols and procedures to strengthen the auditing mechanisms.

• A. Yasinsac and M. Bishop.

  “Of Paper Trails and Voter Receipts,”
  In Proceedings of the 2008 Hawaii International Conference on System Sciences (Jan. 2008). PDF

  • Abstract: The Internet pervades virtually every aspect of our daily lives, and it seems there is no area that is immune from computing solutions. Computers can do things faster, with greater precision, more reliably, etc., etc., etc. Ironically, one area that most needs the mechanical rigor offered by computing solutions seems destined to abandon electronic solutions and return to paper as the operating medium of choice. As electronic voting falls from favor across America, we are concerned to hear talk of paper receipts provided to voters. Though the department store receipt model is appealing in its simplicity, we posit that when this model is applied to voting systems, it introduces a complex combination of dangerously conflicting properties. We describe these properties and offer an alternate framework to address paper receipt concerns. We then extend this notion into a discussion of paper records and their contribution to forensics for election systems.

• M. Bishop and D. Wagner.

  “Risks of E-Voting,”
  Communications of the ACM 50(11) p. 120 (Nov. 2007). PDF

  • Abstract: This column describes some lessons we drew from the California top-to-bottom review of electronic voting systems.

• Prof. Matt Bishop and Davis CS graduate students Sophie Engle, Elliot Proebstel, and Till Stegers participated in CA SoS Debra Bowen's 2007 Top-To-Bottom Review of the voting machines certified for use in California. link
  

  • Selected press: news.ucdavis.edu, Daily Democrat, NY Times, Le Monde Informatique

• Elliot Proebstel, Sean Riddle, Francis Hsu, Justin Cummins, Freddie Oakley, Tom Stanionis, Matt Bishop.

  "An Analysis of the Hart Intercivic DAU eSlate,"
  In Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Workshop (EVT '07), Aug 2007. PDFHTML
  

  • Abstract: This paper reports on an analysis of the Hart Inter-Civic DAU eSlate unit equipped for disabled access and the associated Judge’s Booth Controller. The analysis examines whether the eSlate and JBC can be subverted to compromise the accuracy of vote totals, the secrecy of the ballot, and the availability of the system under the procedures in place for Yolo County. We describe several potential attacks, and show how election officials can block or mitigate them.

• Ananya Das, Yuan Niu, Till Stegers.
  "Security Analysis of the eVACS Open-Source Voting System."
  Manuscript, 2005 PDF
  

  • Abstract: The electronic Voting and Counting System (eVACS) is an open-source software used in an electronic voting trial in the Australian Capital Territory, and has been recommended for use in future elections. In this paper, we report results from a review of the eVACS code and design, supported by static analysis tools. While no "hot exploits" have been found, several bad practices were identified.

• Earl Barr, Matt Bishop, Mark Gondree.

  "Fixing Federal E-Voting Standards."
  Communications of the ACM 50, 3 (Mar. 2007), 19-24. DOI
  

  • Abstract: Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process.

• Earl Barr, Matt Bishop, Dimitri DeFigueiredo, Mark Gondree, Patrick Wheeler.
  "Toward Clarifying Election Systems Standards."
  CSE-2005-21, Sept. 2005 PDF
  An open letter, prepared specifically for the EAC 2005 VVSG call for comments.
  

  • Abstract: Electronic election systems are being more and more widely deployed. Thus, the standards that certify them are ever more important. Unfortunately, insecure systems have been certified and deployed. We have closely examined the standards and discovered vague language, the lack of a basic system description, and no restrictions on system design. Together, these problems have contributed to the certification of insecure systems. In our comments, we show how system and threat modeling can clarify the standards and improve the security of certified systems.

• Mark Gondree, Patrick Wheeler, Dimitri DeFigueiredo.
  "A critique of the 2002 FEC VSPT E-Voting Standards."
  CSE-2005-20, Sept. 2005 PDF
  

  • Earlier comments about the 2002 standards, made public to accompany the above report.