 So good morning, and thank you everybody for showing up at this early hour so The tabloid title of this talk is the rise and fall of internet voting in Norway And I'm going to tell the story about some about Norwegian trial try to do internet voting right So how many of you were at Alex Holman's great talk on Sunday on the voting in Estonia? We're quite a few so you know already everything about internet voting So there are basically two kinds of voting systems It's the kind of voting system you use to tell what is the best of Coca-Cola and Pepsi And it's the kind of voting system you use to decide who do you want to be in governments and For the for for the second kind of voting system the stakes are a lot higher and this is a fundamental Democratic ceremony and it's really important that We get it right and we make sure that it stays democratic and secure and fair And so this talk is going to be in three main parts I'm going to talk about the internet voting trial that was held in Norway in 2013 and Then I'm going to give the historical background for that trial to try to look at how was it that we Did this trial in Norway and what happened afterwards and what what what was the story? And then finally I'm going to talk about my own work auditing the crypto implementation used for the voting system and so There are really three main points to take away from this and I think the first point is that even though internet voting is a Scary and something which I think we don't want The Norwegian trial really tried to do it right In the sense that they wanted to make it They wanted to conduct a really open trial and be very honest and upfront about what they were doing The second point is that This kind of event is not only about technology. It's also very much about politics and You find that even though the hackers are saying internet voting. No, we don't want this It's a very There are a lot of other forces in play which shape what's actually going on and so You might want to ask why would anyone why would anybody want to do internet voting at all? and I think The main argument Ten years ago, which was definitely pre-snowden and When we were I think as a whole a bit more naive about The threats online was that I can do banking online. I can do my taxes online. Why can't I vote? and so Some of the formal goals of the project was to improve accessibility from marginal groups and To make the voting experience better for people who are not voting in their home location such as students and At the beginning of the trials they also wanted to increase turnout, but Internet voting in the experiment didn't really seem to have an effect on that and Finally, I think that from a purely Technical or scientific point of view. This is kind of an interesting challenge. So We want to say we want to learn something about If if we try to do this, what what are the actual roadblocks both? technologically and from a democratic point of view and So I guess some of you might wonder who is this tour guy and why why am I here speaking about this? Well, I did my I did a PhD in cryptography quite a few years ago I'm working currently as an IT IT security consultant at a security company in Oslo, Norway, and this is my sixth time at CCC Actually, I've been playing with computers since since forever. I got I got my first UNIX account when I was four to play an attack And I guess I sort of stayed along those lines for quite some time My own role as regards to internet voting in Norway is that I wasn't I've not been a part of the voting project, but I did the script to audit for them in 2013 and Because the project has been so open Everything I'm saying here is based on public information But some of it is subject to my own interpretation or understanding Based on the fact that I was outside the project itself So Norway, I guess Not everybody knows a lot about Norway. It's up here. It's Northern European country. It's quite small 5 million people It's a stable and rich democracy Which has a really tremendous amount of public trust. So So people are trustful maybe even to a fault of both the neighbors and of the government and I think In this sense, Norway has a lot of preconditions for Doing this kind of internet voting experiment. It's a pretty small country. It's a pretty small trial It's Politically very stable. So if something really went wrong It wouldn't it would be possible to recover in a stable manner in fact There was in 2011 there was a terror attack against the government Only a few weeks before the election and before the first internet voting trial in fact and We're still able to carry to carry out the election under reasonably ordinary circumstances And finally Norwe can afford to do it, right? So and I think these are really preconditions for a successful experiment. So if anybody is able to do internet voting It should be us, right? And so The overall concept for internet voting in Norway. This is not electronic voting machines It's online voting from your laptop from your living room and so As a voter you are able to log on and vote online as many times as you want and The internet voting is only done Before election day and on election day you can go to a polling place and you can vote physically as well and the system is integrated in such a way that Only the last vote counts and this is meant as sort of one of the main anti vote-selling anti coercion Techniques in this system That's even if somebody forces you to vote for whatever then you can go and you can vote again Either either online or at a polling place The second mechanism the second idea here is that you Use a fancy cryptographic protocol, which you try to say something fundamental about So you're trying to get some pretty strong Guarantees that the core protocol you're using is actually Sound and that's what you want and the system was Designed at least in principle to give end-to-end security which meant that you were supposed to have no trust Between between each element in the processing chain of a vote And you would you would use cryptographic proofs to to link everything together and Similarly there was quite a bit of separation of duties such that the fact that encryption keys were split in half and given to two different people so that They would both have to collude to To use the key The final part of the concept is that the voters get some out of band feedback about the result of their online votes which the voter but only the voter Can use to verify that the votes posted online was Was the vote that he intended to to cast and so And so this sounds pretty reasonable, I guess But then you get into the technical details And so for for a voting system you want strong authentication because you want to know who voted and you want to be able to make sure that people voting multiple times are matched up correctly so that's You count you count the right votes in the end. So the authentication system needs to be secure And then at the same time you want to have anonymous ballots. So you shouldn't be able to link the vote over here with the person who cast it online and The third requirement is that you want to be able to verify afterwards The the result of the election And so those those three requirements are actually kind of opposing each other because it means that you need to have some sort of separation between different processing stages In such a way that you can't link this together again and There's really a fourth security requirement, which is not Clearly stated here and that's about verifiability and what does that really mean? Because in a traditional paper ballot vote There is a lot of weaknesses limitations and there's an quite a high cost of running a paper election but the threat model is pretty well understood and It's got high legitimacy And you can more or less explain to a five-year-old that yeah You you are putting ballots in this box here and it's locked and then people from different parties come and count it together and so they make sure that There are checks and balances and there are a lot of people involved in in making this happen and Make and Realizing that kind of requirement in an electronic high-tech system using fancy crypto is kind of hard and That's I think that's really one of the fundamental challenges about Electronic voting and internet voting is that you need to make it so transparent as you possibly can and I'm not sure we know how to do that yet So there's a fourth security requirement on the list here, which is the ability to detect attacks and One of the main goals of the internet voting pilot in Norway was that Even if there is some kind of attack on the system Then at least if it's affecting a lot of votes then we need to be able to detect it and We might be able to live with the effects of some kind of small-scale abuse in the sense that Below a certain threshold that might be unavoidable no matter how you implement an election but There should we should be able to detect any kind of large-scale fraud attempts and if necessary and just or just rerun the election a few weeks later if If if there's found evidence of some kind of large-scale abuse and so I think already already at this point we realized that If for an interest system, we are probably not going to be able to make it 100% bulletproof People are going to have malware people are going to get hacked But at least at some level It should be possible to detect anything going on. And so there are also quite a few counter arguments against Internet voting in particular and I guess also electronic voting in general Transparency and verifiability as we just talked about is Difficult to solve The main argument in the public debate in Norway has been around coercion and the fact that you are voting in an uncontrolled environment rather than in a public at a public polling place in a closed booth and There's also been a claim in the public debate that internet voting debases the ceremonial aspect of going to vote and I don't know if I don't know How widely that applies but at least At least for some people going to the polls Is this democratic ceremony that they value quite highly and Basically being able to vote from your sofa is undermining that and that's I think also a fair a fair argument In in the initial risk analysis that that were being done threats like hacking were considered in general, but I Think specific threat agents were considered to a lesser degree Awareness of the nation-state kind of threats has probably increased over the last few years and Norway as a country has had quite poor diplomatic relations with China and we have a border with Russia and You might think that somebody Would want to do try to influence the outcome of a vote and that's Clearly a threat To an online system So I mentioned the cryptographic protocol I'm not going to go very deeply into that because then we could spend an hour just talking about the crypto And that's a lot of fun for a crypto geek like me, but it might be a bit narrow From the cryptographic literature, this is a reasonably standard voting protocol It uses Encryption and it uses actually the homomorphic the homomorphic property of the algorithmic crypto system to make computations on encrypted ballots, so Basically the encrypted they encrypt the voters Vote intent with El Gamal and then they use they do further computations on the encrypted ciphertexts and To do some transforms and to do mask what's going on and then between each Step in the processing chain the system uses schnore signatures or schnore based zero-knowledge proofs to ensure that everything is Correct, and then there's a mixed network at the end which is used to Basically separate Separate the voter from the ballot They also use Shamir secret sharing to split encryption keys again to make sure that multiple operators Have to collude that that you don't have a single operator sits on the key and The protocol is pretty well described It's been analyzed by by Christian Jirsten in some public papers. There's nothing There's nothing really bad there it's it's I think it's a good protocol And so we come to the election trial in 2013 and The voting trial happened in 12 municipalities out of 428 and they are marked in green on the map here. I don't know if you can see it Which meant that there were about 250,000 voters who cast about 70,000 ballots over the net and The the web page looked while the starting page looked like this. It's in the region. It says that There's a column on the left which explains a bit about the internet voting and then there's information about how to vote and how to log in there's a link to a video and There's some information about The votes being secret and you should you should make sure that you're in the private place when you are casting a vote online And so the authentication for this system is based on existing public infrastructure using Two-factor authentication either with SMS or a hardware token Then there's a few that there are actually two feedback mechanisms for the voter When after casting a vote online you get you get an SMS code Which is I think a four-digit number or a six-digit number Which you can verify against a list of codes which is written on on your on your voting card Which is a card that you you get in the mail and and so this this link here is actually one of the fundamental Security assumptions that this document with the code cannot be linked to the SMS code cannot be linked to the person You in the web interface itself, it also gives you a shot to 56 hash of of your encrypted votes and The idea was that a signed list of shot to 56 hashes would be published to to github during counting Which meant that during counting you could actually go online and verify verify that your hash was in the list if you wanted to And so this is all a web app running on GNU linux. I think it was sent to us. It's a it's a Java application on the back end In 2013 the front end was all HTML and JavaScript So there was quite a bit of JavaScript crypto going on there The project had a few additional safeguards So I already talked about the feedback mechanism to the voter, which was the return codes and the ballot hashes They also had election monitors to to shadow the system operators and to make and to basically follow them around and see what they were doing I guess a drawback of that approach is that The election monitors don't necessarily know what The operator is typing into the system on the command line Because the interface is kind of complicated The Source code is all the source code for the election system is public. It's under a proprietary license On by the government, but at least it's they published it online And they had quite a few third-party Contractors to all of the solution. There was a web app security test of the front end There was the external review of the crypto which was my job and There was actually an independent third-party implementation of the vote counting module which meant that on election day they were They had two independent Implementations of the counting system which were running in parallel on the same data. And so the idea was that If somebody tried to tamper with one of the counting systems, they hopefully shouldn't Be able to sabotage the other and the other one as well And Then the entire technical system was also monitored using using Splunk Which meant that the local logs were being collected continuously to a different system in a different security zone so so they had been thinking quite a bit about this and then Five days before the election there was a critical bug and so so the text here says this is from This is from in the region newspaper and says there's a there's an error in the encryption of the e-votes and What actually happened was that the encryption ballad the encrypted ballads that the voter was sending actually leaked information about the plaintexts because of a bug and Due to delayed security, I mean you were voting via SSL and then or TLS and and then the votes were stored On on a secure system. Hopefully it meant that This information should not be leaking anyway, but At least one of the security layers was quite badly broken and it seems like a combination of luck and preparation made sure that No votes were actually revealed, but it was a very close call and we will get back to the course of this bug a bit later And then what happened in 2014? Well the project was ended and the government decided that the government had an evaluation by by political scientists focusing on the project goals which were to increase availability and to and to provide solutions tailored to young voters and They found that internet voting was popular among the voters And the but but turnout did not really change and the only and the online voters were quite similar to the voting population at large and so the project was ended and The BBC posted a story about this a few days later and looked like this And so the press release mainly highlighted the lack of cross political will but It also said that most voters Didn't have much knowledge about the security mechanisms in the system and so the BBC framed it like this and the government Didn't quite like that angle. It said that BBC misreports it and So it's quite interesting what the Norwegian government says here It says that Norway has a strong tradition of seeking consensus in all matters regarding electoral policy Due to the lack of broad political will to introduce internet voting The government decided not to continue expanding public resources on the pilots And I think that's actually completely honest statement That's in in the sense that Internet voting was Kind of controversial among the different parties But there's also a very important subtext here Which is that after the 2013 elections? There was a change of government And so In 2014 when when the evaluations were complete The main champions of this project were out of power And so lack of lack of broad political will that's completely true, but I think it's also Important to note that it's also very politically expedient like why do I want to spend money on my predecessor's expensive pet project? And that has nothing to do with technology and it has no it has nothing to do with the sort of the The facts of the trial, but it's it's convenient. I mean You can just throw it under you can just throw it under the bus because You have a nice excuse you can use the money for something else And so the next thing I'm going to look at is how did we actually get to this trial in 2013? And so this timeline here is not a hundred percent exact, but it's I think it's close enough to to paint a picture of what's going on So actually in 2004 The government the government at the time started doing a feasibility study about electronic voting and online voting But there wasn't really any Huge enthusiasm as far as I know about doing anything more about it at that time then in 2005 there was a parliamentary election and there was a new government where Some of the parties and that was a coalition government of three parties and at least some of the parties were quite keen on internet voting and Then the ball sort of started rolling they got some champions of government and they got this feasibility study back a year later and so there was a project organization and Everything went from there. So so I've I've been digging a bit in the in the electoral manifests from from 2005 and At least one of the parties said Quote it must be easier to vote Students and pupils must be able to vote on the place that they are studying and It must be open for electronic voting over the internet and quotes and so that was the that was in their party manifesto in 2005 and Apparently they managed to get to get that ball rolling because there were some people who were keen on doing that So in 2006 they got the result of the feasibility study Showing basically the state of the art in 2006 that was a 200 page report in Norwegian It's contained quite a lot of information about experiences from other countries including Estonia It also included a high-level threat assessment Which apparently didn't consider state-backed actors, but it's it considered packing in general, but Again, this was 2004 2005 2006 The study was the study was circulated for comments and in 2008 The ball started rolling so They got some funding. They got a project organization They started specifying the use cases and the processes and and the documentation that they wanted to implement In 2009 they got a vendor after a public tender actually they got two vendors in 2009 for various systems the goal at this point was to Make a pilot aiming for full internet voting by 2017 and So the initial the initial version of this implementation was finished in in the summer of 2011 So this is kind of funny because it's been a few years and then suddenly in 2010 people realized that Hey, we're going to have internet voting next year. This is this is kind of interesting so So we so there finally was a bit of public debates, but at this point I think The forces in motion were such that in any case there was going to be an experiment in 2011 because It was it was already decided So there were quite a few skeptical voices and it's kind of interesting because they didn't really split along political lines One of the one of the most well-known political scientists in Norway who Professor Frank Orbrot Who is a known supporter of the the government who was doing this Stated quite flatly that the internet voting violates human rights and And then his argument again again was about voting under uncontrolled in an uncontrolled environment and under unfair circumstances in in any case in 2011 we had the local elections There were there were of course as as there always is in this kind of In this kind of trial with a with a complicated technical system there were a few bugs Some of the main problems were actually connected to these return codes that were supposed to be printed on printed and sent by mail Because there was there there was a misprint and There was also the fact that this terrorist attack happened six weeks weeks before the elections and actually made meant that The servers that were running the trial election were actually closed off as part of the crime scene Which Was kind of inconvenient because they needed to get to the service But in the end there were 27,500 people who voted over the net and It seemed to be an overall success The studies show that the voters were statistically quite similar to the voting public except that they When you are voting in Norway you have some options to modify the ballot to In various ways and the people who are voting online were actually a bit more active in making those modifications Because it it might be that it's easier to do it in an online environment and via pen and paper and there were nine invalid votes and I'm actually not sure how that happened but at any rate it's quite a low number usually I Think I think they say that's between Between half a percent or and two percent of votes or something Maybe maybe spoiled So it's so actually would be even with paper voting. That's that number is quite high so After evaluating 2011 they decided to continue the project this time with a single vendor They did they made some technical improvements for better anonymization among other things They also replaced the clients Which in 2011 was a bit Java applets and then they found out that Java applets are not really very cool anymore So in in 2013 they decided to replace it with a brand new JavaScript crypto implementation because JavaScript crypto is really cool and So in in 2013 we're back to where we started there was a new election this time in in 12 municipalities more than 70,000 votes cast online and there was a change of government after after eight years and So summing up this bit. I think There were some things that went quite right in this trial The system seems to have worked very well technically in the sense that it's It was it didn't have any significant trouble with the with performance or downtime There were few spoiling or invalid ballots There was there was quite a lot of audit log verification which did not show anything going wrong and The system proved to be quite popular in in the areas that actually used it So so there were several problems along the way, but At least nobody discovered any anything that they really really hadn't thought about and On the other hand, there are also quite a few difficult areas There is There is a trade-off between security and sort of verify verifiability and test ability like the fact that it was quite hard to It was quite hard to provide runtime monitoring for some of the systems because because of security concerns The voting cards and return codes so the physical artifacts caused a few problems Key management and separation of duties is always hard One of the really important aspects there is the voter understanding of security mechanisms and the ability to verify what's going on and One one thing which was noted was that quite few people Very very diligent about checking the return codes and even fewer people where I would actually go to the step we're trying to verify the the shot to 56 hashes and That's that's kind of understandable on the other hand. It's It means that Having those mechanisms available doesn't necessarily mean that people will use them and there was there was a fishing demonstration in 2011 where As an experiment as an experiment under under controlled circumstances a professor at a local college Set up this fishing page which looked like the real page and try to get Information about the return codes from the voting cards from the voters And that's the key piece of information which links the voter to the SMS Verification and that was that was no problem because fishing works, right? so You have these kind of you have these kind of problems you also have the entire complex Regarding secure software development and also of course running an online system and keeping it secure which we know is hard and so Because of this before the 2013 election It was decided to run a technical review So I think a problem here was that even though the source code was public It didn't really get a lot of public scrutiny and the project didn't really succeed in making the tech community engaged with this and After the fact I was reminded a bit of this when with a half-lead bug showed up earlier this year in the sense that Kind of like open SSL you have this huge bit of security critical code and it's open but The barrier for somebody to actually look at it is kind of high and There were a few exceptions there was this fish fishing experiment that I talked about there was also a Report and code quality, which I actually was quite simple where there were a couple of researchers who just ran some automated tools and saw that they got a lot of flags and Did some basic analysis of those findings and it gave an indication that the quality of the source code might not be very good but anyway the project wanted to get more information and so I got this assignment to to perform a third-party review of the cryptographic primitives and in key generation implementations and There were some quite big constraints on this review One of those constraints was that was the time frame because this was in the summer of 2013 and the election was in September and If we were to find something and actually do something about it There was a bit quite a limited time frame to do it There was also a question of manpower because it was in the middle of summer vacation in Norway And so I did this analysis by myself in a limited time span I would have loved to involve more people and then much more work on it, but basically the resources weren't available and So I got this assignment. I said, okay, what does this thing look like? Well, there's a subversion repository So first thing you do grab the code second thing you do try to build the code and discover that the code doesn't build and And Apparently there were there also some of time in the availability issues with repository because this was Clearly not a main priority to keep online. It was online. It was nice to have online, but also because of the limited interest That wasn't the main focus and particularly not in the middle of summer And so okay next thing you do you start to look at the system documentation and you see the deployment diagram It looks like this and so It's kind of a problem that for security systems you want to keep things simple For internet voting you need to keep things a little bit complicated because you need to keep everything separate And so here you have a whole bunch of systems doing different stuff Several of the service here are air gaps, but this is just a huge amount of complexity right here and so You look a bit more closely at the code you see this it's 200,000 lines of Java and And that's and that's source lines. That's no No comments no white space no unit tests and I think also the modules that are not actually used Are excluded? So it's it's quite big This is this is code Which is part of the project. It's not third-party libraries And these are kind of also approximate sizes because when I was looking at the source code I find out it's sometimes quite hard to determine whether a specific Java class was part of the Production system or not That was actually quite hard to figure out and I had a recurring problem trying to map the high-level description of the system to the source code because That wasn't really well documented And so okay, okay next thing thing you do you run some automated tools somebody had done it before so I did it again and This is only from parts of the code base and there are I don't think you can read it, but there's several hundreds Several hundred yellow red findings from find bugs which says it okay. This might not be critical, but it's Pretty clear that the dev team is not using automated tools proactively And so actually the hard part here is that you get so many warnings that it's hard to determine which ones are serious and which ones can be ignored and So Looks kind of perfect Just just from this high-level analysis you you get some kind of idea that The complexity of the security system is is quite high so To summarize some of the findings from just going on a code safari There's some trouble with the Separation between the security logic and sort of the the business logic the sort of voting process implementation As I said earlier, I had trouble mapping the high-level design to the implementation and Also because the project used spring and they used dependence injection It was quite hard to to read the code and to see what was actually going on because you add all these dependencies to the configuration and runtime setup Basically, it's pretty heavy lifting just to get into the code and My focus was not the code in general, but the crypto. Well, there's a huge amount of crypto here and So there's a huge amount of low-level crypto and it's quite clear that the developers who made this system Clearly know a lot about crypto but the problem is that when you have this sort of copy-and-paste development and You have code all over the place. It's not consistent and It's it makes it very hard to to audit it makes it definitely very hard to verify anything And you get this separation between the system, which is either obviously secure or not obviously insecure And so so one of the examples was that Get to that later, I think There was also some kind of distance or a sort of enterprise software Syndrome I've been working on quite a lot of big enterprise software projects and this looked suspiciously like one of those and so It's difficult to establish and enforce sort of technical quality metrics in this kind of code basis and It's kind of unclear what what are the appropriate quality and assurance levels for critical code So looking at some of the bugs So this was some code in in a method called cypher symmetrically Which was used to exp to to password and crypto security token for export to disk And so the really bad thing here is that there's actually a developer hand-coding this thing And there are there are some kind of strange things here like they're using PBKDF to which is well, it's more or less what you have available in Java So so I guess that's reasonable even though you might have liked something else Okay, oh they're using counter feedback mode with a s. That's that's kind of interesting, but it's not illegal But they have a PBKDF to iteration kind of to which is kind of bad you should do you should use something like 10,000 So which means that the passwords would be quite a lot easier to brute-force than it should be There's also this factor that they were using a static IV which meant that Basically the encryption was not You could The encryption was really not secure because you really shouldn't be encrypting with static IVs And so there's also an inconsistency here And that they're suddenly using counter feedback mode in pkcs7 padding whereas elsewhere they're using CBC mode in pkcs5 padding, so it's Buried There was another bug I found which was related to charmer's secret sharing which is Really secure if you implement it right Actually, it's mathematically you can prove that it's mathematically secure if it's implemented with proper random numbers And you do everything correctly, but they didn't so the security proof broke And so this is a kind of crypto vulnerability that probably couldn't be exploited, but it's it's Well, who knows you would have to analyze it to tell And then there was a lot of weirdness such as In one place they were using md5 to verify file a file integrity for some temporary files And then they were saying that oh, but integrity for these temporary files is not really important And I say well, but you shouldn't be using md5 anyway There was a really strange custom implementation of data enveloping so instead of using Some sort of standard for a standard encryption envelope to encrypt data they were There was some custom code for it there was a secure audit logger Which was when I was analyzing the code I said that aha this secure audit logger is not secure against truncation attacks But then in this case this was a problem, which was not being solved by crypto They were solving it by using Splunk to to gather logs on the fly So that's Even if you could truncate a log on the server, it would be you would capture it in Splunk and vice versa So there they had actually thought about that, but So during key generation there was some sense to plain text being written to disk which was kind of silly And this was on an air-gapped server, so it would be hard to get to but maybe you shouldn't write it to disk And there's this thing about secure random not being explicitly initialized so You you need to trust that you're all in that you're always in your Java implementation is set up correctly to use something sensible and Then finally there was this critical encryption bug which I mentioned which actually hit the real election so This was actually in the JavaScript crypto clients, which was not something I audited but quite honestly I wouldn't have found this one even if I audited it but it's kind of like a Debbie and ran the bug in that in the sense that you get really poor random numbers and And so what it meant was that about 30,000 ballots were encrypted with the same randomness instead of unique randomness Which was kind of bad It was actually caught by the team who were implementing the redundant ballot counter because they were using the system to generate some test data And then they were finding that this test data looks suspiciously similar to itself so Wrapping up some thoughts The stuff I did here was just a pure source code analysis and so The system is really too complicated to verify that way so to do a more realistic test you should really be Interacting with the with the running code and trying to trying to figure out which which interfaces you you can play with And so I don't actually think anybody tested the sort of resilience of the backend systems to do malware infection or Or other kind of intrusion There were some So the project and talked about The fact that if they wanted to run this on a national level they wanted to have common criteria certification But for the pilot they prepared some documentation, but they didn't go through the certification process There was also trouble with late code delivery and lack of a really a proper freeze and stabilization Period which was also criticized by the OECD election observers There's also the question about how to involve the tech community and I think Part of the problem is the common reaction myself included that no, I don't want to look with a look at this I don't want to engage with this kind of project But it also means that means that there's quite a high barrier to entry Even for techies if you wanted to try to get into this it's really takes a lot of time and a lot of work to understand what's going on and that's That's hard to deal with so so there's a question if if the project in some way could have improved incentives for for people to participate And there's also I think a bit of a cultural language barrier inhibiting foreign interests so even though Even though the source code documentation is in English a lot of the discourse and context and analysis is in Norwegian and Norway's a small country and People don't necessarily follow what's what's happening in Norway. So I guess it's also slipped under the radar quite a few places and so It seems like this is the end of internet voting at Norway for now and As a security expert electronic voting scares me and at the same time I Have a little bit mixed feelings about this because this was really I believe a good faith attempt at getting it right and We now have a lot we've not lost the knowledge and the expertise and the working organization Who are working on this project and actually preparing this talk I was finding that a lot of the links and a lot of the documentation was getting harder to find because of link rods and And Obviously technology marches on elsewhere We have electronic voting roles in Norway and there's an electronic system for scanning and counting votes I don't think that's been very heavily analyzed by the security community yet. It probably should be and Internet and computer voting is on the agenda elsewhere as well. And so That's it for me. I'd like to thank you all for coming Okay, now we have about 10 minutes for a question and answers a few questions, please line up at the microphones Do we have questions from the internet? Yeah, we do The voters given this receipt after Casting their vote that does this receipt change when casting a vote again in the same election And if so does this not open up an opportunity for vote selling So the question was whether the return codes which were sent by SMS Would change during the election and whether that would open opportunities for vote selling and I don't actually know I've actually not I actually haven't seen these voting cards because they were only given out in Indiminuos abilities where they had a trial My understanding was that There was a unique random code for each party on the ballot Corresponding to that voter Which you would get by SMS and then you can and then you could verify the SMS with the paper and I haven't really spent a lot of time time thinking about Vote selling scenarios related to that. I guess the main safe guard is that you could always go and vote on on Election day on paper as well Okay, those who are going out, please be quiet so that the question answers can be understood. So question from microphone to Did online voters vote for different parties compared to offline voters because this might explain as a cancellation of the project The question was whether online voters voted for different parties than the Than the offline voters and as far as I've been able to determine the answer is no statistic statistically it was Very similar both on a national level and then locally in the different municipalities so It didn't seem to be any differences that weren't explainable by all the statistical factors Okay question from one Yeah, I'm just wondering if was there any attempt or what was the procedure when the tenants were selected in the you know the process for selecting who should make the system as to you know vetting who was Programming and so on I mean did the persons involved was the and it's what's that a factor in the selection process or because they you know You could say that well, this is an Pretty sensitive system. You're handling sensitive data and You know the security services might want to look into who is Actually programming because finding that row in the random number generator Would be easy to sneak in if you you know, you know what you're doing So the question was whether there was any vetting of the companies doing the software implementation or the people doing the software implementation. I Don't I don't know I Actually the main The main company implementing the solution was not Norwegian but I'm not I'm not going to name names there, but you it's it's all probably you can find it online, but I'm not going to name names But Whether the whether the National Security Services did any kind of vetting. I don't know I know that during the tender process There were five companies bidding for this contract and I'm sure I'm I hope that I Hope that they thought about that angle as well, but I don't I don't know anything beyond that Okay question from number three Hi, first of all, thanks for the talk that has been really interesting I have one question. You mentioned that there are nine invalid votes When I get a payment valid I can you know willingly make an invalid vote The nine votes were they invalid because of nobody knows technical bugs or Invalid because of no someone voluntarily made like three crosses instead of one cross The question was about those invalid invalid ballots in 2011. That's a very interesting question. I don't I don't know I Also didn't find any numbers for 2013 regarding Whether any ballots were invalid. I I'm really not sure what's what happened there Okay, thank you Okay, one question from the internet Was there any studies of user users or voters Voters of the understanding of the security mechanism. Also, are there any reports available in English? So the question was if there were any users that is regarding the security mechanisms and also if the very reports available in English I Think yeah, I think the answer is yes to both of those Most of the technical documentation about the system is available in English and also Regarding the political science angle and user studies, I think it might not be available in English I know that there there were several user studies and user testing and and various polls of user behavior regarding the Verification mechanisms Which which which is I think also the source to the to the fact that a Few a few voters are verifying but not Not very many I think it's also valid question to ask how many how many percent of the voters should Do a manual verification to get some sort of statistical guarantee? I don't know Okay from number two Are there any countermeasures against an inside attacker? Especially can the voter Verify that they have not been added any additional votes I think The the voter would be able to verify as long as he or she would be able to receive SMS for that number as as for Countermeasures against insider attacks we had we had the election observers and they were also the fact that they used The secret sharing to split the key so that you had to have two operators at the same time And there were of course access controls and and so on and so forth meaning that It was physical security at the site Okay from one. Yeah. Hi So I was wondering if they actually looked at other existing systems and if you looked at our existing systems And and maybe just generally do you do you think it's a good idea to to try to make a system that doesn't have those failures? The question is whether I have looked at other systems and whether they had looked at other systems and where is a good idea to do this The project certainly looked at other systems both in both in 2006 during the Visibility study and also upfront before they Started the project as such I Have not I did not have the opportunity to look at a lot of other systems when I was looking at this because I was in a hurry But of course, I'm familiar with the evoting in in Estonia and so on Personally, I don't think this is a good idea, but I think that In order to in order to Get that that message through you have to engage both on the technical technological level, but also on the policy level Okay, since the time is almost out one last question from two Yeah, I was wondering if you have any ideas about changes to language or workflow used to result in better quality source code I Think I think from from my point of view as a Cryptographer and engineer my my perspective would be to try to isolate and encapsulate the cryptographic code as much as possible Regarding more general software development techniques techniques for for guaranteeing high high quality and and so on and so forth I'm probably not the person to answer