 These are going to be three quick ten minute presentations. Ten minute presentations, maybe 15. We'll let them go if they're a little long. The first, and so I don't take up too much their time with introductions, let's just say that Matthew Bernhard rocks. Now he's a PhD candidate at University of Michigan with broad interest in the social implications of technology and privacy, delving into computer security, cryptography, networks, usability, censorship, systems and voting technology, Andy rocks. Thank you. Hi everybody, as you just heard, my name is Matt Bernhard. I'm a grad student at the University of Michigan, Alex Halderman is my advisor. I also work with verified voting, doing some data collection work, and I'm here to talk to you today about a crash course, or sort of the, what we academics think of when we think of voting security. So there's a lot of content to pack in here, so I should just go ahead and say that if you are interested, I highly recommend you read, this is a paper we put out last year, that's basically, it attempts to summarize all of the research in the field and provide a good jumping off point to get into the research a little bit more. So the way I'm going to try to do this is I'm going to give you a brief history of modern voting. I think it'll be preaching to the choir for the most part, so we'll get through it pretty quickly. And then I'm going to talk about some of the theoretical parameters to voting and why, you know, when you hear people like Alex and Karsten say that paper ballots are a good idea, why exactly that is, other than the obvious reasons. And then I'll talk about some of the current solutions. So let's get into a brief history of modern voting. So back in the United States, at least in the mid-1800s, we didn't really have paper ballots, we didn't have secret ballots, we had what was called voice voting. So as you can see in this painting here, basically, if you were a voter, you would come up, you would register, you would get your voter registration data checked, and then you'd go up to the election judge up there, the guy in the blue coat, and tell them who you wanted to vote for. And there are several problems with this. The good news is it's very verifiable, right? Anyone of these people who's standing around here listening to the gentleman in the red say what his vote is, can then keep their own separate tab and at the end of the day count up all the votes for that candidate and make sure that the election officials are being transparent. It's bad though, because the candidates can hear how you vote and other people can hear how you vote. So as you see these three gentlemen kind of down here on the right, the guy in the top hat, he's getting hassled for the way that he voted. And frequently, people would get beat up or so forth for the way they voted. So voice voting provides interesting transparency and verifiability properties, but not very good secrecy properties. This was remedied a little bit later in the 19th century with what we now call the Australian secret ballot, basically the idea that you have a piece of paper, you take it into a separate area where no one else can see how you voted, you vote on it, and then you deposit it into a ballot box, maintaining the secrecy. This is, like I said, great for secrecy. No one can know how you voted, so you won't get beat up. But it does hinder the verifiability a little bit, right? While everyone can watch the votes get counted, it's very difficult to make sure that no votes were put in, no extra votes were put in the ballot box. If you're a voter, it's very difficult to know that your vote was counted. You just kind of have to trust, you either have to stay there all day and watch the ballot box, or trust that the election officials knew what they were doing. And then in the 20th century, as you just heard, that's when computers start becoming a thing. The IBM Votomatik was one of the first computerized voting systems. Punch cards, it led to butterfly ballots, that led to HAVA. HAVA led to many, many different kinds of computer voting machines. And it's worth pointing out that every computer voting machine that has ever been studied, I think, has been found to be vulnerable to some kind of attack. So the good thing about computers, you know, they're very easy for poll workers and stuff to use. But they throw away all verifiability, because there's no longer even a paper trail that you could watch be counted. You just kind of push a button on the machines and they spit out a tally at the end. And arguably they're not very good for secrecy either, because these are just regular computers. And as you just saw, that's just a Windows computer. Anyone who gets on one of these machines couldn't, in theory, figure out how people are voting. Either they can watch them vote in real time, or some of the machines like the AcuVote OS and the Debalde AcuVote TSX here recorded votes in sequential order, or they use broken cryptography to randomize it. So it was very easy to figure out how people voted. So computerized voting provides some convenience. It definitely makes election officials lives easier. But in terms of security, it's arguably the worst of all of the world. The major theme here that I hope I've highlighted is that there's this kind of tension between evidence and secrecy. We would love for all votes to be able to be perfectly secret and perfectly verifiable. Basically you could, anyone can verify the election at any time. Everyone knows for sure that their vote was counted. And so this has kind of gone back and forth. And the period we're in right now is kind of answering neither of these requirements sufficiently. So the goal that we typically approach this with is how can we design elections with adequate security that also provide convincing evidence. And this is very difficult to do because it's different from most classical security problems. Normally you get evidence and secrecy together, or you don't need evidence, which is why, you know, when people say like, I vote, I bank online, why can't I vote online? That's why it doesn't work. Because a lot of the solutions to other security problems don't apply here because of this tension between these two things. So to dig into that a little bit more, there are basically kind of seven key things to do with voting in the way they work and making sure that an election is carried out in a correct way. There's secrecy, as we've already talked about. There's correctness. There's disputes. You know, as Carsten mentioned, you know, if a candidate says, I don't believe the election results, what do you do then? Authentication, ensuring that voters, only the people who should be voting are voting. Availability, you know, you don't want the lines that you're precinct to be too long. You want to be able to vote in a reasonable amount of time. Usability and accessibility, and then legal compliance. I'm only going to focus on like the first four of these, and I'll kind of mention the others in passing. So the basics of secrecy, as we already talked about, there's the Australian secret ballot. And the idea is that the election doesn't leak information about how any given voter votes, other than the announced results. You know, there's of course the case where if it's a precinct and there's only one voter at that precinct and that precinct elects candidate A, everyone knows how that candidate voted, or how that voter voted, excuse me. But in general, no extra information should come out. So you should never be able to know how every single voter voted if there's more than one. There, secrecy also provides, there's also a way of looking at secrecy as resisting attack. So there's coercion and resistance. The idea that if there's a shady character outside the polling place who has a candidate they want, they can threaten you or pay you to vote a certain way. So we say a system is coercion resistant when it doesn't allow this. And this is an important property of secrecy, right? There's also receipt-free-ness, which is the idea that even if the voter colludes with the coercer, they still can't reveal how they're voted. And again, this goes back to not wanting voters to be able to pay for their votes. I have basically no time left. So I'm going to try and hit some of the highlights here. Correctness, we typically think of correctness in three things. Three pillars cast as intended, collect as cast, and tally is collected. All those basically mean is that the path of the ballot from the voter to the actual election results is easy to follow and can be verified by both the voter and independent third parties. So I'm going to zoom through here. There's also collection accountability where if you find out that your vote wasn't counted, you can do something about it. And then there's also this notion of software independence, which I think is probably the most important definition to know to walk out of this room with. The idea that an undetected change in software cannot affect votes. This is why paper ballots are touted as such an important solution. Because DRE systems like the wind vote over here, like the TSX is downstairs and so forth, those are not software independent. Even the DREs that produce voter verifiable paper audit trails, or so they claim, those are not software independent because the paper trail is produced by the same software that the votes are cast in. So software independence is a very, very important definition in terms of election security. There's also dispute resolution. Risk limiting audits, as we mentioned before, handle this. Basically, the voting system needs a robust way to handle disputes if a candidate doesn't believe that they are lost. How do they do it? If you have risk limiting audits, you're actually a dispute-free system because the risk limit, the audit will inherently account for, provide convincing evidence to all parties involved. And then there, as I mentioned, these other four categories, there's authentication. How do you know who votes, who should vote? Availability. How do you avoid long, long lines? How do, how do you guarantee that every single voter can vote if they want to? Usability and accessibility. How do you verify that any, anybody can actually use the voting system and correctly cast their vote? As you can see here, the voter here is clearly tapping one candidate but another one is being selected. And then there's legal compliance. And this actually, it turns out, is one of the most difficult aspects of this because we can come up with some of the best voting systems in the world, but if they are illegal, you can't use them wherever you're trying to use them. Current solution, as I mentioned, voter verified paper. Basically, a voter makes a mark on a piece of paper. A machine can count that. A human can count that. It doesn't really matter. This provides secrecy. It provides correctness because the voter knows that they marked the right box in theory. They can also make sure that they put the ballot in the box or they feed it into the scanner and the scanner correct, or at least records that the ballot was correct. Software independent because you have this independently generated paper trail. It provides dispute resolution because in the worst case, you know, if you can't figure out, you can't resolve the differences. You can just count all the votes again in a transparent way. Like I mentioned, there are also risk limiting audits. I'm not going to talk too much about this. Karsten talked a little bit about it, but basically the idea is that you, given the margin of an election, you can count a small number of ballots and figure out whether or not the tally is correct. If it's not correct, then you keep counting ballots until you either recount all of the ballots or you stop. You provide enough evidence. I'm going to skip some of these other slides. Like I said, optical scan systems are probably the preferred because they're the easiest to use by poll workers and they provide robust audit trails. And like I said, you need to use RLAs or some form of audit though. As we saw in 2016, lots of states have paper ballots, but they don't look at them. They basically just throw it away after it's fed through the scanner. And we've seen some changes in this. Colorado, Rhode Island, and California are all piloting risk limiting audits. There are also several crypto systems that have been developed by academics. There's a short list of them there. If you go to our paper, you'll see a lot more. And they support complex election methods and so forth. But the overall takeaway here is that there's this balance between secrecy and evidence. And that's why voting is such a hard problem. That's why when you see people on Twitter say why don't they just use the blockchain. That's why it doesn't work very well. Providing all of the properties that we've discussed is a very difficult needle to thread. And it frankly doesn't exist in most places. There are also lots of open problems in the field. Again, see the paper more for that. But I think, yeah, for now, the best solution we can come up with is paper with a risk limiting audits. So hopefully I've managed to stay under time and maybe you take a question or two. Thanks everybody.