 Good afternoon, ladies and gentlemen. My name is Sang-Eun Lee. I'm an applied data fellow at the University of Chicago. Today, I want to present about my paper, Both from Home, Evaluation Framework for Election Security on Remote Voting in Response to COVID-19. So because it's my first time to present in DEF CON, I just wanted to give some brief intro by myself. I am a recent policy degree graduate with both engineering and economics background. I lived, I've born and lived in South Korea and I lived in Japan and the United States as well and in the United States I used to live in Illinois, New Hampshire and now in Wisconsin. I worked in the South Korean government agencies in cybersecurity, namely Korea Internet and Security Agency and National Security Research Institute. I'm a member of ITUT study group 17 security, so I used to make some recommendations and also the, I reviewed the standardization recommendations from others and well, recently I can't, I am not joining very actively. However, it was one of the good part of my job as well. I'm interested in cybersecurity, quantitative methods and global conflict, especially cyber conflict. Well, maybe that's from, that's because from I'm South Korea because we have a North Korea facing, but still this is my interest and it's about, it's a short intro about myself. So let's talk about COVID-19. As of 28th of July, total confirmed COVID-19 cases marked more than 60.5 million while the United States having the highest number of cases. Global deaths caused by this infectious disease, infectious virus, are more than half million while the United States have the highest death tolls, regardless of having been contained or not. The deadly virus spread by human contact has changed our daily so differently. So as a grad student, I had to see my graduation, as a former graduate student, I had to see my graduation ceremony on YouTube and a number of workplaces had changed to or shifted to work from home. So some of them are working like this or like this and your office is closed like this. We found a number of possibilities and threats at the same time while working from home, including cyber threats. Then how about the democracy? On April 7th, the state of Wisconsin held its in-person primary election as a preparation for the presidential elections scheduled on November. However, because of the public health concerns, 14 other states have postponed their elections as the primary elections and here you can see the United States is not the only country to postpone the election. A lot of countries all over the world have postponed indefinitely or rescheduled their elections due to COVID-19 outbreak. Meanwhile, you could see a number of alternative methods to vote, so vote from home. And to vote from home, there are a number of suggestions how to vote from home. First is about mail, both by mail. Second is about voting online. And third, well, this is also part of voting online, but because a lot of public perception of blockchain seems to have a transparency and accuracy, I also included blockchain here. However, we need to ask a question. Are they trustworthy? I already know that history of voting village starts from the questioning cyber security of election infrastructure. Not only such cases of voting machine hacking, this information, I wanted to emphasize how the remote voting method involving technology and not involving technology as well is vulnerable, while more public interest and research is required in this field with cross-disciplinary approach, like what I've done right now. So first, let's talk about elections, democracy, and COVID-19. Election is a cornerstone of democracy, and it's a central feature and a basic predicate of democracy. The primary mechanism to select and to check, so check and balance, the political leader, and it allows electors to participate in the governance of the country and also the municipality. And COVID-19, because the COVID-19 outbreak is very serious issue in public health, government responses usually involve mobility restriction, social distancing, and restrictions on economic freedom, business operations, and organizational activities. As a result, the state stay at home restriction orders affected to reduce mobility by 7.87%. And we've faced, we've seen a lot of civil unrest against the government orders, and it's happening right now as well. And we also see a lot of cases of disinformation campaigns to install the public distrust within the society. On elections, first, it discourages voters from casting a vote, because it's dangerous for you to cast a vote in person. Second, there is a barrier impacts which induces the post-putting off the election. Third, electoral cycle as a whole can be posed with various types of risk. Electoral cycle here, I, in the table below, I mentioned about the three different electoral cycle, which is pre electoral, electoral, and post electoral. They all have a risk due to the COVID-19. And usually the risk is about limits on fiscal meetings. And in this paper, not my own paper, the paper which I reference, he suggests that most of the mitigation method would be online. So access to your access to the internet and have a meeting at there, have a training at there, and diffuse the information at there. And you need to, there is a way of voting online, and there is a postal voting. And at the same time, after the election, there is online review, online meeting sessions, and documentations can be transferred online. And we can have even online parliaments, just like we have seen recent testimony of big tax. So what I wanted to deliver is the assessment framework on remote voting security. The framework evaluates in person voter verifiable voting versus remote voting methods. The criteria is software independence, accuracy, fairness, trustworthiness, and secret vote. The software independence here is defined as a voting system is software independent, if an undetectable change or error in its software cannot cause an undetectable change or error in an election outcome. And it's defined in 2008 by Professor Rivest. And here, because during the evaluation, first, I didn't distinguish between the internet and mobile voting, because they're both basically, both of them are network method of voting. And both by mail is defined as a voting method using paper ballots casted by a mailing service. The traditional voting is in person method with paper ballots. However, I did not consider DREs because you know what it is, we already have plenty of knowledge of how DREs are exposed to cyber threats. And this research only considers the electoral cycle. So the election itself. The criteria for the criteria is our first software independence. I measured this as a yes or no. Second, accuracy, whether the vote is accurate or not by three different levels. Third, fairness, whether the vote has a fair chance to cast a vote by the electorates by three different levels. Trustworthiness, it's also about whether the vote is trustworthy. And especially whether the results are trustworthy. Fifth, the secrecy is about whether the casting of both is assured with the secret vote principle. And the criteria measures are in person voting with three different voting methods, remote voting methods. First, online voting. Second, both by mail. And third, blockchain. Because like blockchain, as I just mentioned before, is considered as very safe and transparent because the blocks are distributed. So I included this as a method to evaluate within my framework. And evaluation results are like this. As I mentioned, I evaluated internet voting, blockchain, both by mail and traditional method. In terms of software independence, because internet and blockchain both involves software, it is not independent. However, both by mail is software independent. And in traditional method, it is yes, it is indeed independent. Actorsy, internet voting, blockchain voting, we already found the vulnerabilities that may change the results of the voting. So it's not assured. While both by mail is partially assured, however, we also need to consider the other points apart from the cybersecurity. So I cannot say this is fully assured. And about the traditional, yes, it's assured. Under the consideration that the vote is fairly administered and fairness, internet blockchain is partially fair because apart from cybersecurity, not a lot of people may have access to internet or blockchain technologies. So that's why I mentioned, I'll explain this some more later. Both by mail, it's seemingly fair. And traditional method, I think it's the most fair method. And trustworthiness, it's vulnerable for both internet and blockchain method. And both by mail is less vulnerable. It cannot say it's fully adaptable. However, in traditional method, it is adaptable and safe. And for the secret vote principle, it's also saying internet and blockchains are vulnerable. And both by mail is less vulnerable. And traditional method is adaptable and safe. This measurement, this measurement evaluation was provided by all the research referenced by myself. So if you see the, if you read the paper, you can see the references from this all results. And to make some points, first, blockchain voting and internet voting vulnerabilities are not zero day. They, we have, I can, I even add a non-cyber security technology professional, a non-hacking professional as me can, could find a number of vulnerabilities are listed from academic papers. And also some corporate reports as well. And both by mail is exposed to such issues as both for sale, identification issue, et cetera, which may undermine its credibility. And as I just mentioned, involving technological equipment is not free from digital divide. Well, a lot of researchers, a lot of researchers tells that tell that the use of the increased use of technology and diffusion of technology, especially the information of communications technology, leads to a better human progress like enhanced opportunity, more freedom and more civil rights. However, still, because it's not affordable to everyone, it is likely to face the digital divide in there. And this may be an international issue, but it also could be a domestic issue, which is very critical to critical to consider while administering the election. At the same time, not everyone is digitally literate. So for me, like if I am provided with some guidelines, I can both cast a vote by blockchain applications or internet. However, it is not, it is not fully possible to give proper explanation at the different literacy levels over the age groups. So not everyone is digitally literate. So this is the thing that we should consider further. And to make some remarks here, paper ballots are seemingly invisible towards cyber threats posed on remote voting by achieve software dependence. However, we also need to require operational transparency while administering the election. Second, unlike other features of the internet, blockchain remote voting is essentially exposed to cyber threats. And third, the results suggest that further concerns on administering election remotely. So such as like a digital divide and we also need to be aware of some terrorist groups who want to undermine the election credibility. So hijack the transportation methods or something. We have a lot of risk, not only cyber risk, but also physical risk here. So we need to consider those kind of thing as well. Fourth, the levels determined on the evaluation criteria are not contending immunity of safety, reliability or auditability beyond the codes and packets. So it has a room to develop and it's a room to consider for more and more discussions, more research should be involved in here. So not because I'm from South Korea, I wanted to introduce one best practice from South Korea for election. South Korea was also not free from COVID-19 at the moment of election April. South Korea was one of the top 10 countries with its numbers of infected people. At the same time, South Korea also had its national election to vote for the members of the National Assembly. Interestingly, the election results on April 15 to 2020 turned out to show no new domestic coronavirus cases related to the election. So how is this possible? The voting does not involve voting machines in Korea, so we don't use DREs. It is fully traditional in-person paper ballot voting. With further resources, South Korea was available to administer its election safely, not by special recipe, but by very principled basics. Masks being required, gloves were handed to the voters by the election administration, and they had to keep the distance, social distancing, and the temperatures were checked for all the voters who participated the election. It was simple, but an effective method to contain the virus from spreading. So what I want to deliver from this practice is that regardless of how the virus is out there, still in-person traditional voting is available, and we also need to consider about that. So in conclusion, without paper ballots, online voting is very vulnerable, as we all know, and if and only if in-person voting is unavailable, our second best option is to vote by mail. And in-person with paper ballot collection is not an impossible option, as we've seen from South Korea, an un-nation-wide election. And the further thing that I want to mention is, first, we need to have a better operational capacity in administering the election. Second, we need to recall the higher interest by the electorates, the voters. And finally, we also need not only the general interest, but further research is required, not only cybersecurity, but also physical security, operational security, and how to optimize the voting process. All of them are required and should be considered multidisciplinary. So thank you for your time, and I'm open to questions. So please send me an email or talk, send me a message through Discord and any other method. Thank you for listening.