Voting System Risk Assessment Via Computational Complexity Analysis

By Wallach, Dan S. | The William and Mary Bill of Rights Journal, December 2008 | Go to article overview

Voting System Risk Assessment Via Computational Complexity Analysis


Wallach, Dan S., The William and Mary Bill of Rights Journal


ABSTRACT

Any voting system must be designed to resist a variety of failures, ranging from inadvertent misconfiguration to intentional tampering. The problem with conducting analyses of these issues, particularly across widely divergent technologies, is that it is very difficult to make apples-to-apples comparisons. This paper considers the use of a standard technique used in the analysis of algorithms, namely complexity analysis with its "big-O" notation, which can provide a high-level abstraction that allows for direct comparisons across voting systems. We avoid the need for making unreliable estimates of the probability a system might be hacked or of the cost of bribing key players in the election process to assist in an attack. Instead, we will consider attacks from the perspective of how they scale with the size of an election. We distinguish attacks by whether they require effort proportional to the number of voters, effort proportional to the number of poll workers, or a constant amount of effort in order to influence every vote in a county. Attacks requiring proportionately less effort are correspondingly more powerful and thus require more attention to countermeasures and mitigation strategies. We perform this analysis on a variety of voting systems in their full procedural context, including optical scanned paper ballots, electronic voting systems, both with and without paper trails, Internet-based voting schemes, and future cryptographic techniques.

INTRODUCTION

The United States Elections Assistance Commission (EAC) recently solicited submissions for how it might assess the risks of voting systems.1 According to its solicitation:

The first phase will create reference models to be used in the assessment. This includes developing election process models to describe the operational context in which voting systems are used. It also entails developing voting systems models by generic technology type. This is needed because the types of threats encountered and their potential impacts vary by technology.2

The EAC asked the public to suggest how it might develop these models, with submissions due in April 2008. 3 While these submissions have not yet been made available to the public, we will discuss some prior work on this topic and then propose our own solution to this problem.

Clearly, we need an objective, quantifiable method for comparing voting systems.4 Election officials who might purchase one system over another need to be able to concisely understand the relative insecurities of one product versus another.5 Security analysts, testing authorities, and regulators need common ground for both setting a lower bound on acceptable security and for explaining how much better a system is than whatever the minimum standard requires.6

Qualitative analyses are, for better or worse, the standard method used to make arguments.7 To pick a well-known example, the U.S. military was investigating the possibility of allowing its soldiers to vote, from overseas locations, via the Internet. They convened a panel of experts to conduct a security review. Several of the experts wrote a "minority report" expressing their concerns with the project,8 leading to its cancellation and replacement with a fax-based system.9 Alvarez and Hall criticize this outcome stating, "In the end, a small but vocal segment of the scientific community opposed the use of scientific experimentation in voting systems and technologies."10 While the SERVE report's authors were concerned about the fundamental unsuitability of standard consumer platforms (e.g., Microsoft Windows XP plus Internet Explorer), with the risks of viruses, worms, or other forms of malware that could easily be engineered to compromise an election,11 Alvarez and Hall felt that

the central argument in this critique was overly general, ignored the reality of UOCAVA voting,12 and ignored what would have been a broad array of project, procedural, and architectural details of the SERVE registration and voting system, which in all likelihood would have minimized or mitigated their concerns had the system been used in the planned trial.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Voting System Risk Assessment Via Computational Complexity Analysis
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.