Machine-Assisted Election Auditing
Joseph A. Calandrino, J. Alex Halderman, and Edward W. Felten
Abstract Election audit procedures usually rely on precinctbased audits, in which workers manually review all paper ballots from selected polling places, but these audits can be expensive due to the labor required. This paper proposes an alternative audit strategy that allows machines to perform most of the work. Precincts are audited using auditing machines, and the output of the auditing machines is manually audited using efficient ballot sampling techniques. This strategy can achieve equal or greater confidence than precinct-based auditing at a significantly lower cost while protecting voter privacy better than previous ballot-based auditing methods. We show how to determine which ballots to audit against the auditing machines' records and compare this new approach to precinct-based audits in the context of Virginia's November 2006 election. Far fewer ballots need to be audited by hand using our approach. We also explore extensions to these techniques, such as varying individual ballots' audit probabilities based on the votes they contain, that promise further efficiency gains.Full research paper [PDF]
Preliminary workshop version [PDF]
Security Analysis of the Diebold AccuVote-TS Voting Machine
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.Full research paper [PDF]
Our reply to Diebold's response