April 14, 2024

The anomaly of cheap complexity

Why are our computer systems so complex and so insecure?  For years I’ve been trying to explain my understanding of this question. Here’s one explanation–which happens to be in the context of voting computers, but it’s a general phenomenon about all our computers: There are many layers between the application software that implements an electoral […]

Magical thinking about Ballot-Marking-Device contingency plans

The Center for Democracy and Technology recently published a report, “No Simple Answers: A Primer on Ballot Marking Device Security”, by William T. Adler.   Overall, it’s well-informed, clearly presents the problems as of 2022, and it’s definitely worth reading.  After explaining the issues and controversies, the report presents recommendations, most of which make a lot […]

Switzerland’s E-voting: The Threat Model

Part 5 of a 5-part series starting here Switzerland commissioned independent expert reviews of the E-voting system built by Swiss Post.   One of those experts concluded, “as imperfect as the current system might be when judged against a nonexistent ideal, the current system generally appears to achieve its stated goals, under the corresponding assumptions […]

What the Assessments Say About the Swiss E-voting System

(Part 4 of a 5-part series starting here) In 2021 the Swiss government commissioned several in-depth technical studies of the Swiss Post E-voting system, by independent experts from academia and private consulting firms.  They sought to assess, does the protocol as documented guarantee the security called for by Swiss law (the “ordinance on electronic voting”, […]

How the Swiss Post E-voting system addresses client-side vulnerabilities

(Part 3 of a 5-part series starting here) In Part 1, I described how Switzerland decided to assess the security and accuracy of its e-voting system.  Swiss Post is the “vendor” developing the system, the Swiss cantons are the “customer” deploying it in their elections, and the Swiss Parliament and Federal Chancellery are the “regulators,”  […]