October 18, 2018

Google Glass vuln in QR codes and ballot marking applications

Reading recently about a vulnerability in Google Glass that can be exploited if a victim takes a picture of a malicious QR code made me think about one of the current trends in absentee balloting. A number of localities in the US are trying out absentee ballot schemes where a voter goes to a website and makes his/her choices through a web form, then prints out a ballot that contains his/her choices as a marked ballot plus a barcode (typically a 2D QR code). The ballot is then mailed back to the locality with whatever signature forms are required. When the ballot arrives at the locality, election officials scan the QR code to duplicate the ballot showing the voter’s choices, (hopefully) compare that the voter selections actually match the marks, and then the ballot goes forward. (Commercial products with this feature include Everyone Counts and Scytl.)
[Read more…]

"E-Voting: Risk and Opportunity" Live Stream Tomorrow at 1:30pm Eastern

Despite the challenges due to Hurricane Sandy earlier this week, the Center for Information Technology Policy at Princeton is still hosting “E-Voting: Risk and Opportunity,” a live streamed symposium on the state and future of voting technology. At 1:30pm (Eastern) on November 1, 2012, electronic voting experts from across the United States will discuss what to expect on Election Day, how we might build a secure, convenient, high-tech voting system of the future, and what policymakers should be doing. The current U.S. e-voting system is a patchwork of locally implemented technologies and procedures — with varying degrees of reliability, usability, and security. Different groups have advocated for improved systems, better standards, and new approaches like internet-based voting. Panelists will discuss these issues and more, with a keynote by Professor Ron Rivest. You can watch the event streamed live at https://citp.princeton.edu.

Date: Thursday, November 1, 2012
Time: 1:30 PM – 5:00 PM (Eastern)
Location: streaming online at https://citp.princeton.edu
Hashtag: ask questions and add comments via Twitter at #PrincetonEvoting

Archived video now available:

Which States have the Highest Risk of an E-Voting Meltdown?

This post is joint work by Joshua Kroll, Ian Davey, Alex Halderman, and Ed Felten.

Computer scientists, including us, have long been skeptical of electronic voting systems. E-voting systems are computers, with all of the attendant problems. If something goes wrong, can the problem be detected? Can it be fixed? Some e-voting systems are much riskier than others.

As the 2012 Presidential election approaches, we decided to evaluate the risk of a “meltdown scenario” in which problems with electronic voting equipment cause a state to cast the deciding electoral college vote that would flip the election winner from one candidate to the other. We’re interested in the risk of these technological problems, weighted by the relative voting power of each voter. So for example, here in New Jersey we use direct-recording electronic voting machines that have been found by a court to be inadequate, but with Obama polling at +14% it’s not likely that a snafu with these machines could change the entire state’s outcome. But in swing states that poll closer to even, like Virginia (where your voting machines can be modified to play Pac-Man), an electronic voting mix-up could have a much bigger impact. So, which states have the greatest risk of an e-voting meltdown affecting the result of the 2012 Presidential election?

[Read more…]