Election auditing verifies that the systems and procedures work as intended, and that the votes have been counted correctly. If a problem arises, forensic techniques enable auditors to determine what happened and how to compensate if possible. Current audit trails record incomplete information, or unnecessary information, thereby hindering validation of the election results and the correctness of the process, and determination of the causes and effects of problems. Complicating both tasks is that the audit trails enabling analysis of failures may contain information that either exposes the identity of the voter (enabling voter coercion, for example); or that communicates a message to a third party (enabling vote selling). The goal of this project is to determine the information needed to assess whether the election process in general, and e-voting machines in particular, operate with the desired degree of assurance, especially with respect to anonymity and privacy. This project also seeks to describe the requirements that an infrastructure supporting e-voting machines must meet. It reflects a novel approach to discovering, analyzing, and balancing security, auditability, privacy, and anonymity in a real environment. Real election processes in California will be used to test practicality of the approach and dissemination of knowledge. Given the involvement of the election officials, and the analysis of real voting procedures and systems, the anticipated outcome of this project include a better understanding of auditing requirements and processes for elections by voting machine manufacturers, election officials, forensic analysts, and researchers.
Auditing Voting Systems While Preserving Secrecy and Anonymity