Electronic Voting in 2018: Threat or Menace presented at shmoocon 2018

by Matt Blaze, Harri Hursti, Margaret Macalpine, Joe Hall,

Summary : Modern electronic voting systems were introduced in the US at large scale after the passage of the 2002 Help America Vote Act. Almost from the moment they appeared, serious questions have been raised about the security and integrity of these systems. This talk will review the architecture of current E-voting systems, the security risks and attack surfaces inherent in these designs, the risks to back-end systems (which are often connected to the Internet), and viable alternatives that can mitigate these risks. In particular, we will review the findings of the two most comprehensive studies of E-voting systems done to date: the 2007 California and Ohio reviews (in which the authors participated) as well as the 2017 Defcon Voting Village (which the authors organized). We will also discuss how two important techniques–precinct-counted optical scan and risk limiting audits–can effectively mitigate many of the vulnerabilities inherent in e-voting.