Internet voting and computer security expertise

There are people trained in computer science, computer security and/or voting technology who can bring evidence and experience to any analysis of online voting.  Canadians first but otherwise no particular order.

CANADA

USA

AUSTRALIA

Barbara Simons

Ph.D. in computer science from the University of California, Berkeley

Barbara Simons is a computer scientist and past president of the Association for Computing Machinery (ACM). She is founder and former Chair of USACM, the ACM U.S. Public Policy Committee. Her main areas of research are compiler optimization and scheduling theory. Together with Douglas W. Jones, Simons co-authored a book on electronic voting entitled Broken Ballots.

Key documents:

Key videos:

Websites:

Twitter: not an active personal Twitter user, however there are tweets from book account @BrokenBallots

Konstantin Beznosov

Ph.D. in Computer Science from Florida International University

Dr. Beznosov served on the BC Independent Panel on Internet Voting

Konstantin (Kosta) Beznosov is a Professor at the Department of Electrical and Computer Engineering, University of British Columbia (UBC), Vancouver, where he founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).  His primary research interests are distributed systems security, usable  security, secure software engineering, and access control.

Key documents: British Columbia Independent Panel on Internet VotingRecommendations Report (PDF)

Websites:

Twitter: not an active Twitter user

Valerie King

Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley

Dr. King served on the BC Independent Panel on Internet Voting

Valerie King is Professor of Computer Science at the University of Victoria and has been a faculty member there since 1992.  She received an A.B. degree in Mathematics from Princeton University and a Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley.  She was a post-doctoral fellow at the University of Toronto and Princeton University, a Research Scientist at NECI, Compaq SRC and HP Labs, a Visiting Researcher at Microsoft Research SVC, and a Visiting Professor at the University of Copenhagen and Hebrew University.

Key documents: British Columbia Independent Panel on Internet VotingRecommendations Report (PDF)

Website:

Jeremy Clark

Ph.D. in computer science from the University of Waterloo

Assistant professor at the Concordia Institute for Information Systems Engineering

Key document: City of Toronto RFP #3405-13-3197 – Internet Voting for Persons with Disabilities – Security Assessment of Vendor Proposals (PDF, Internet Archive)

Website: http://users.encs.concordia.ca/~clark/
Twitter: @pulpspy

Aleksander Essex

Ph.D. in computer science from the University of Waterloo

Assistant professor of software engineering in the Department of Electrical and Computer Engineering at Western University

Key document: City of Toronto RFP #3405-13-3197 – Internet Voting for Persons with Disabilities – Security Assessment of Vendor Proposals (PDF, Internet Archive)

Websites:

Twitter: @aleksessex

J. Alex Halderman

Ph.D. in Computer Science, Princeton University

Dr. Halderman has extensive expertise in examining Internet voting systems, including Estonia’s system

J. Alex Halderman is an assistant professor of Computer Science and Engineering at the University of Michigan, where his research spans applied computer security and tech-centric public policy. Halderman has studied topics ranging from web security, data privacy, digital-rights management, and cybercrime to technological aspects of intellectual-property law and government regulation. He is known for helping to introduce the ”cold-boot attack,” which breaks encryption by literally freezing a computer’s memory, and for exposing Sony’s rootkit digital-rights management and other harmful copy-protection technologies. A noted expert on electronic voting security, Halderman demonstrated the first voting-machine virus and helped lead California’s ”top-to-bottom” electronic-voting review. He has uncovered vulnerabilities in numerous deployed voting systems. He holds a Ph.D. from Princeton University.

Key quotes:

Key documents:

Key videos:

Websites:

Twitter: not an active Twitter user

David Dill

Ph.D. in Computer Science, Carnegie-Mellon University

David Dill is Professor Emeritus of Computer Science at Stanford University.  Dr. Dill retired from Stanford in 2017.  He was named a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2001 for his contributions to verification of circuits and systems, and a Fellow of the ACM in 2005 for contributions to system verification and for leadership in the development of verifiable voting systems. In 2008, he received the first “Computer-Aided Verification” award, with Rajeev Alur, for fundamental contributions to the theory of real-time systems verification. In 2013, he was elected to the National Academy of Engineering and the American Academy of Arts and Sciences.

He has been on the faculty at Stanford since 1987. He has an S.B. in Electrical Engineering and Computer Science from Massachusetts Institute of Technology (1979), and an M.S and Ph.D. from Carnegie-Mellon University (1982 and 1987).

Prof. Dill has been working actively on policy issues in voting technology since 2003. He is the author of the “Resolution on Electronic Voting”, which calls for a voter-verifiable audit trail on all voting equipment, and which has been endorsed by thousands of people, including many of the top computer scientists in the U.S. He has testified on electronic voting before the U.S. Senate and the Commission on Federal Election Reform, co-chaired by Jimmy Carter and James Baker III. He is the founder of the Verified Voting Foundation and VerifiedVoting.org and is on the board of those organizations. In 2004, he received the Electronic Frontier Foundation’s “Pioneer Award” for “for spearheading and nurturing the popular movement for integrity and transparency in modern elections.”

Key quotes:

  • elections must feature “non-coercibility” … “The system goes to great lengths to destroy the link between my name and the ballot that I cast.  That’s a property that’s special to elections that almost no other system of electronic transactions deals with in the U.S.” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016
  • “From the perspective of election trustworthiness, Internet voting is a complete disaster.” – from Stanford Engineering News – Why Online Voting Is a Danger to Democracy – June 3, 2016
  • “Basically, [online voting] relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense.” – from MIT Technology ReviewWhy You Can’t Vote Online – November 5, 2012

Key documents:

Websites:

Avi Rubin

Ph.D., Computer Science and Engineering, University of Michigan

Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. His primary research area is Computer Security, and his latest research focuses on security for healthcare IT systems. He is Director of the Health and Medical Security (HMS) Lab at Johns Hopkins. He also founded Harbor Labs, a company that provides security consulting, professional training, and technical expertise and testimony in high tech litigation.

He is a frequent speaker on Information Security. Some highlights include TED talks in October, 2011 and September, 2015 about hacking devices, a TED Youth talk, testimony in Congressional hearings, and a high level security briefing at the Pentagon to the Assistant Secretary of the Army and a group of generals.  Authored a book on electronic voting entitled Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.

Key quotes:

Key documents:

Websites:

Twitter: @avirubin

David Jefferson

Ph.D. in Computer Science from Carnegie-Mellon University

David Jefferson is computer scientist in the Center for Applied Scientific Computing, where he works on parallel entity-based simulation. He is interested in scalable parallel “middleware” supporting high-performance computing applications, including scalable operating system and communication software, discrete simulation engines, Java platforms, load balancing, checkpointing, performance instrumentation.

David has served (and continues to serve) on a number of government panels at the state and federal levels, advising on election security issues, especially with regard to electronic and Internet voting. He also sits on the board of directors of the California Voter Foundation.

Key quotes:

  • “We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016
  • “Internet voting is a serious threat to national security. Neither the U.S. nor any other democratic country should open the door to Internet voting — not now, and not in the foreseeable future — until such distant time as all of the fundamental security problems are satisfactorily resolved.” – from Lawrence Livermore National Laboratory News – Security risks and privacy issues are too great for moving the ballot box to the Internet – March 10, 2015

Website:

Twitter: not an active Twitter user

Ron Rivest

Ph.D. in Computer Science from Stanford University

Ron Rivest is a cryptographer and an Institute Professor at MIT. He is a member of MIT’s Department of Electrical Engineering and Computer Science (EECS) and a member of MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). He was a member of the Election Assistance Commission’s Technical Guidelines Development Committee, tasked with assisting the EAC in drafting the Voluntary Voting System Guidelines.

Rivest is one of the inventors of the RSA algorithm (along with Adi Shamir and Len Adleman). He is the inventor of the symmetric key encryption algorithms RC2, RC4, RC5, and co-inventor of RC6. The “RC” stands for “Rivest Cipher”, or alternatively, “Ron’s Code”.

Rivest is a member of the National Academy of Engineering, the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptologic Research, and the American Academy of Arts and Sciences. Together with Adi Shamir and Len Adleman, he has been awarded the 2000 IEEE Koji Kobayashi Computers and Communications Award and the Secure Computing Lifetime Achievement Award. He also shared with them the Turing Award.

Key quotes:

  • “We do need to be concerned about the integrity of our voting systems in the face of possible attacks by foreign nation-states.” – from Boston Globethe hacking of an American election – July 27, 2016
  • “Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well.” – from MIT Technology ReviewWhy You Can’t Vote Online – November 5, 2012

Key documents:

Websites:

Twitter: not active on Twitter

Andrew Appel

PhD in computer science from Carnegie Mellon University

Andrew W. Appel is Eugene Higgins Professor of Computer Science at Princeton University, where he has been on the faculty since 1986. He served as Department Chair from 2009-2015. His research is in software verification, computer security, programming languages and compilers, and technology policy. He received his A.B. summa cum laude in physics from Princeton in 1981, and his PhD in computer science from Carnegie Mellon University in 1985. He has been Editor in Chief of ACM Transactions on Programming Languages and Systems and is a Fellow of the ACM (Association for Computing Machinery). He has worked on fast N-body algorithms (1980s), Standard ML of New Jersey (1990s), Foundational Proof-Carrying Code (2000s), and the Verified Software Toolchain (2010s).

Key documents:

Key videos:

Websites:

Bruce Schneier

Master’s in Computer Science from American University in Washington, DC

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 13 books–including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press.  Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org; and a special advisor to IBM Security.

Key quotes:

  • “Everything we know about voting machines, electronic ones, computerized ones is they’re not very secure. They’re not tested. They’re not designed rigorously. And in many cases there’s no way to detect or recover from fraud.” – from NPR Science Friday (audio) – How Secure Are U.S. Voting Systems? – August 5, 2016

Key documents:

Websites:

Twitter: the automatic (non-interactive) account @schneierblog tweets links to new blog entries on his website

Vanessa Teague

Ph.D. in computer science (cryptography and game theory) from Stanford University

Her main research interest is in electronic voting, with a focus on cryptographic schemes for end-to-end verifiable elections and a special interest in complex voting schemes such as STV. She was a major contributor to the Victorian Electoral Commission’s end-to-end verifiable electronic voting project, the first of its kind to run at a state level anywhere in the world, joint work with Chris Culnane, Peter Ryan and Steve Schneider. She discovered, with Alex Halderman, serious security vulnerabilities in the NSW iVote Internet voting system.

She has been invited to appear before several Australian parliamentary inquiries into elections at the state and federal level, to answer questions on electronic voting.

She is on the advisory board of Verifiedvoting.org and has been co-chair of the USENIX Electronic Voting Technologies Workshop and the International conference on E-voting and identity.

Key quotes:

  • “Voting over the Internet is a really bad idea. We haven’t yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes.” – from USA TodayInternet voting is just too hackable, say security experts – January 28, 2016

Key documents:

Website:

Joe Kiniry

Ph.D. in Computer Science from the California Institute of Technology

Dr. Kiniry is the CEO and Chief Scientist of Free & Fair, a Galois spin-out focusing on high-assurance elections technologies and services.  He is also the Research Lead at Galois of several programs: Rigorous Software Engineering, Verifiable Elections, High-assurance Cryptography, and Audits-for-Good.

Prior to joining Galois in 2014, Dr. Kiniry was a Full Professor at the Technical University of Denmark (DTU). There, he was the Head of DTU’s Software Engineering section. Dr. Kiniry also held a guest appointment at the IT University of Copenhagen. Over the past decade, he has held permanent positions at four universities in Denmark, Ireland, and The Netherlands.

Dr. Kiniry has around fifteen years experience in the design, development, support, and auditing of supervised and internet/remote electronic voting systems while he was a professor at various universities in Europe. He co-led the DemTech research group at the IT University of Copenhagen and has served as an adviser to the Dutch, Irish, and Danish governments in matters relating to electronic voting.  He now advises the U.S. government on these matters via his participation in the EAC-NIST VVSG public working groups.

Key quotes:

  • “The tricky bit for people to grasp is that the set of requirements around elections look and taste different than any other modern online system.” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016

Twitter: @kiniry

Jeremy Epstein

Master’s in Computer Sciences from Purdue University

Mr. Epstein is Deputy Division Director of US National Science Foundation Computer and Information Science and Engineering (CISE)/Division of Computer and Network Systems (CNS), where he oversees research in a range of computer science programs, including cybersecurity, cyber physical systems, smart and connected communities, computer systems, networking, computer science education, technology transition, and other assorted topics.

Previously a senior computer scientist with SRI International in Arlington, Virginia. At SRI, he has been principal investigator on the NSF-funded ACCURATE research program (www.accurate-voting.org) and supported the Department of Homeland Security Science & Technology cybersecurity research program. He is also a member of the US Election Assistance Commission’s Voting Security Risk Assessment (VSRA) team. Prior to joining SRI, Jeremy spent almost nine years as head of product security for Software AG, a global business software company.

Key quotes:

Key documents:

Websites:

Expanded from original on legacy blog http://papervotecanada.blogspot.ca/2016/08/online-voting-and-computer-security.html