Tag: electronic voting

Quebec moratorium on electronic voting – archived press releases

Quebec has a moratorium on electronic voting.  The main information pages are were:

UPDATE 2017-11-06: The above pages are not available any more, but there are copies in the Internet Archive


UPDATE 2017-11-09: Elections Quebec has confirmed to me that they have completely removed all information about electronic voting and the 2006 moratorium from their website.  This is an ongoing issue of web content where old content is simply removed, even if it is still vital (the 2006 moratorium is still in effect, and the issues with electronic voting are still vitally relevant in 2017).

I have rescued (to the extent that putting a page in the Internet Archive is a rescue) two more pages related to the moratorium, because they too will almost certainly disappear:


There is an accompanying extensive report in French only – Élections municipales de novembre 2005 : Rapport d’évaluation des nouveaux mécanismes de votation – octobre 2006 (PDF) – copy available in the Internet Archive.

There used to be four press releases (two in each official language) that accompanied the information pages.  Unfortunately those press releases have been archived.  Using my Pinboard cache plus Google and Bing caches I located copies of three of the pages; I have requested the text of the other one (Communiqué 2) although you can figure out its content based on Press Release 2.

Press Release 1

Evaluation Report of New Methods of Voting – The Chief Electoral Officer Makes a Disturbing Diagnosis of the Problems that Occurred during the Municipal Elections of November 6, 2005

October 24, 2006

Québec City, October 24, 2006 – Today, the Chief Electoral Officer of Québec, Me Marcel Blanchet, tabled in the National Assembly an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 Québec municipalities that used new methods of voting. One hundred and forty (140) municipalities used electronic voting while 22 “tested” the postal ballot. “The major problems that were encountered during polling and the release of results have eroded the confidence of many persons regarding the new methods of voting” recalled Me Blanchet. “It was in order to shed light on these events and determine what happened that I created an internal evaluation committee which conducted a review that is unprecedented in Québec.”

An In-depth Review that Used the Expertise of All those Concerned

The evaluation committee that reviewed the November 2005 polls examined:

– the written reports of 144 returning officers, three suppliers of electronic voting services and the supplier of postal ballot services;

– the complaints received by the Chief Electoral Officer following the elections, the motions presented before the courts, as well as judgements rendered by the courts.

The committee also met most of the returning officers as well as several stakeholders in person: services providers, experts, observers and complainants. It also reviewed the rejected ballot papers in seven municipalities, as well as technical audits of electronic ballot boxes and voting terminals used during the municipal elections. For this last stage, the evaluation committee called on the expertise of the Centre de recherche informatique de Montréal (CRIM).

The Problems Encountered in November 2005 are the Result of Many Circumstances

“We all remember the events that marked the municipal elections of November 6, 2005,” recalled the Chief Electoral Officer. “Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late.  The primary objective of our evaluation was not to point fingers since all those involved with the municipal elections of 2005 must share come responsibility for these problems,” explained Me Blanchet. “We are keen to understand certain situations and examine certain problems that arose primarily in order to be able to trace the path toward electronic ballots that, if maintained, should be marked by transparency and integrity that are at the heart of our democratic values,” declared the Chief Electoral Officer.

The root causes of the problems encountered by the various actors of the 2005 municipal elections, include the following:

  • an imprecise legislative and administrative framework that did not adequately assign roles and responsibilities or address the risks inherent in electronic voting;
  • absence of technical specifications, norms and standards that would have guaranteed the quality and the security of the voting systems used;
  • poor management of voting systems (especially lack of security measures) leaving a lot of room for errors, accidents and the absence or insufficiency of solutions in case of problems.

More specifically, it is possible to pinpoint a number of circumstances that increased the risks:

  • Voting machines, machines used for quality control of components and machines aimed at ensuring the security of the methods of voting and the integrity of the vote were not adequately tested.
  • In most cases, there was no backup plan covering all potential problems.
  • Procedures on how to use voting systems were not documented.
  • Due to the importance of the technical aspects of the vote, some returning officers had difficulty harmonizing their responsibilities with those of service providers, leading, for instance, to loopholes in the training of election staff
  • One of the suppliers overestimated its ability to simultaneously serve a large number of municipalities, particularly the largest municipalities.
  • This supplier probably delegated too much responsibility to sub-contractors (especially regarding training).
  • Imprecise contracts and incomplete specifications blurred the relationships between municipalities and their service providers.
  • There were no independent experts on electronic voting to whom returning officers could turn.

“Ten years of using electronic voting with no major problem, ten years of increasing satisfaction by municipalities who kept asking for it, had given some credibility to this new approach to holding elections,” surmised Me Blanchet. “What we experienced on November 6, 2005, and what our examination of the situation revealed, should convince us that this approach is more risky than earlier thought,” concluded the Chief Electoral Officer.

It is worth recalling that in Québec, a municipal election involves all democracy partners. Thus, under the Act Respecting Elections and Referendums in Municipalities, a Québec municipality that would like to hold an election using electronic voting or the postal ballot has to sign a memorandum of understanding with the minister of Municipal Affaires and Regions and the Chief Electoral Officer. The Act Respecting Elections and Referendums in Municipalities also states that it is a municipal actor, that is, the returning officer, who is in charge of the election and has responsibility for election operations, including honouring and administering the contract signed between his municipality and a supplier, for instance, of electronic voting systems. The Chief Electoral Officer, for his part, provides assistance to returning officers who so request and may, in keeping with his responsibilities and expertise in election matters, examine special situations and make recommendations.

Press Release 2

Evaluation Report of the New Methods of Voting – The Chief Electoral Officer Sets Very Stringent Conditions for the Future Use of Electronic Voting if it is Maintained

October 24, 2006

Québec City, October 24, 2006 – The review by the Chief Electoral Officer of the new methods of voting used during the municipal elections of November 6, 2005 leads him not only to question their value added, but to recommend very stringent conditions for the future use of electronic voting, if this method of voting is to be used again. In a report tabled today at the National Assembly, the Chief Electoral Officer, Me Marcel Blanchet, is very critical of the electronic voting systems that were used during last year’s municipal elections and on the manner in which they were used. In addition to noting that these systems did not seem to have lived up to expectations, he believes that electronic ballot boxes and voting terminals are vulnerable technologies. Furthermore, the manner in which they have been managed so far does not offer sufficient guarantees of transparency and security to ensure the integrity of the vote. As a result, the Chief Electoral Officer believes that it is up to the National Assembly to decide whether or not to maintain the use of these new methods of voting and that, for the time being, the moratorium on their use must be maintained.

“In its current form, the Act respecting elections and referendums in municipalities enables municipalities to decide whether to use a new method of voting during a general or by-election,” recalled Me Blanchet. “But after the evaluation that we have just conducted of electronic voting and the postal ballot, I am of the opinion that to reestablish the confidence that was eroded last November 6, major changes must be introduced to their legal and administrative framework, if they are to be maintained,” the Chief Electoral Officer stated. “The voting systems should be subjected to very high quality and security norms and standards before municipalities can use them again,” he added.

Revealing Tests and Audits

The recommendations regarding the future of electronic voting are based mainly on technical audits and tests conducted in collaboration with the Centre de recherche informatique de Montréal (CRIM) on the voting systems used during the last municipal elections. This detailed review was aimed at detecting the risks associated with the use of electronic ballot boxes and voting terminals.

The technical audits and tests helped to determine that electronic voting systems are exposed to many risks since they have limited or no formal protection and security measures, thus making them vulnerable to technological attacks. In addition, the systems are thus exposed to major service or network defects and breakdowns.

The review of the manner in which electronic ballot boxes and the voting terminals are tested, installed and managed during an election also reveals a lack of knowledge of voting system components, as well as lack of expertise by those involved with elections, including the service providers.

Modify the Framework and Implementation Method

Based on his evaluation of the new methods of voting in general and electronic voting systems in particular, that were used during the November 2005 elections, the Chief Electoral Officer recommends a modification of the framework governing their use and how they are implemented in Québec:

  • The legislation governing the use of these methods of voting must be reviewed and better defined, including the memoranda of understanding signed by the municipalities with the Chief Electoral Officer and the Minister of Municipal Affaires and Regions.
  • Rigorous technical specifications as well as security and reliability norms and standards must be adopted before any future use of a new method of voting. A group of experts must be created in this respect.
  • An independent authority must be vested with a mandate to monitor and the powers to audit and control the norms and standards related to the new methods of voting.

The Chief Electoral Officer also recommends that care should be taken to ensure that suppliers have the ability to offer their services to several municipalities simultaneously and suppliers should be required to sign more stringent contracts containing precise specifications regarding the professional services required and the voting systems used.

“The role and responsibilities of the Chief Electoral Officer, the Ministry of Municipal Affairs and Regions, returning officers and service providers must also be clarified, according to Me Marcel Blanchet, and it is definitely important for all these actors to receive in-depth training on the new methods of voting.”

As far as security is concerned, measures should be adopted in order to guarantee the integrity of the electoral process. For instance:

  • competent authorities should have access to the programming codes and source codes of the software used in the voting systems;
  • the implementation of mandatory and complete tests on all equipment to be used in an election;
  • the establishment of backup plans covering all potential problems;
  • the swearing in of all those responsible for programming and installing systems and software and providing technical support and troubleshooting;
  • the implementation of strict measures for the storage and safekeeping of systems used;
  • the adoption of measures aimed at ensuring that, after the election, the supplier destroys data recorded on the electronic voting systems.

To prevent the rejection of ballots by electronic ballot boxes, the Chief Electoral Officer also recommends the adoption of ballot papers similar to those used during traditional voting. In the case of voting terminals, these devices should be adapted to be able to do a recount.

As far as the postal ballot is concerned, the Chief Electoral Officer recommends especially that returning officers should adopt a model that is inspired from that used at the provincial level for voting by inmates and electors outside Québec. Thus, the systematic sending of voting kits to all electors domiciled in a municipality should be forbidden.

Communiqué 1

Rapport d’évaluation des nouveaux mécanismes de votation – Le DGE pose un diagnostic inquiétant sur les problèmes survenus lors des scrutins municipaux du 6 novembre 2005

24 octobre 2006

Québec, le 24 octobre 2006 – Le directeur général des élections du Québec, Me Marcel Blanchet, a déposé aujourd’hui à l’Assemblée nationale un rapport d’évaluation qui pose un diagnostic inquiétant sur les problèmes survenus lors des scrutins municipaux du 6 novembre 2005, dans un certain nombre des 162 municipalités du Québec ayant utilisé de nouveaux mécanismes de votation. 140 municipalités ont alors eu recours au vote électronique, alors que 22 municipalités ont « fait l’essai » du vote par courrier.  « Les problèmes importants qui ont marqué le déroulement des scrutins et la diffusion des résultats ont ébranlé la confiance de nombreuses personnes à l’égard des nouveaux mécanismes de votation » a rappelé Me Blanchet. « C’est pour faire la lumière sur ces événements et établir les faits que j’ai formé un comité d’évaluation interne, lequel a réalisé un examen sans précédent au Québec. »

Une évaluation approfondie qui a mis l’ensemble des acteurs à contribution

Le comité d’évaluation qui s’est penché sur les scrutins de novembre 2005 a examiné :

– les rapports écrits de 144 présidentes et présidents d’élection et ceux des trois fournisseurs de services de vote électronique et du fournisseur de services de vote par courrier;

– les plaintes reçues par le Directeur général des élections (DGE) à la suite des scrutins, de même que les requêtes présentées devant les tribunaux, ainsi que les jugements rendus par ces derniers.

Le comité a également rencontré en personne la grande majorité des présidentes et présidents d’élection, ainsi que plusieurs intervenants : fournisseurs de services, experts, observateurs et plaignants.  Il a en outre réalisé une étude des bulletins de vote rejetés dans sept municipalités, ainsi que des audits techniques des urnes électroniques et des terminaux de votation utilisés lors des élections municipales.  Pour cette dernière étape, le comité d’évaluation a eu recours à l’expertise du Centre de recherche informatique de Montréal (CRIM).

Les problèmes survenus en novembre 2005 sont le fruit d’un ensemble de circonstances

«  Nous nous souvenons tous des événements qui ont marqué les scrutins municipaux du 6 novembre dernier », a rappelé le directeur général des élections.   « Non seulement des systèmes ont fait défaut, mais les correctifs proposés étaient insuffisants, mal adaptés et souvent tardifs.  Le premier  objectif de notre évaluation n’a  pas été d’identifier un responsable plutôt qu’un autre de ces difficultés, puisque tous les acteurs des scrutins municipaux de 2005 doivent partager une certaine responsabilité », a précisé Me Blanchet.  « Si nous avons voulu comprendre certaines situations et nous pencher sur certains problèmes, c’était avant tout pour être en mesure de tracer la voie vers des scrutins électroniques qui, s’ils sont maintenus, devraient être marqués par la transparence et l’intégrité qui sont au centre de nos valeurs démocratiques », a affirmé le DGE.

À la base des dérapages constatés par les différents acteurs des scrutins municipaux de 2005, il faut souligner :

  • un encadrement législatif et administratif qui manquait de précision, notamment en ce qui a trait aux rôles et aux responsabilités de chacun et aux risques inhérents au vote électronique;
  • une absence de spécifications techniques, de normes et de standards qui auraient garanti la qualité et la sécurité des systèmes de votation utilisés;
  • des façons de gérer les systèmes de votation (notamment l’insuffisance des mesures de sécurité) qui favorisaient les erreurs, les accidents de parcours et l’absence ou l’insuffisance des solutions en cas de problèmes.

De façon plus spécifique, il est possible de pointer du doigt un certain nombre de circonstances qui ont augmenté les risques :

  • Il y a eu insuffisance de tests réalisés sur les appareils de votation, de contrôles de qualité des composantes des systèmes et de mesures de sécurité visant à protéger les mécanismes de votation et par conséquent, l’intégrité du vote.
  • Dans la plupart des cas, il y a eu absence d’un plan de relève couvrant l’ensemble des problèmes potentiels;
  • Les processus quant à l’utilisation des systèmes de votation n’étaient pas documentés;
  • En raison de l’importance des aspects techniques du vote, certains présidents d’élection ont eu du mal à arrimer leurs responsabilités à celles des fournisseurs de services, ce qui a causé, par exemple, des lacunes en ce qui a trait à la formation du personnel électoral.
  • L’un des fournisseurs a surestimé sa capacité à desservir simultanément un grand nombre de municipalités, et particulièrement les plus importantes.
  • Ce fournisseur a probablement délégué trop de responsabilités à des sous-contractants (particulièrement en ce qui a trait à la formation).
  • Des contrats parfois imprécis et des devis incomplets ont balisé les relations entre les municipalités et leurs fournisseurs de services.
  • On a noté l’absence d’une expertise indépendante spécialisée en matière de vote électronique, à laquelle les présidents d’élection auraient pu avoir recours.

« Dix  ans d’utilisation du vote électronique sans problème majeur, dix ans de satisfaction croissante de municipalités qui en redemandaient, avaient donné une certaine crédibilité à cette nouvelle façon de tenir des élections », a estimé Me Blanchet.  « Ce que nous avons vécu le 6 novembre 2005 et ce que notre examen de la situation nous révèle, devrait nous convaincre que cette voie était beaucoup plus hasardeuse que l’on pouvait le croire », a conclu le directeur général des élections.

Rappelons qu’une élection municipale, au Québec, c’est l’affaire d’un ensemble de partenaires de la démocratie.  Ainsi, en vertu de la Loisur les élections et les référendums dans les municipalités (LERM), une municipalité québécoise qui désire tenir un scrutin avec le vote électronique ou le vote par courrier doit signer un protocole d’entente avec la ministre des Affaires municipales et des Régions et le Directeur général des élections.  La LERM prévoit en outre que c’est un acteur municipal, le président d’élection, qui est le maître d’œuvre du scrutin et a la responsabilité des opérations électorales, ce qui inclut le respect et l’administration du contrat conclu entre sa municipalité et un fournisseur, par exemple, de systèmes de vote électronique.  Le DGE, pour sa part, fournit de l’assistance aux présidents d’élection qui en font la demande et peut, en vertu de ses responsabilités et de son expertise en matière électorale, examiner des situations particulières et faire des recommandations.

Online course about Internet voting security risks

The free online Coursera course Securing Digital Democracy is about “the security risks–and future potential — of electronic voting and Internet voting”.

The next session starts November 28, 2016.


The course is taught by J. Alex Halderman.  You can find out more about him in my list of computer science experts


Internet voting and computer security expertise

There are people trained in computer science, computer security and/or voting technology who can bring evidence and experience to any analysis of online voting.  Canadians first but otherwise no particular order.




Barbara Simons

Ph.D. in computer science from the University of California, Berkeley

Barbara Simons is a computer scientist and past president of the Association for Computing Machinery (ACM). She is founder and former Chair of USACM, the ACM U.S. Public Policy Committee. Her main areas of research are compiler optimization and scheduling theory. Together with Douglas W. Jones, Simons co-authored a book on electronic voting entitled Broken Ballots.

Key documents:

Key videos:


Twitter: not an active personal Twitter user, however there are tweets from book account @BrokenBallots

Konstantin Beznosov

Ph.D. in Computer Science from Florida International University

Dr. Beznosov served on the BC Independent Panel on Internet Voting

Konstantin (Kosta) Beznosov is a Professor at the Department of Electrical and Computer Engineering, University of British Columbia (UBC), Vancouver, where he founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).  His primary research interests are distributed systems security, usable  security, secure software engineering, and access control.

Key documents: British Columbia Independent Panel on Internet VotingRecommendations Report (PDF)


Twitter: not an active Twitter user

Valerie King

Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley

Dr. King served on the BC Independent Panel on Internet Voting

Valerie King is Professor of Computer Science at the University of Victoria and has been a faculty member there since 1992.  She received an A.B. degree in Mathematics from Princeton University and a Ph.D. in Computer Science and a J.D., both from the University of California at Berkeley.  She was a post-doctoral fellow at the University of Toronto and Princeton University, a Research Scientist at NECI, Compaq SRC and HP Labs, a Visiting Researcher at Microsoft Research SVC, and a Visiting Professor at the University of Copenhagen and Hebrew University.

Key documents: British Columbia Independent Panel on Internet VotingRecommendations Report (PDF)


Jeremy Clark

Ph.D. in computer science from the University of Waterloo

Assistant professor at the Concordia Institute for Information Systems Engineering

Key document: City of Toronto RFP #3405-13-3197 – Internet Voting for Persons with Disabilities – Security Assessment of Vendor Proposals (PDF, Internet Archive)

Website: http://users.encs.concordia.ca/~clark/
Twitter: @pulpspy

Aleksander Essex

Ph.D. in computer science from the University of Waterloo

Assistant professor of software engineering in the Department of Electrical and Computer Engineering at Western University

Key document: City of Toronto RFP #3405-13-3197 – Internet Voting for Persons with Disabilities – Security Assessment of Vendor Proposals (PDF, Internet Archive)


Twitter: @aleksessex

J. Alex Halderman

Ph.D. in Computer Science, Princeton University

Dr. Halderman has extensive expertise in examining Internet voting systems, including Estonia’s system

J. Alex Halderman is an assistant professor of Computer Science and Engineering at the University of Michigan, where his research spans applied computer security and tech-centric public policy. Halderman has studied topics ranging from web security, data privacy, digital-rights management, and cybercrime to technological aspects of intellectual-property law and government regulation. He is known for helping to introduce the ”cold-boot attack,” which breaks encryption by literally freezing a computer’s memory, and for exposing Sony’s rootkit digital-rights management and other harmful copy-protection technologies. A noted expert on electronic voting security, Halderman demonstrated the first voting-machine virus and helped lead California’s ”top-to-bottom” electronic-voting review. He has uncovered vulnerabilities in numerous deployed voting systems. He holds a Ph.D. from Princeton University.

Key quotes:

Key documents:

Key videos:


Twitter: not an active Twitter user

David Dill

Ph.D. in Computer Science, Carnegie-Mellon University

David Dill is Professor Emeritus of Computer Science at Stanford University.  Dr. Dill retired from Stanford in 2017.  He was named a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2001 for his contributions to verification of circuits and systems, and a Fellow of the ACM in 2005 for contributions to system verification and for leadership in the development of verifiable voting systems. In 2008, he received the first “Computer-Aided Verification” award, with Rajeev Alur, for fundamental contributions to the theory of real-time systems verification. In 2013, he was elected to the National Academy of Engineering and the American Academy of Arts and Sciences.

He has been on the faculty at Stanford since 1987. He has an S.B. in Electrical Engineering and Computer Science from Massachusetts Institute of Technology (1979), and an M.S and Ph.D. from Carnegie-Mellon University (1982 and 1987).

Prof. Dill has been working actively on policy issues in voting technology since 2003. He is the author of the “Resolution on Electronic Voting”, which calls for a voter-verifiable audit trail on all voting equipment, and which has been endorsed by thousands of people, including many of the top computer scientists in the U.S. He has testified on electronic voting before the U.S. Senate and the Commission on Federal Election Reform, co-chaired by Jimmy Carter and James Baker III. He is the founder of the Verified Voting Foundation and VerifiedVoting.org and is on the board of those organizations. In 2004, he received the Electronic Frontier Foundation’s “Pioneer Award” for “for spearheading and nurturing the popular movement for integrity and transparency in modern elections.”

Key quotes:

  • elections must feature “non-coercibility” … “The system goes to great lengths to destroy the link between my name and the ballot that I cast.  That’s a property that’s special to elections that almost no other system of electronic transactions deals with in the U.S.” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016
  • “From the perspective of election trustworthiness, Internet voting is a complete disaster.” – from Stanford Engineering News – Why Online Voting Is a Danger to Democracy – June 3, 2016
  • “Basically, [online voting] relies on the user’s computer being trustworthy. If a virus can intercept a vote at keyboard or screen, there is basically no defense.” – from MIT Technology ReviewWhy You Can’t Vote Online – November 5, 2012

Key documents:


Avi Rubin

Ph.D., Computer Science and Engineering, University of Michigan

Avi Rubin is Professor of Computer Science at Johns Hopkins University and Technical Director of the JHU Information Security Institute. His primary research area is Computer Security, and his latest research focuses on security for healthcare IT systems. He is Director of the Health and Medical Security (HMS) Lab at Johns Hopkins. He also founded Harbor Labs, a company that provides security consulting, professional training, and technical expertise and testimony in high tech litigation.

He is a frequent speaker on Information Security. Some highlights include TED talks in October, 2011 and September, 2015 about hacking devices, a TED Youth talk, testimony in Congressional hearings, and a high level security briefing at the Pentagon to the Assistant Secretary of the Army and a group of generals.  Authored a book on electronic voting entitled Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.

Key quotes:

Key documents:


Twitter: @avirubin

David Jefferson

Ph.D. in Computer Science from Carnegie-Mellon University

David Jefferson is computer scientist in the Center for Applied Scientific Computing, where he works on parallel entity-based simulation. He is interested in scalable parallel “middleware” supporting high-performance computing applications, including scalable operating system and communication software, discrete simulation engines, Java platforms, load balancing, checkpointing, performance instrumentation.

David has served (and continues to serve) on a number of government panels at the state and federal levels, advising on election security issues, especially with regard to electronic and Internet voting. He also sits on the board of directors of the California Voter Foundation.

Key quotes:

  • “We do not know how to build an internet voting system that has all of the security and privacy and transparency and verifiability properties that a national security application like voting has to have” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016
  • “Internet voting is a serious threat to national security. Neither the U.S. nor any other democratic country should open the door to Internet voting — not now, and not in the foreseeable future — until such distant time as all of the fundamental security problems are satisfactorily resolved.” – from Lawrence Livermore National Laboratory News – Security risks and privacy issues are too great for moving the ballot box to the Internet – March 10, 2015


Twitter: not an active Twitter user

Ron Rivest

Ph.D. in Computer Science from Stanford University

Ron Rivest is a cryptographer and an Institute Professor at MIT. He is a member of MIT’s Department of Electrical Engineering and Computer Science (EECS) and a member of MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). He was a member of the Election Assistance Commission’s Technical Guidelines Development Committee, tasked with assisting the EAC in drafting the Voluntary Voting System Guidelines.

Rivest is one of the inventors of the RSA algorithm (along with Adi Shamir and Len Adleman). He is the inventor of the symmetric key encryption algorithms RC2, RC4, RC5, and co-inventor of RC6. The “RC” stands for “Rivest Cipher”, or alternatively, “Ron’s Code”.

Rivest is a member of the National Academy of Engineering, the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptologic Research, and the American Academy of Arts and Sciences. Together with Adi Shamir and Len Adleman, he has been awarded the 2000 IEEE Koji Kobayashi Computers and Communications Award and the Secure Computing Lifetime Achievement Award. He also shared with them the Turing Award.

Key quotes:

  • “We do need to be concerned about the integrity of our voting systems in the face of possible attacks by foreign nation-states.” – from Boston Globethe hacking of an American election – July 27, 2016
  • “Vendors may come and they may say they’ve solved the Internet voting problem for you, but I think that, by and large, they are misleading you, and misleading themselves as well.” – from MIT Technology ReviewWhy You Can’t Vote Online – November 5, 2012

Key documents:


Twitter: not active on Twitter

Andrew Appel

PhD in computer science from Carnegie Mellon University

Andrew W. Appel is Eugene Higgins Professor of Computer Science at Princeton University, where he has been on the faculty since 1986. He served as Department Chair from 2009-2015. His research is in software verification, computer security, programming languages and compilers, and technology policy. He received his A.B. summa cum laude in physics from Princeton in 1981, and his PhD in computer science from Carnegie Mellon University in 1985. He has been Editor in Chief of ACM Transactions on Programming Languages and Systems and is a Fellow of the ACM (Association for Computing Machinery). He has worked on fast N-body algorithms (1980s), Standard ML of New Jersey (1990s), Foundational Proof-Carrying Code (2000s), and the Verified Software Toolchain (2010s).

Key documents:

Key videos:


Bruce Schneier

Master’s in Computer Science from American University in Washington, DC

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 13 books–including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press.  Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org; and a special advisor to IBM Security.

Key quotes:

  • “Everything we know about voting machines, electronic ones, computerized ones is they’re not very secure. They’re not tested. They’re not designed rigorously. And in many cases there’s no way to detect or recover from fraud.” – from NPR Science Friday (audio) – How Secure Are U.S. Voting Systems? – August 5, 2016

Key documents:


Twitter: the automatic (non-interactive) account @schneierblog tweets links to new blog entries on his website

Vanessa Teague

Ph.D. in computer science (cryptography and game theory) from Stanford University

Her main research interest is in electronic voting, with a focus on cryptographic schemes for end-to-end verifiable elections and a special interest in complex voting schemes such as STV. She was a major contributor to the Victorian Electoral Commission’s end-to-end verifiable electronic voting project, the first of its kind to run at a state level anywhere in the world, joint work with Chris Culnane, Peter Ryan and Steve Schneider. She discovered, with Alex Halderman, serious security vulnerabilities in the NSW iVote Internet voting system.

She has been invited to appear before several Australian parliamentary inquiries into elections at the state and federal level, to answer questions on electronic voting.

She is on the advisory board of Verifiedvoting.org and has been co-chair of the USENIX Electronic Voting Technologies Workshop and the International conference on E-voting and identity.

Key quotes:

  • “Voting over the Internet is a really bad idea. We haven’t yet solved important issues like authentication, dealing with malware, ensuring privacy and allowing voters to verify their votes.” – from USA TodayInternet voting is just too hackable, say security experts – January 28, 2016

Key documents:


Joe Kiniry

Ph.D. in Computer Science from the California Institute of Technology

Dr. Kiniry is the CEO and Chief Scientist of Free & Fair, a Galois spin-out focusing on high-assurance elections technologies and services.  He is also the Research Lead at Galois of several programs: Rigorous Software Engineering, Verifiable Elections, High-assurance Cryptography, and Audits-for-Good.

Prior to joining Galois in 2014, Dr. Kiniry was a Full Professor at the Technical University of Denmark (DTU). There, he was the Head of DTU’s Software Engineering section. Dr. Kiniry also held a guest appointment at the IT University of Copenhagen. Over the past decade, he has held permanent positions at four universities in Denmark, Ireland, and The Netherlands.

Dr. Kiniry has around fifteen years experience in the design, development, support, and auditing of supervised and internet/remote electronic voting systems while he was a professor at various universities in Europe. He co-led the DemTech research group at the IT University of Copenhagen and has served as an adviser to the Dutch, Irish, and Danish governments in matters relating to electronic voting.  He now advises the U.S. government on these matters via his participation in the EAC-NIST VVSG public working groups.

Key quotes:

  • “The tricky bit for people to grasp is that the set of requirements around elections look and taste different than any other modern online system.” – from The Daily Dot – Online voting is a cybersecurity nightmare – by Eric Geller – June 6, 2016

Twitter: @kiniry

Jeremy Epstein

Master’s in Computer Sciences from Purdue University

Mr. Epstein is Deputy Division Director of US National Science Foundation Computer and Information Science and Engineering (CISE)/Division of Computer and Network Systems (CNS), where he oversees research in a range of computer science programs, including cybersecurity, cyber physical systems, smart and connected communities, computer systems, networking, computer science education, technology transition, and other assorted topics.

Previously a senior computer scientist with SRI International in Arlington, Virginia. At SRI, he has been principal investigator on the NSF-funded ACCURATE research program (www.accurate-voting.org) and supported the Department of Homeland Security Science & Technology cybersecurity research program. He is also a member of the US Election Assistance Commission’s Voting Security Risk Assessment (VSRA) team. Prior to joining SRI, Jeremy spent almost nine years as head of product security for Software AG, a global business software company.

Key quotes:

Key documents:


Expanded from original on legacy blog http://papervotecanada.blogspot.ca/2016/08/online-voting-and-computer-security.html