Public confidence in voting technologies has been badly shaken over the past years by, amongst other events, the problems with the 2000 and 2004 US presidential elections, the 2007 French presidential election, and the 2007 electronic counting in Scotland. Serious vulnerabilities have been exposed in all currently deployed electronic voting and counting systems. Many of these systems use proprietary, protected code, and the voters and election officials are expected to take assurances of the suppliers and certifiers on trust.
Designing Voting systems that provide high levels of assurance of accuracy and ballot secrecy with minimal trust assumptions is immensely challenging. The requirements of accuracy and auditability are in direct conflict with those of ballot secrecy. Furthermore, we must recognise that this is not a purely technical problem: a technically perfect solution that is not usable or does not command the confidence of the voters is not a viable solution.
Recently, significant progress has been made and a number of schemes developed that provide verifiability of the election. These seek to provide end-to-end verifiability of the outcome, i.e., the accuracy of the outcome is independent of the code or hardware that implements the ballot processing. The assurance derives from maximal transparency and auditability. Voters are provided with the means to check that their vote is accurately included in the final tally, all the while maintaining ballot secrecy. Thus the assurance depends ultimately on the voters rather than the probity of election officials, suppliers of voting systems, etc.
Such schemes are arguably highly trustworthy, but the challenge remains to establish public understanding and trust in such systems.
In this talk, I describe these challenges and a particularly voter-friendly approach to achieving verifiability: Pret a Voter.
In February of 2009, Peter Ryan took up a position as Professor of Information Security at the University of Luxembourg. He has over 20 years of experience in information assurance and formal verification. He pioneered the application of process algebras to modelling and analysis of secure systems and initiated and led the project that developed the CSP and model-checking approach to the analysis of security protocols. He has published extensively on cryptography, cryptographic protocols, security policies, mathematical models of computer security, and, most recently, high-assurance voting systems. He is the creator of the Pret a Voter approach to verifiable voting. Prior to joining the University of Luxembourg, he was a Professor of Computing Science at Newcastle University. He has worked at GCHQ, the Defence Research Agency, the Stanford Research Institute in Cambridge, and the Software Engineering Institute, CMU Pittsburgh. He holds a PhD in mathematical physics from the University of London.
Peter Ryan has been on programme committees of numerous prestigious security conferences, notably IEEE Security and Privacy, IEEE Computer Security Foundations Workshop, the European Symposium On Research In Computer Security (ESORICS), and WITS (Workshop on Issues in Security). He was Chair of WITS'04 (Workshop on Issues in the Theory of Security) and Co-chair of ESORICS'04, co-chair of Frontiers of Electronic Elections (FEE) 2005, and Chair of WOTE 2007 (Workshop On Trustworthy Elections). From 1999 to 2007 he was the Chair of the ESORICS Steering Committee. Prof. Ryan is also a member of the IFIP WG 1.7 group and the UK Grid Security Task Force.
He is a Fellow of the BCS and IMA.