Building Reliable Voting Machine Software

This is my dissertation. The first three chapters provide a good introduction to the issues surrounding voting security and verification.

If the first three chapters are interesting enough that you want to find out what happens next, you can download and read the whole dissertation.

Pvote: Prerendered User Interfaces for Voting

How can electronic voting machines be made more reliable and verifiable? This project proposes publishing the electronic ballot design before election day, so it can be checked for correctness, usability, and accessibility, and the voting machine software can be simpler and more secure.

See the project website, pvote.org, for information, documents, and the Pvote prototype software, which implements a voting machine with a synchronized video and audio interface in less than 500 lines of Python (using Pygame).

California Top-to-Bottom Review

In the summer of 2007, Debra Bowen, the California Secretary of State, commissioned a comprehensive study of the voting machines certified for use in California. The study included source code analysis, red-team security testing, accessibility testing, and documentation reviews. I participated in the study as a reviewer, which gave me the rare opportunity to examine the source code of a commercial electronic voting machine. My team reviewed the voting system software by Sequoia, and produced a public report on our discoveries.

See the page on the Voting Systems Review for a complete list of reports.

Voting Security Requirements

To be able to claim that a voting system is secure, first one has to be clear about exactly what "secure" means. So, to support my hope of eventually making supportable security claims about a voting machine design based on prerendered user interfaces, this list breaks down high-level desiderata into progressively more specific requirements:

Voting Simulation Visualizations

If the voters rank the candidates or vote for multiple candidates instead of voting for just one, can you get better results? There are a variety of possible ways to count up the votes and decide the winner of an election, such as Plurality, Approval, Borda, Hare (also known as IRV), or Condorcet. The relative merits of these methods are frequently debated, but are seldom compared by simulating how they would behave across a wide range of situations.

These election simulations provide a new visualization that may offer some insight into the behaviour of these election methods, uncovers surprising effects of instant-runoff voting, and demonstrates a strong similarity between approval and Condorcet voting.

See the source code used to produce these visualizations (votesim).

Election Methods in Pictures

This interactive visualization illustrates the behaviour of Plurality, Approval, Borda, Hare, and Condorcet elections in one dimension.

See the source code used to produce this Flash visualization (voteline).