EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
| Hi-index | 0.00 |
We designed, built, tested, and fielded a vote counting system called Scantegrity. Scantegrity is part of a new class of end-to-end (E2E) verifiable voting systems.E2E verifiable systems are designed to solve chain of custody problems in elections by providing a privacy-preserving receipt to each voter. The voter can use the receipt to check a public record and verify that his or her ballot is counted without revealing the selected candidate. The public record gives election officials the ability to provide a strong, universally-accessible audit of the results, enabling transparent, verifiable elections that maintain privacy expectations. E2E systems offer radical improvements to integrity and transparency of election systems, and the adoption of E2E systems in public-sector elections can improve outcome integrity.In our design, we carefully considered the balance between usability and security issues, and we discuss the changes we made to implement the system. We examined the implementation through the results of a practical test of Scantegrity in a mock election in April 2009, which evaluated the system’s performance and surveyed the election participants about their experience with the system.We describe a number of changes we made to the system as a result of this test. For example, Scantegrity required better printing technology and a tally reconciliation system. We evaluated the modified system a second time by fielding it in the Takoma Park, Maryland, November 2009 municipal election, where we were able to survey voters and observe events throughout election day. In addition to examining the performance of the system during election day, we analyzed the survey results and found that most voters felt positively about the system despite some problems when taking advantage of the new features. We suggest further improvement to the usability of Scantegrity by proposing and analyzing the addition of an automatic receipt printer in different configurations. To design the receipt printer, we took advantage of protections provided by the Trusted Computing platform that improve the reliability and robustness of the component. The final system automatically provides each voter a privacy-preserving receipt that can be used to verify each ballot has been counted properly.