OSET Institute

View Original

Next Generation Voting System Technology Architecture

E. John Sebes, Co-Founder & Chief Technology Officer
Edward Perez
, Global Director of Technology Development

It is well settled that current Voting System Technology (VST) is not considered “trustworthy” by definition in a secure computing context, because of its basis on commodity Personal Computing (PC) hardware and Operating Systems (OS) software that does not support trustworthy computing.

Of all the voting systems in use for U.S. federal, state, and local elections (as well as for elections in other democracies), none were designed and developed using “trusted computing” concepts and principles that have been used for decades in high-security computing for government critical systems.  We believe this was in part due to two reasons:

  1. There was an entirely different set of presumptions about threat models and so-called “attack surface” when companies seized on the opportunity of the Help America Vote Act to develop computer-based electronic voting systems in response to the desire to replace punch-cards and lever machines in 2002; and

  2. Even if there had been some amazing insight in security-centric risk modeling, the companies who were already in the business of goods and services for election administration, as well as new ones from similar (but different) businesses such as ATM machinery or gambling machines, did not have the core capabilities or domain expertise of trusted computing design and engineering.

Trusted computing concepts help system architects and engineers isolate “mission-critical” components of a computer system (including voting systems) to always behave in expected ways (such as properly counting and tabulating votes).

Two over-arching principles of the OSET Institute’s TrustTheVote Project are 1) User-Centered Design, and 2) Security-Centric Engineering. ElectOS, the principal election technology platform of the TrustTheVote Project applies these principles in full.

This paper presents a new architecture of next generation voting system technology and represents the underlying principles of the ElectOS voting system. Aside from our visual tour of ElectOS (under-going refinement now), this paper, which is a significant revision of our original draft in June 2010, represents the most important narrative for the underlying design thinking of the ElectOS voting system.

ED. COMMENT [Dec 2019]: Please note that Footnote 2 of this Paper cites a deprecated URL from the State of California. The next version of this document will update that footnote. In the mean time, the correct link for the Top-To-Bottom Review is: https://www.sos.ca.gov/elections/ovsta/frequently-requested-information/top-bottom-review/