To many technologists, electronic voting represents a seemingly simple exercise in system design. In reality, the many requirements it imposes with regard to correctness, anonymity, and availability pose an unusually thorny collection of problems, and the security risks associated with electronic voting, especially remotely over the Internet, are numerous and complex, posing major technological challenges for computer scientists. (For a few examples, see references below.) The problems range from the threat of denial-of-service-attacks to the need for careful selection of techniques to enforce private and correct tallying of ballots. Other possible requirements for electronic voting schemes are resistance to vote buying, defenses against malfunctioning software, viruses, and related problems, audit ability, and the development of user-friendly and universally accessible interfaces.
The goal of the workshop is to bring together and foster an interplay of ideas among researchers and practitioners in different areas of relevance to voting. For example, the workshop will investigate prevention of penetration attacks that involve the use of a delivery mechanism to transport a malicious payload to the target host. This could be in the form of a ``Trojan horse'' or remote control program. It will also investigate vulnerabilities of the communication path between the voting client (the devices where a voter votes) and the server (where votes are tallied). Especially in the case of remote voting, the path must be ``trusted'' and a challenge is to maintain an authenticated communications linkage. Although not specifically a security issue, reliability issues are closely related and will also be considered. The workshop will consider issues dealing with random hardware and software failures (as opposed to deliberate, intelligent attack). A key difference between voting and electronic commerce is that in the former, one wants to irreversibly sever the link between the ballot and the voter. The workshop will discuss audit trails as a way of ensuring this. The workshop will also investigate methods for minimizing coercion and fraud, e.g., schemes to allow a voter to vote more than once and only having the last vote count.
This workshop is part of the Special Focus on Communication Security and Information Privacy and will be coordinated with the Special Focus on Computation and the Socio-Economic Sciences.
This workshop follows a successful first WOTE event, organized by David Chaum and Ron Rivest in 2001 at Marconi Conference Center in Tomales Bay, California (http://www.vote.caltech.edu/wote01/). Since that time, a flurry of voting bills has been enacted at the federal and state levels, including most notably the Help America Vote Act (HAVA). Standards development has represented another avenue of reform (e.g., the IEEE Voting Equipment Standards Project 1583), while a grassroots movement (http://www.verifiedvoting.org) has arisen to promote the importance of audit trails as enhancements to trustworthiness.