Download - Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience
![Page 1: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/1.jpg)
Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience
Ali Fawzi Najm Al-Shammari & Adolfo Villafiorita
INFORMATIK 2014 - eVoting Workshop - Stuttgart
1,2 1
1. Fondazione Bruno Kessler - Italy2. University of Kerbala - Iraq
25th September 2014
Tuesday 7 October 14
![Page 2: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/2.jpg)
• Historical overview.
• Current voting System in Iraq.
• Stakeholders.
• Components.
• Procedures.
• Security Issues.
• Recommendations.
• Conclusion.
Outline
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 3: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/3.jpg)
• Democracy was not a common practice in Iraq before 2003.
• In 2005, the new Iraqi constitution allows citizens to elect the parliament, and the provincial councils every four years.
• Independent High Electoral Commission (IHEC) introduced to manage and run elections.
Historical Overview
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 4: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/4.jpg)
Seven country wide elections were conducted:
• January 2005: National Assembly + Provincial Councils
• October 2005: Constitution
• December 2005: Parliamentary
• January 2009: Provincial Councils
• Mars 2010: Parliamentary
• April 2013: Provincial Councils
• April 2014: Parliamentary
Historical Overview
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 5: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/5.jpg)
Seven country wide elections were conducted:
• January 2005: National Assembly + Provincial Councils
• October 2005: Constitution
• December 2005: Parliamentary
• January 2009: Provincial Councils
• Mars 2010: Parliamentary
• April 2013: Provincial Councils
• April 2014: Parliamentary
(Observer) (Observer)
(Station Manager)
Historical Overview
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 6: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/6.jpg)
• Before 2014, paper based voting.
• Simple.
• Usable.
• There were some concerns raised:
• Vote stuffing!
• Vote manipulation!
• Some verification mechanisms, but they are manual, and time consuming.
Iraqi Voting System
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 7: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/7.jpg)
• In 2014, electronic component involved in the polling place.
• Motivation is to improve the system against the current concerns, i.e.:
• Votes stuffing and manipulation.
• Improve voter’s authorization process in the poll.
Voting System Improvement
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 8: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/8.jpg)
• Automates vote traceability.
• Mechanism of tracing the vote cast serial number.
• Automates voter authorization.
• Smart Identification Card (SID) for each voter.
• Biometric Identification.
Approach
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 9: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/9.jpg)
Smart Card Reader System (SCRS)
Plastic SealSmart Card Reader System
(SCRS)
Thermal Printer & Smart Card ReaderDATECS DPP-250
Fingerprint ScannerFutronic FS80
Tablet BQ Maxwell Plus 2
Camera
The new tool implemented by Indra (Spanish Company).
• Offline database in the component.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 10: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/10.jpg)
Stakeholders.
Components.
Procedures.
Polling Station Experience
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 11: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/11.jpg)
Polling Station - Stakeholders
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 12: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/12.jpg)
Polling Station - Stakeholders
Station Manager (SM)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 13: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/13.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 14: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/14.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 15: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/15.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
Ballot Box Observer (BBO)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 16: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/16.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
Ballot Box Observer (BBO)
Queue Observer
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 17: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/17.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
Ballot Box Observer (BBO) Election Observers
Queue Observer
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 18: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/18.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
Ballot Box Observer (BBO) Election Observers
Queue Observer
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Voters Voter
Tuesday 7 October 14
![Page 19: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/19.jpg)
Polling Station - Stakeholders
Station Manager (SM)
Authorization Officer (AO)
Ballot Issuer (BI)
Ballot Box Observer (BBO) Election Observers
Queue Observer
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Polling Place Manager (PPM)
Voters Voter
Tuesday 7 October 14
![Page 20: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/20.jpg)
Polling Station - Components
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 21: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/21.jpg)
Polling Station - Components
SCRS
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 22: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/22.jpg)
Polling Station - Components
SCRS
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 23: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/23.jpg)
Polling Station - Components
SCRSBallots Pack
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 24: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/24.jpg)
Polling Station - Components
SCRSBallots Pack
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
1010100
Party Contest
Candidates Contest
Serial Number
Tuesday 7 October 14
![Page 25: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/25.jpg)
Polling Station - Components
SCRSBallots Pack
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 26: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/26.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 27: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/27.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ ListSupervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 28: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/28.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 29: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/29.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 30: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/30.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 31: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/31.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Voting Ink
Supervisor Smart Card (SSC)
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 32: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/32.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box Station Forms
Voting Ink
Supervisor Smart Card (SSC)
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 33: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/33.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box Station Forms
Voting Ink
Supervisor Smart Card (SSC)
Secure Plastic BagSecurity Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 34: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/34.jpg)
Polling Station - Components
SCRSBallots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box Station Forms
Voting Ink
Supervisor Smart Card (SSC)
Secure Plastic BagSecurity Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Smart ID (SID)
Tuesday 7 October 14
![Page 35: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/35.jpg)
Starting the Election Day
1. SM : - receives the sensitive materials from Polling Place Manager (PPM). - records the ballots packs’ serial number in station forms. - seals the ballot box using plastic seals, and records its numbers in station forms.
2. AO : - turns on the SCRS using the SSC.
Identifying a Voter
1. Voter : - walks to authorization desk.
2. AO : - inserts voter’s SID in the SCRS. - scans voter’s fingerprint by the SCRS.
3. SCRS : - verifies voter’s data. - if the voter is eligible: - saves voter’s access time. - blocks voter’s SID. - updates voter’s status in the database.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 36: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/36.jpg)
Issuing Ballot
1. AO : - passes voter’s ID to the BI.
2. BI : - checks voter’s name in the voters’ list. - issues and stamps the ballot, and passes it to AO.
3. AO : - scans the QR code of the issued ballot using the SCRS.
4. SCRS : - stores the scanned code of the ballot.
5. Voter : - takes the issued ballot, and walks to the voting cabin.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 37: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/37.jpg)
Casting Vote
1. Voter : - fills in the ballot anonymously in voting cabin. - folds the filled-in ballot, and walks to the ballot box. - marks her indicator finger in the voting ink. - casts her vote by putting the filled-in ballot in the ballot box.
2. BBO: - controls that a voter marks her finger with voting ink before casting the vote.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 38: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/38.jpg)
Special Case...
• If the SCRS fails in reading the SID of a voter.
• e.g., SID failure, or Database failure.
• Voter’s name exists in the voters’ list.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 39: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/39.jpg)
Special Case...
• If the SCRS fails in reading the SID of a voter.
• e.g., SID failure, or Database failure.
• Voter’s name exists in the voters’ list.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
The voter has the right to vote!
Tuesday 7 October 14
![Page 40: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/40.jpg)
Special Case Voting Procedure
1. SM : - takes voter’s SID and puts it in a secure envelope. - writes on the envelope (voter’s name, card’s serial number, and the reason of collection).
2. BI : - asks the voter to sign in the voters’ list. - releases Ballot for the voter.
3. AO : - signs the back of the ballot with “Smart card was not readable”. - Does not scan the QR code of the ballot.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 41: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/41.jpg)
Closing the Polling Station1. SCRS : - stops accepting any card.
2. SM : - secures ballot box.
3. AO : - stores the SCRS data in the SSC. - prints the SCRS report.
• polling station name.
• total number of eligible voters in the station.
• number of voters who accessed the polling station.
• total number of scanned fingerprints.
• the total number of scanned QR codes.
• the time of opening and closing the poll.
• the list of scanned codes of ballots.
4. SM : - secures the SSC and the SCRS report in a plastic bag. - records the number of the secure bag in the station forms.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 42: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/42.jpg)
Tallying Process
1. SM : - verifies the serial numbers of the ballot box seals through a comparison with the records in the station forms. - open the box.
2. Polling Place Employees : - starts the tallying process publicly.
3. EO: - observes the tallying process. - records the tallying results in the station forms.
4. SM : - secures the ballots, and stations forms. - provides the secured sensitive materials to the Polling Place Manager.
Election Procedures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 43: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/43.jpg)
Stakeholders’ access.
Attack scenarios.
Privacy Evaluation
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 44: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/44.jpg)
Stakeholders’ Access
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Voter Ballot Serial Number
Stakeholder Pre-election During Election During Tallying After Election Day
- --
Tuesday 7 October 14
![Page 45: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/45.jpg)
Stakeholders’ Access
INFORMATIK 2014 - eVoting Workshop - Stuttgart
AO , BI Voter’s NameBallot Serial Number
Votes Cast (Station)
--
Voter Ballot Serial Number
Stakeholder Pre-election During Election During Tallying After Election Day
- --
Tuesday 7 October 14
![Page 46: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/46.jpg)
Stakeholders’ Access
INFORMATIK 2014 - eVoting Workshop - Stuttgart
AO , BI Voter’s NameBallot Serial Number
Votes Cast (Station)
--
SM Voter’s Name (Special Case)
Votes Cast(Station)
--
Voter Ballot Serial Number
Stakeholder Pre-election During Election During Tallying After Election Day
- --
Tuesday 7 October 14
![Page 47: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/47.jpg)
Stakeholders’ Access
INFORMATIK 2014 - eVoting Workshop - Stuttgart
ElectionOfficials
SCRSVoters’ list
- Votes Cast (Precinct) SCRS DataVoters’ ListSpecial Case Voters
-
AO , BI Voter’s NameBallot Serial Number
Votes Cast (Station)
--
SM Voter’s Name (Special Case)
Votes Cast(Station)
--
Voter Ballot Serial Number
Stakeholder Pre-election During Election During Tallying After Election Day
- --
Tuesday 7 October 14
![Page 48: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/48.jpg)
General Assumption
• Malicious election official could compromise the privacy IF:
• the ballot serial number is linked with voter’s name.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 49: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/49.jpg)
Voter Attack
• Assumption: malicious voter.
• The malicious voter collects ballot serial number and provides it to a third party.
• Forced.
• Attempt to sell vote.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 50: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/50.jpg)
Voter Attack
• Assumption: malicious voter.
• The malicious voter collects ballot serial number and provides it to a third party.
• Forced.
• Attempt to sell vote.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Note that, even if there is no malicious election official, some voter could be coerced by a malicious third party!
Just by asking him/her to provide the vote cast serial number as an evidence to the way she/he voted.
Tuesday 7 October 14
![Page 51: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/51.jpg)
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Station Employee Attack 1
• Assumption: malicious AO/BI.
• The malicious AO/BI memorize voter’s name, and ballot serial number.
• The malicious AO/BI links between voter and vote while tallying the votes.
Tuesday 7 October 14
![Page 52: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/52.jpg)
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Station Employee Attack 1
• Assumption: malicious AO/BI.
• The malicious AO/BI memorize voter’s name, and ballot serial number.
• The malicious AO/BI links between voter and vote while tallying the votes.
We don’t need to assume that a malicious election official exists.
Tuesday 7 October 14
![Page 53: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/53.jpg)
Station Employee Attack 2
• Assumption: malicious Polling Place Employee.
• The malicious employee reveals the vote of the special case voter in the tallying phase.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 54: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/54.jpg)
Station Employee Attack 2
• Assumption: malicious Polling Place Employee.
• The malicious employee reveals the vote of the special case voter in the tallying phase.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
We don’t need to assume that a malicious election official exists.
Tuesday 7 October 14
![Page 55: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/55.jpg)
Malicious Component Attack1
• Assumption: malicious SCRS, malicious election official.
• The malicious SCRS saves information that links voter with ballot serial number.
• The malicious election official accesses the SCRS malicious data.
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 56: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/56.jpg)
Attack Scenarios
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Malicious Component Attack 2
• Assumption: malicious SCRS, malicious person nearby the polling place.
• The malicious SCRS broadcasts information that links the voter and her ballot serial number using its Wifi, or bluetooth.
• The malicious person nearby, receives this information using a malicious application installed in a device (e.g., smart phone).
Tuesday 7 October 14
![Page 57: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/57.jpg)
• The ballot serial number is not protected.
• Voter identification and ballot issuing processes are performed together.
Main Failures
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 58: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/58.jpg)
1.Protecting the Ballot Serial Number.
• Eg., scratch to reveal, or invisible ink marking pen.
• Using random codes for the ballots.
2.Modifies the procedures.
• Ballot QR codes scanning must be done after closing the poll.
• Does not marks the issued ballot of the special case.
Recommendations
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 59: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/59.jpg)
• The IHEC effort was to improve traceability, and election fairness.
• Current system has vulnerabilities that could compromise privacy, caused by:
• Two critical processes performed by the same component.
• Ballot serial number is readable.
• Our goal is to improve the system with consideration of minimal changes, which includes:
• Improving the ballot.
• Modifying procedures.
• Modifying SCRS software.
Conclusions
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
![Page 60: Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience](https://reader034.vdocument.in/reader034/viewer/2022052601/55941ab51a28abf02b8b4607/html5/thumbnails/60.jpg)
Thank You For Your Attention
شكراً إلصغائكم
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14