Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OK NTU, let’s cast e-vote!

OK NTU, let’s cast e-vote!

Dated earlier than the country’s own presidential election, general election of National Taiwan University Student Association has always been an highly-examined, yet strongly-influencing force to the islands’ democracy. Poren (a.k.a. RS) and his friends in NTUOSC helped implementing and operated a trustable electronic vote system on a campus of 30,000 students; he’ll be summarizing technical decisions and court battles throughout 6 years of adaptation, and point out potential caveats when introducing such system on a larger scale.

Talk @ g0v summit 2018.
Further information: https://summit.g0v.tw/2018/agenda/recqfasll9wmLIaY7/ok-ntu--let-s-cast-e-vote

Poren Chiang

October 06, 2018
Tweet

More Decks by Poren Chiang

Other Decks in Technology

Transcript

  1. RSChiang Senior in NTU College of Law; Founder of NTU

    Open Source Community; Former Tech Commissioner of NTU Student Assoc. Election & Recall Exec. Committee. Feel free to reach me @RSChiang on Twitter or [email protected]
  2. Elections in NTU • The 30,000-elector event drew significant influence

    to the society, almost a democracy sandbox by itself. • Even before martial law was lifted in Taiwan, Student Association in NTU adapted a new constitution in 1988, with separation of powers and direct presidential election. • With a rich history of electoral suit, NTU bears an extremely detailed voting regulations in a nationwide scale.
  3. Traditional vote ① Examine student ID and current registration stamp

    ② Sign for the ballot ③ Mark the ballot ④ Cast the vote → →
  4. Experimental e-vote ① Examine student ID and current registration stamp

    ② Sign for the auth code ③ Vote through tablet
  5. “Why aren’t you sleeping?” “I was called to do a

    vote system for your school’s election next week”
  6. Remodeled e-vote ① Scan the student ID ③ Examine identity

    on tablet ② Query registration status   from Academic Office ④ Dispatch auth code ⑤ Cast the vote
  7. Improvements • Student IDs are Mifare-based Taipei Metro EasyCards with

    additional sector information; ID numbers could be extracted from a genuine card. • Incorporating with Academic Office records eliminates the need of examining the then- obsoleted registration stamps. • Programmatically dispatching authorization codes eliminates manual typos and the risk of leakage.
  8. Auditing process • Authorization codes are counted after election •

    Every piece of log is retained – Server side: Authorization and dispatch requests – Voting station: network issues, abandoned votes – Numbers of used auth codes should match after calibration • Prefile standard procedures to reduce risks
  9. Homebuilt hardware ④ Dispatch   auth code ⑥ Callback on

    completion ① Scan the student ID ③ Examine identity on tablet ② Query registration status   from Academic Office ⑤ Cast the vote
  10. Architecture shift ④ Dispatch auth code ⑥ Callback on completion

    ① Scan the student ID ③ Examine identity on PC ② Query registration status   from Academic Office ⑤ Cast the vote
  11. Findings • Electronic voting greatly reduced the burden of establishing

    new voting stations – scaling become a matter of available budgets; skilled electoral staff could instruct and diagnose most of the issues. • Pressure shifted toward development and operation end. • Change of factors would induce risks and unwanted disturbances, especially when replacing working codes; yet stability is difficult to achieve without fully owning involving hardware and systems.
  12. Making things complex • Election and Recall Act allows casting

    vote remotely through preauthorized links; these applications are manually validated and processed. • Unless fully automate the whole process, the distribution of such ballot is prone to error, and opens up potential electoral suit. • The irreversible nature of election system make disaster recovery difficult if not impossible; only a margin of error could be calculated for court defense.
  13. Legal challenges • In the first hour of Spring 2017

    election, about 20% of the electors’ IDs were rejected. The problem was quickly identified as a regression of sector format by subcontractor, and patch was issued before noon. • EREC board decided to extend voting period for a day, which was later rejected by court decision. • The court found that election administration were not entitled to pause, postpone, or extend election periods even under technical disturbances under current regulations.
  14. Thanks! RSChiang 2018.10.6 @ g0v summit 2018 / CC BY-SA

    4.0 Join the discussion on GitHub! rschiang/ntu- vote-auth-server