Challenges of balancing usability and security in future voting systems Dana Chisnell @danachis @ChadButterfly
Jan 28, 2015
Challenges of balancing usability and security in future voting systems
Dana Chisnell@danachis@ChadButterfly
How are the votes counted?
How are the votes counted?
If it’s not usable, it’s not secure.
NowCurrent design demands much of voters
Study 1: Websites
Cataloged 147 election websites
Conducted 41 remote moderated usability tests
What happened?
Voters are ballot-centricthey’re focused on that act,not conscious of the overall process
What’s on the ballot?
?
?
?
?
??
!?
they are more likely to go to third-party sources
they are less likely to show up at the right polling place
they’re likely to undervote down-ballot
they are less likely to turn out
If voters don’t know what is on the ballot
Website design problems are well understood
sites are hard to find find other sources
navigation reflects department don’t know where to go
labels are jargon don’t know how to get to content
dates and deadlines are vague don’t know when to act
graphics are gratuitous get distracted or lost in the site, lose trust
sites are not accessible disenfranchisement
Study 2: Alternative counting methods
San Francisco and Oakland, December 2011
EVN, March 2012
Portland, Maine 2011
Alameda Co. demo ballot
Minneapolis 2011
New York state demo
Voter slate
How is my vote counted?
Ballot design problems are well understood
split contests across columns overvoting
there are responses on both sides of names overvoting
arrows rather than bubbles marking incorrectly
formatting is inconsistent or too consistent undervoting
instructions are complicated or lacking all kinds of crazy things
voters don’t know how to correct their ballots lost votes
How RCV works
n=52
Joe
What does it mean?
Mental models
People make inferences about how things work based on available information and context
Mental models
This is what we teach people
Mental models
Sometimes it really is this simple - but not in the US
Mental models
Sometimes it really is this simple - but not in the US
Much more like signing for a mortgage
This is the ballot we testNIST medium complexity ballot
Point system
Weighted
Reversed
Mental models
Point / weight system
Preparing to vote
Knowing what to expect
Interacting with the ballot
Intent is loaded
What’s on the ballot?
What are my options for voting?
absentee early voting Election Day
what’s the deadline to apply?
what do I have to do to get one?
when is it due?
where do I vote? where do I vote?
what’s the deadline to apply?
what do I have to do to get one?
when is it due?
where do I vote? where do I vote?
who is in office now?
do I need ID to vote?
what’s the deadline for registering?
1. Voters develop faulty mental models
2. Voters don’t understand the consequences of their actions
3. Voters vote counter to their intentions
Portland, Maine 2011
straight party voting+ regular contests
+ RCV+ multi-candidate
+ retention contests+ measures
6 different models
We’re pretty sure there’s a problem
FutureCombinations add complexity. Complexity compromises security.
Voters bear a cognitive burden that design can relieve.
Poor design and instructions on ballots makeunderstanding, marking, and casting difficult, time-consuming, and complicated
Poor design and instructions on ballots makecounting, verifying, and audits difficult, time-consuming, and complicated
Raises questions about what is being secured.
complex ballots = lost votes
complex ballots + vote-by-mail
= lost votes
complex ballots + multi-language
= lost votes
RCV+ VBM
+ multi-language
= 1000s of lost votes
Lack of trust in elections
Lack of trust in officials
Recalls
Scrambling county boards
Security may add to the cognitive burden without thoughtful design.
Security = Counted as cast
Security = Cast as intended + counted as cast
This moment
Voter ed is not the answer.
If it’s not usable, it’s not valid.
If it’s not usable, it’s not countable.
If it’s not usable, it’s not verifiable.
If it’s not usable, it’s not auditable.
If it’s not usable, it’s not secure.
Rick Bond
Cyd Harrell
Ethan Newby
Callie Wheeler
Chelsey Glasson
Sara Cambridge
Laura Paajanen
Beth Lingard
Beth Pickard
Jared Spool
David Cary
Rebecca Sherrill
Frank Castro
Sandy Olson
Nancy Frishberg
Yelena Nakhimovsky
Whitney Quesenbery
Thank you
Andrea Moed
Kristen Johansen
Boaz Gurdin
Ashley Pearlman
Donald A. Cox
Kamaria Campbell
Paul Schreiber
Jenn Downs
Jacqui Adams
Michelle Milla
Josh Keyes
Josh Bright
Doug Hanke
Karen McGrane
Krysta Chauncey
Karen Bachmann
Rosa Moran
Josie Scott
Rachel Goddard
Samantha LeVan
Kate Aurigemma
Erin Liman
Alessandra Brophy
Andrea Fineman
And...
New tools.
Research commissioned by NIST
Usability and Civic Life Project
Research commissioned by NIST
Research commissioned by EAC
Field Guides series
Research commissioned by EAC
Research supported by MacArthur Foundation
Research supported by MacArthur Foundation
Research supported by MacArthur Foundation
Field Guides series
Field Guides To Ensuring Voter Intent
civicdesigning.org/fieldguides
Coming soonAnywhere ballotfunded by ITIF (EAC AVTI)
If it’s not usable, it’s not secure.
Thank you.