On the privacy threats of electronic poll books

Published: October 04, 2010


Stefan Popoveniuc, John M. Kelsey


Electronic poll books make the process of verifying that a voter is authorized to vote and issuing her a ballot faster and more convenient. However, they also introduce a privacy risk: if both the electronic poll book and voting machine or optical scanner record the order of signins/votes, or worse, the time at which each voter signs in and the time at which each ballot is cast, voter privacy can be lost. It is surprisingly difficult to avoid saving such information in some form, for example in event logs on the machines, and still more difficult to verify that no such information is saved. In addition, even the more efficient electronic poll books can act as a bottleneck in the voting process. We propose a simple technique to address these concerns, by allowing voters to sign in from home, and print out a barcoded receipt to be permitted to get their ballot and vote. Using blinded signatures, this barcoded receipt need not leak any information about the voter's identity other than where she is authorized to vote and what ballot she should be given. However, the receipt can contain sufficient information to make it very difficult for a voter to authorize someone else to vote on her behalf, and can support (for example) the ability to respond to challenges by election officials to ensure that only authorized voters are permitted to vote.
Proceedings Title: Proceedings of the Workshop on Privacy in the Electronic Society 2010
Conference Dates: October 4, 2010
Conference Location: Chicago, IL
Conference Title: Workshop on Privacy in the Electronic Society 2010
Pub Type: Conferences

Download Paper


privacy , electronic poll books , blind signatures , sign in form home
Created October 04, 2010, Updated February 19, 2017