null
(Ed.)
As paper ballots and post-election audits gain increased
adoption in the United States, election technology vendors are offering
products that allow jurisdictions to review ballot images—digital scans
produced by optical-scan voting machines—in their post-election audit
procedures. Jurisdictions including the state of Maryland rely on such
image audits as an alternative to inspecting the physical paper ballots.
We show that image audits can be reliably defeated by an attacker who
can run malicious code on the voting machines or election management
system. Using computer vision techniques, we develop an algorithm
that automatically and seamlessly manipulates ballot images, moving
voters’ marks so that they appear to be votes for the attacker’s preferred
candidate. Our implementation is compatible with many widely used
ballot styles, and we show that it is effective using a large corpus of
ballot images from a real election. We also show that the attack can be
delivered in the form of a malicious Windows scanner driver, which we
test with a scanner that has been certified for use in vote tabulation
by the U.S. Election Assistance Commission. These results demonstrate
that post-election audits must inspect physical ballots, not merely ballot
images, if they are to strongly defend against computer-based attacks on
widely used voting systems.
more »
« less