Over the last four decades, information technology has begun to transform the electoral process---perhaps the most foundational process upon which democratic societies are built. Computers are gradually replacing manual parts of the democratic process by, for example, tallying results in Excel spreadsheets, predicting exit polls, or by computing seat assignments to parties in parliament (since 1962 in Denmark). With every such transformation, the overall process becomes more efficient, informative, and economical. However, there is a risk of the process becoming less trustworthy. The deployed technology tends to be complex and therefore prone to programming error and vulnerable to malicious attacks. These problems have an adverse effect on the very foundations of democracy. Voters are less likely to trust the electoral process, which inevitably leads to lower voter participation and cynicism.
In order to provide evidence in support of this hypothesis, we propose first to design a rigorous software engineering principle, which we call trust by design that reproduces the trust-instilling elements of the conventional process in an electronic infrastructure. Second, we develop electronic election technology based on the trust by design principle. Third, the municipalities of Frederiksberg, Aarhus, and Copenhagen will help us evaluate the technology empirically in order to analyze the social, political and cultural implications inherent in digitally transforming the democratic process. The results of this project will provide KL and other decision makers important and invaluable insights into how to modernize the democratic process without jeopardizing the fundamental principles upon which democracies rest.
The DemTech project if financed through a generous grant from The Danish Council for Strategic Research by the Programme Commission on Strategic Growth Technologies.
Our mission is to assist electoral management bodies with the development of digital election systems, the evaluation of threats and challenges, and the analysis and management of risks.
DemTech Workshop on Democracy in the Digital Age
Guest lecture by Christian Probst, DTU
Title: Insider Threats and Social Engineering
Abstract:Insider threats are a major threat against organisations and IT systems. In most cases, insiders have better knowledge about an organisaton's assets, policies, and workflows, and have authorized access to many of these. Therefore, actions by a malicious insider are usually hard to detect. Social engineering is often used by attackers to get insiders to perform actions, which they should not perform but are authorized to do. In this talk I will give examples for insider threats and social engineering, discuss different definitions of insiders, and present some models of how to deal with insider threats.
Guest lecture by Assoc Prof Yvonne Dittrich, IT University of Copenhagen
Title: What does it mean to use method? Towards a Practice Theory for Software Engineering
Abstract: Methods, processes and tools and tools to support them are at the heart of Software Engineering as a discipline. However, as we all know, their use does not necessarily result in homogeneous, predictable software projects. What is lacking is an understanding of how methods inform software development. In the talk, I will apply and develop the set of concepts based on the practice-concept in philosophy of sociology to describe and understand methods and their application. Practice here is not understood as opposed to theory, but as a commonly agreed on way of acting, which is acknowledged by the team. The results and steps in the philosophical argumentation are exemplified using published empirical research. Methods are defined as practice patterns that need to be related to and integrated in an existing development practice. The application of a method is developed as a 'development of practice'. This practice is in certain aspects aligned with the description of the method, but a method always under-defines practice. The implication for research, industrial software development and teaching are outlined. The theoretical/philosophical concepts allow explaining the heterogeneity in application of software engineering methods and are in line with empirical research results.
Carsten Schürmann joined IEEE 1622.6, Voting Systems Standards Committee (VSSC) Voting Methods Mathematical Models Working Group.
Carsten Schürmann attended a talk on Perspectives on Crisis and Conflicts in the World at UN-City, Copenhagen. The talk was given by Grete Faremo, Under-Secretary General of the United Nations and Executive Director of UNOPS.
Carsten Schürmann is lecturing on logical frameworks at the ANU Logic Summer School in Canberra, ACT, Australia.
DemTech's Carsten Schürmann and Jari Kickbusch attended the shuffling and decryption ceremony at the Victoria Electoral Commission (VEC), Melbourne, Australia, today. More than a 1000 electronic votes were shuffled, decrypted an printed to be included in the count for the Victoria State Election.
Carsten Schürmann participated at the ICT Proposals' Day and event organized by the European Commission that focuses on the Horizon 2020 Work Programme 2015 in the field of Information & Communication Technologies.
Carsten Schürmann was one of four experts invited to the NemId Visionarium at Version2, discussing the next generation of Denmark's national ID infrastructure.
DemTech organized a scientific session at ESOF 2014 on the topic Democracy in the digital age: computational aspects of voting systems
Robert Krimmer is visting DemTech. He will give a talk about the challenges of observing new voting technologies. The talk will take place on Friday, June 20, 2014, 12:00 in 2A08. Read more here.
Democracy and technology seminar: Center for Health and Society (CSS) in Copenhagen is arranging a seminar today on democracy and technology. Both Alex Haldermann and Carsten Schürmann from DemTech give talks. Read more here.
DemTech is running a pilot on risk-limiting audits during the European Parliament election.
DemTech organized the third DemTech Workshop on Danish Elections, Trust, and Technology for the Mongolian Election Commission. more information
DemTech organized a PhD course on Code Scanning. This course is intended for PhD students and advanced Master students and it is designed to give an introduction to formal methods, teach the basics of code scanning theory, and allows students to gain first-hand experience with the state of the art code scanners. Code scanners are tools that inspect source code automatically for bugs, security problems and other issues. Code scanners are often used to evaluate software used in safety critical systems. Contingent on our ability to secure licenses, we will discuss five different tools, such as Coverity, Fortify, Code Sonar, AppScan??, and FindBugs??. The course is organized in two parts. The first part takes place in April, where we (the organizers) will give several lectures about the formal under pinnings of code scanners. During the last lecture, we, will present some sample code, and assign (groups of) students to tools. Read more here
We are looking for a postdoctoral researcher in formal methods, software engineering or related topics such as programming languages and distributed systems.
- design and verification of concurrent and cryptographic systems;
- programming language based security, including semantic security and functional programming;
- program verification including logical methods, type theory and dependent types;
DemTech Distinguished Lecture
Speaker: Prof. Stark, Professor and Chair of Statistics, University of California, Berkeley.
Title: Risk Limiting Audits of Parliamentary Elections
Abstract: Risk-limiting audits have a pre-specified minimum probability of correcting incorrect electoral outcomes. The risk limit is the maximum chance that an incorrect outcome is not corrected by the audit. Risk-limiting audits have been conducted in the USA for plurality contests in Ohio and Colorado, and for plurality, majority, super-majority, and "vote-for-n" contests in California. There are two basic approaches to risk-limiting audits, both of which involve inspecting randomly selected records from an audit trail in search of strong statistical evidence that the apparent outcome is correct. Absent strong evidence, they lead to a full hand count, which reveals the correct outcome. Ballot-polling audits use the audit trail alone; comparison audits compare hand counts of randomly selected groups of ballots to reported results for those ballots. Comparison audits are more complex and make more demands on the voting system, but--if the groups for which reported results are available are sufficiently small--can require inspecting fewer ballots than ballot-polling audits when the apparent outcome is indeed correct. Quite recently, the theory of risk-limiting audits was extended to ballot-polling and comparison audits of parliamentary elections like those in Denmark. The calculations required to conduct such audits involve only simple arithmetic, but there can be a fair amount of bookkeeping if there are many parties and many seats.
We are looking for enthusiastic students to work on student projects that are directly relevant to DemTech research. You offer an international and exciting working environment and access to real-world data, and real world systems. Help us make a difference!
DemTech in Norway to follow internet election trials. Carsten Schürmann, Randi Markussen and Lorena Ronquillo were present when online votes were decrypted and counted for Norwegian Parliamentary Election. Read more.
DemTech Reading Group: Cryptographic Voting Protocols
This semester we will discuss foundations and aspects of cryptographic voting protocols in the DemTech Reading Group.
DemTech Distinguished Lecture
Speaker: Ian Brightwell, Director IT and CIO, New South Wales Electoral Commission, Australia
Title: Why is Internet Voting a Governance Project and not a Technology Project?
DemTech Distinguished Lecture
Speaker: Prof. David Basin, ETH Zurich
Title: Developing Security Protocols by Refinement?
Abstract: We describe an approach to developing security protocols by step-wise refinement. Its core is a refinement strategy that guides the transformation of abstract security goals into protocols that are secure when operating over an insecure channel. The refinement steps successively introduce local states, an adversary, communication channels with security properties, and cryptographic operations realizing these channels. The abstractions we use provide insights on how the protocols work and foster the development of families of protocols sharing a common structure and properties. In contrast to post-hoc verification methods, we develop protocols together with their correctness proofs. We have implemented our approach in Isabelle/HOL and used it to develop a number of entity authentication and key transport protocols. (Joint work with Christoph Sprenger, ETH Zurich)
Starting September 2013 Steffen Dalsgaard will be a member of The Young Academy of Denmark (Det Unge Akademi). The Young Academy is a section for young talented scholars under the Royal Danish Academy of Science and Letters. Its purpose is to strengthen basic research and the interdisciplinary exchange, bridging the gap between science and society - and to give a united voice to some of the most excellent young scientists in Denmark.
Carsten Schürmann gave a talk at CADE 2013 in Lake Placid, USA Carsten presented a joint paper with Bernhard Beckert (KIT) and Rajeev Gore (ANU) on Analysing Vote Counting Algorithms Via Logic at CADE-13 in Lake Placid, USA]. Click here for the slides.
The wait is over. Finally another Twelf tutorial, this time collocated with CADE 2013 in Lake Placid, NY.
Carsten Schürmann to talk at the Egypt-US Cyber Security workshop in Cairo, Egypt. Carsten gave a talk on Certifying Voting Protocols at the Egypt-US Cyber Security Workshop. Click here for the slides.
Distinguished DemTech Lecture
Speaker: Sherif El Tokali, Assistant Resident Representative of the UNDP-Egypt
Title: UNDP ICT4D
Abstract: Throughout the past decade United Nations Development Programme (UNDP) has collaborated with the Government of Egypt (GOE) represented by its different ministries, Non-governmental Organizations (NGOs) as well as the Private Sector to positively contribute to a sustainable socioeconomic development in Egypt through the use of the Information and Communication Technologies (ICTs). In specific, the collaboration between UNDP and the Ministry of Communications and Information Technology (MCIT) is considered one of the most successful partnerships which resulted in the formulation and implementation of a number of nationally executed ICT projects in Egypt. Many of these projects did spin-off successfully. Today, the collaboration between UNDP and MCIT is geared towards improving the overall electronic readiness of the youth, women, people with special needs, and civil society organizations and increasing entrepreneurship, Education and Innovation, E- Health. Click here for the slides.
Joseph Kiniry, DTU Compute, guest professor at ITU will debate Jacob Scjødt Nielsen, The Danish Board of Technology, at TEKNOFO on Saving Democracy from Technology. eVote – a choice for the future?
Read the full talk descriptions.