CSE researchers win Distinguished Paper Award at USENIX Security for work on voter privacy

August 21, 2024
Their research shows that flaws in randomization put voters’ secret ballots at risk.
A black silhouette of a hand placing a slip of paper in a ballot box.

CSE researchers, including PhD student Braden Crimmins, MS student Dhanya Narayanan, and Professor J. Alex Halderman, have received a Distinguished Paper Award at the 2024 USENIX Security Symposium for their paper titled “DVSorder: Ballot Randomization Flaws Threaten Voter Privacy.” Their work reveals serious flaws in supposedly secure techniques meant to randomize ballots and keep voters’ selections secret.

USENIX Security is a top international conference in computer security and privacy. Out of nearly 400 papers accepted and presented at the conference this year, the Distinguished Paper Award was given to a select few—just 15 papers—that demonstrate outstanding rigor and impact. 

Crimmins et al.’s paper focuses on an issue vital to the health of our democracy, that of voter privacy. Specifically, their work explores the reliability of ballot randomization, a technique voting systems use to anonymize ballot data. Concerns about election integrity have given rise to a trend of releasing ballot-level data, which allows the public to scrutinize election results on a ballot-by-ballot basis. 

Crimmins, Halderman, and their coauthors show, however, that the algorithm used by a leading voting system manufacturer to randomize ballots is severely flawed and puts voters’ privacy at risk. Through an in-depth examination of public ballot-level data, they found that a vulnerability in Dominion Voting Systems’ precinct-based ballot scanners, called DVSorder, could be exploited to unshuffle the data and link individual voters with their ballots, posing a significant risk to ballot secrecy. This vulnerability stems from Dominion’s use of a randomization technique known since the 1970s to be insecure, which the authors show can be broken using pen and paper from only publicly available information.

The researchers likewise identified significant gaps in regulations and vulnerability management within the election sector, with some jurisdictions continuing to release vulnerable data or delay mitigation efforts even years after the flaw was disclosed. 

These findings reveal significant and ongoing risks to voter privacy, highlighting the need for improvements in election technology and regulatory oversight to protect ballot secrecy.

Explore:
Honors and Awards; J. Alex Halderman