[en] Verifiable voting schemes allow voters to verify their individual votes and the election outcome. The voting protocol Selene offers verification of plaintext votes while preserving privacy. Misconceptions of verification mechanisms might result in voters mistrust of the system or abstaining from using it. In this paper, we interviewed 24 participants and invited them to illustrate their mental models of Selene. The drawings demonstrated different levels of sophistication and four mental models: 1) technology understanding, 2) meaning of the verification phase, 3) security concerns, and 4) unnecessary steps. We highlight the misconceptions expressed regarding Internet voting technologies and the system design. Based on our findings, we conclude with recommendations for future implementations of Selene as well as for the design of Internet voting systems in general.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
ZOLLINGER, Marie-Laure ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > APSIA
ESTAJI, Ehsan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA
RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)
Marky, Karola; University of Glasgow > School of Computing Science
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
"Just for the sake of transparency": Exploring Voter Mental Models Of Verifiability
Date de publication/diffusion :
octobre 2021
Nom de la manifestation :
Sixth International Joint Conference, E-Vote-ID 2021
Date de la manifestation :
from 05-10-2021 to 08-10-2021
Manifestation à portée :
International
Titre de l'ouvrage principal :
Electronic Voting, Sixth International Joint Conference, E-Vote-ID 2021, Bregenz, Austria, October 5-8
Abdi, N., Ramokapane, K.M., Such, J.M.: More than smart speakers: security and privacy perceptions of smart home personal assistants. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 1–16. USENIX Association, Berkeley, CA, USA (2019)
Acemyan, C.Z., Kortum, P., Byrne, M.D., Wallach, D.S.: Usability of voter verifiable, end-to-end voting systems: baseline data for Helios, Prêt à Voter, and Scantegrity II. SENIX J. Elect. Technol. Syst. 2(3), 26–56 (2014)
Acemyan, C.Z., Kortum, P.T., Byrne, M.D., Wallach, D.S.: Users’ mental models for three end-to-end voting systems: helios, prêt à voter, and scantegrity II. In: International Conference on Human Aspects of Information Security, Privacy, and Trust (2015)
Adida, B.: Advances in Cryptographic Voting Systems. Ph.D. thesis, Massachusetts Institute of Technology (2006)
Adida, B.: Helios: Web-based open-audit voting. In: Proceedings of the USENIX Security Symposium, pp. 335–348. USENIX Association, Berkeley, CA, USA (2008)
Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? (2019)
Ben-Nun, J., et al.: A new implementation of a dual (paper and cryptographic) voting system. In: International Conference on Electronic Voting (2012)
Benaloh, J., et al.: Star-vote: a secure, transparent, auditable, and reliable voting system. CoRR (2012)
Borgman, C.L.: The user’s mental model of an information retrieval system: an experiment on a prototype online catalog. Int. J. Man Mach. Stud. 24(1), 47–64 (1986)
Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Meas. 20(1), 37–46 (1960)
Distler, V., Zollinger, M., Lallemand, C., Rønne, P.B., Ryan, P.Y.A., Koenig, V.: Security-visible, yet unseen? In: Proceedings of the CHI Conference on Human Factors in Computing Systems (2019)
Estonian national electoral committee (2019). https://www.valimised.ee/en/archive/statistics-about-internet-voting-estonia
Fuglerud, K.S., Røssvoll, T.H.: An evaluation of web-based voting usability and accessibility. Univ. Access Inf. Soc. 11(4), 359–373 (2012). https://doi.org/10. 1007/s10209-011-0253-9
Johnson-Laird, P.N.: Mental models: towards a cognitive science of language, inference, and consciousness. No. 6, Harvard University Press (1983)
Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: “My data just goes everywhere”: user mental models of the internet and implications for privacy and security. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 39–52. USENIX Association, Berkeley, CA, USA (2015)
Kulesza, T., Stumpf, S., Burnett, M., Yang, S., Kwan, I., Wong, W.: Too much, too little, or just right? Ways explanations impact end users’ mental models. In: Proceedings of the IEEE Symposium on Visual Languages and Human Centric Computing, pp. 3–10 (September 2013). https://doi.org/10.1109/VLHCC.2013. 6645235
Lallemand, C., Koenig, V.: Lab testing beyond usability: challenges and recommendations for assessing user experiences. J. Usability Stud. 12(3), 133–154 (2017)
Levitt, S.D., List, J.A.: What do laboratory experiments tell us about the real world. J. Econ. Perspect., 153–174 (2007)
Marky, K., Kulyk, O., Renaud, K., Volkamer, M.: What did i really vote for? On the usability of verifiable e-voting schemes. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 176:1–176:13. ACM, New York, NY, USA (2018). https://doi.org/10.1145/3173574.3173750
Marky, K., Zimmermann, V., Funk, M., Daubert, J., Bleck, K., Mühlhäuser, M.: Improving the usability and ux of the swiss internet voting interface. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 640:1–640:13. ACM, New York, NY, USA (2020). https://doi.org/10.1145/3313831.3376769
Marky, K., Zollinger, M.L., Funk, M., Ryan, P.Y., Mühlhäuser, M.: How to assess the usability metrics of e-voting schemes. In: Financial Cryptography and Data Security, Workshop on Workshop on Advances in Secure Electronic Voting (2019)
Marky, K., Zollinger, M.L., Roenne, P.B., Ryan, P.Y., Grube, T., Kunze, K.: Investigating usability and user experience of individually verifiable internet voting schemes. ACM Trans. Comput. Hum. Interact. 28(5) (2021). https://kaikunze. de/papers/pdf/marky2021investigating.pdf
Moher, E., Clark, J., Essex, A.: Diffusion of voter responsibility: potential failings in e2e voter receipt checking. USENIX J. Elect. Technol. Syst. (JETS) 1(3), 1–17 (2014). https://www.usenix.org/jets/issues/0301/moher
Nestas, L., Hole, K.: Building and maintaining trust in internet voting. Computer 45(5), 74–80 (2012). https://doi.org/10.1109/MC.2012.35
Norman, D.A.: Some observations on mental models. In: Mental models, pp. 15–22. Psychology Press (2014)
Ryan, P.Y.A., Rønne, P.B., Iovino, V.: Selene: voting with transparent verifiability and coercion-mitigation. In: Proceedings of the Financial Cryptography and Data Security (2016)
Sallal, M., et al.: VMV: augmenting an internet voting system with selene verifiability (2019)
Schneider, S., Llewellyn, M., Culnane, C., Heather, J., Srinivasan, S., Xia, Z.: Focus group views on prêt à voter 1.0. In: International Workshop on Requirements Engineering for Electronic Voting Systems (2011)
Selker, T., Rosenzweig, E., Pandolfo, A.: A methodology for testing voting systems. J. Usability Stud. 2(1), 7–21 (2006). http://dl.acm.org/citation.cfm?id=2835536. 2835538
Serdült, U., Germann, M., Mendez, F., Portenier, A., Wellig, C.: Fifteen years of internet voting in switzerland [history, governance and use]. In: Proceedings of the Second International Conference on eDemocracy eGovernment (2015)
Serdült, U., Kryssanov, V.: Internet voting user rates and trust in Switzerland. In: Proceedings of the International Joint Conference on Electronic Voting, pp. 211–212 (2018). https://doi.org/10.5167/uzh-156867
Tullio, J., Dey, A.K., Chalecki, J., Fogarty, J.: How it works: a field study of non-technical users interacting with an intelligent system. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 31–40. Association for Computing Machinery, New York, NY, USA (2007). https://doi.org/10. 1145/1240624.1240630
Warkentin, M., Sharma, S., Gefen, D., Rose, G.M., Pavlou, P.: Social identity and trust in internet-based voting adoption. Gov. Inf. Q. 35(2), 195–209 (2018)
Wash, R.: Folk models of home computer security. In: Proceedings of the Symposium on Usable Privacy and Security. Association for Computing Machinery, New York, NY, USA (2010). https://doi.org/10.1145/1837110.1837125
Zeng, E., Mare, S., Roesner, F.: End user security & privacy concerns with smart homes. In: Proceedings of the Symposium on Usable Privacy and Security, pp. 65–80. USENIX Association, Berkeley, CA, USA (2017)
Zimmermann, V., Gerber, P., Marky, K., Böck, L., Kirchbuchner, F.: Assessing users’ privacy and security concerns of smart home technologies. i-com 18(3), 197– 216 (2019)
Zollinger, M., Distler, V., Rønne, P.B., Ryan, P.Y., Lallemand, C., Koenig, V.: User experience design for e-voting: how mental models align with security mechanisms. In: Proceedings of the Joint International Conference on Electronic Voting (2019)
