Ethical Issues in E-Voting Security Analysis

Research about weaknesses in deployed electronic voting systems raises a variety of pressing ethical concerns. In addition to ethical issues common to vulnerability research, such as the potential harms and beneifts of vulnerability disclosure, electronic voting researchers face questions that flow from the unique and important role voting plays in modern democratic societies. Should researchers worry that their own work (not unlike the flaws they study) could sway an election outcome? When elected officials authorize a security review, how should researchers address the conflicted interests of these incumbent politicians, who may have powerful incentives to downplay problems, and might in principle be in a position to exploit knowledge about vulnerabilities when they stand for re-election? How should researchers address the risk that identifying specific flaws will lead to a false sense of security, after those particular problems have been resolved? This paper makes an early effort to address these and other questions with reference to experience from previous e-voting security reviews. We hope our provisional analysis will help practicing researchers anticipate and address ethical issues in future studies.