As hardware devices and software systems are used to perform election processes (casting votes, tallying elections, etc), they typically produce event logs to make a record of what is happening. They are typically divided into two categories: system events and audit records. System events are operational actions performed by voting device components, such as shutting down the voting device, starting a service, usage information, client requests, and other information. Audit records contain security event information such as successful and failed authentication attempts, file accesses, and security policy changes.
For some background, see David Wagner's Voting Systems Audit Log Study of ES&S, Hart, Premier, Sequoia and 2 California-specific systems. It is a report commissioned by the California Secretary of State. June 1, 2010, available at http://www.cs.berkeley.edu/~daw/papers/auditlog-ca10.pdf
and the brief summary in his 4-page TGDC slides
Various groups have been analyzing event logs from elections. See e.g.
- Auditing a DRE-Based Election in South Carolina by
D. A. Buell, University of South Carolina; E. Hare, Clemson University; F. Heindel; C. Moore; B. Zia, League of Women Voters of South Carolina
Along with two open source projects for analyzing ES&S audit logs
- An Audit of the November 2012 Election Results in South Carolina - LWV of South Carolina - using ES&S Unity audit log data from the system log (EL155) and event log (EL152), and the results file (EL30A) and cast vote records (EL68A), Duncan Buell was able to document and investigate details of the ver long lines and late closing times of elections in South Carolina in 2012. The report has many insights for what standards might want to work towards in audit logs, and how they can be used.
- Audit Bear - web site and open source Python code for analyzing ES&S audit logs
- Automating voting terminal event log analysis of Premier's AccuVote (AV-OS) by the Voting Technology Research (VoTeR) Center - University of Connecticut: PDF | Slides
- Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson. E-voting and forensics: Prying open the black box. In 2009 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, 2009 (Slides)
Some papers discuss techniques for improved reporting of election event logs, preserving privacy, etc.:
- Arel Cordero and David Wagner. Replayable Voting Machine Audit Logs. In 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’08), August 2008. HTML
- Paul T. Cotton, Andrea L. Mascher, and Douglas W. Jones. Recommendations for voting system event log contents and semantics. In NIST Workshop on a Common Data Formats for Electronic Voting Systems, October 2009. .
- Andrea L. Mascher, Paul T. Cotton, and Douglas W. Jones. Improving voting system event logs. In RE-Vote’09: First International Workshop on Requirements Engineering for E-voting Systems, August 2009.
- Sean Peisert, Matt Bishop, and Alec Yasinsac. Vote selling, voter anonymity, and forensic logging of electronic voting machines. In 42nd Hawaii International Conference on System Sciences (HICSS), January 2009.
- Daniel R. Sandler and Dan S. Wallach. Casting votes in the Auditorium. In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ’07), Boston, MA, August 2007. (HTML)
Much work on data formats for event logging in general has also been done. See e.g.:
- EMAP: http://scap.nist.gov/emap/ - an emerging protocol within the NIST Security Automation Program wich will focus on standardizing the data models relating to event and audit management.
- CEE: Common Event Expression - http://cee.mitre.org/documents.html - a framework to enable collaborative efforts in the creation of an open, practical, and industry-accepted event interoperability standard for electronic systems--