International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Exposure Notification System May Allow for Large-Scale Voter Suppression

Authors:
Rosario Gennaro
Adam Krellenstein
James Krellenstein
Download:
Search ePrint
Search Google
Abstract: Exposure Notification is a system designed by Google and Apple for notifying individuals when they have been exposed to SARS-CoV-2 by coming in contact with someone who has tested positive for the virus. Within GAEN, no user-identifying data is ever uploaded to the central server; users establish their proximity exclusively peer-to-peer and anonymously, with the sole purpose of knowing whether they have been in contact with an individual who may later be deemed to have been infected. The design choices of the protocols in question, which makes them robust against data collection attacks, unfortunately also make them particularly susceptible to data injection by malicious parties. In particular, these protocols allow for a determined attacker to generate false exposure notifications on a mass scale in an undetectable and unpreventable manner. In this paper we highlight how these data injections attacks can be used to implement voter suppression in political elections and to compromise the integrity of the democratic process.
Video: https://www.youtube.com/watch?v=_m6quT9hiyk
BibTeX
@misc{rwc-2021-35535,
  title={Exposure Notification System May Allow for Large-Scale Voter Suppression},
  note={Video at \url{https://www.youtube.com/watch?v=_m6quT9hiyk}},
  howpublished={Talk given at RWC 2021},
  author={Rosario Gennaro and Adam Krellenstein and James Krellenstein},
  year=2021
}