Technology and elections are heavily interrelated ??? but it wasn???t always that way. We started to adopt technology once weﾂ?weren???t able toﾂ?fit everyone into a town hall. The first piece of technology was simply a piece of paper and a ballot box. We may not think of it asﾂ?technology,ﾂ?but the ballot box can be tampered with.ﾂ?ﾂ?
That technology gave us ballot secrecy, a trait that aﾂ?hand–raiseﾂ?in the town hall didn???t. This raised the barﾂ?to a level that is expected from other voting technologies since then, which can be tougher with voting machines and electronic evaluation of ballot boxes. Our Confidence in the outcome of an election depends on the integrity of the methodology we use to do this.
Matt Blaze, this year???sﾂ?Black Hat keynoteﾂ?speaker,ﾂ?is a researcher in the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University.ﾂ?ﾂ?
Blazeﾂ?has been working on election security for years. He???s neverﾂ?encounteredﾂ?a problem bigger andﾂ?moreﾂ?complexﾂ?than democraticﾂ?elections. The reason for this is that the requirements are contradictory: Weﾂ?don???t want to be able to figure out how someone voted, but we wantﾂ?transparencyﾂ?into whether or notﾂ?our vote was counted as cast and that the system is not corrupted. The paper ballot box seems to do thisﾂ?pretty well, and other technology solutions require you to be a lotﾂ?more clever.ﾂ?Another snag is that you cannot recover from a bad election very easily. You can???t redo it easily before the term is up.ﾂ?ﾂ?
U.S.ﾂ?voting isﾂ?highlyﾂ?decentralizedﾂ?due to size
The federal government has remarkably little to do with the election process; each state has their own rules and requirements. The elections are carried out by over 3,000 counties and voting takes place inﾂ?precincts in these counties. It???s a very decentralized process. Even within a precinct, there may be different ballots for various local elections. The county???s budget is paying for elections, so improvements in election technology competes with improvements to roads and the fire department.ﾂ?In the 2016 election, about 24% were cast by mail and 17% cast in person before election day. Most states allowﾂ?someﾂ?formﾂ?of absenteeﾂ?voting.ﾂ?ﾂ?
Election campaignsﾂ?vastly outspend the money that???s spent on carrying out the elections.ﾂ?In addition, foreign state adversaries have recently entered the game, sometimes simply with the goal of disrupting elections and undermining the legitimacy of an election. That???sﾂ?actually easierﾂ?than influencing a particular outcome.ﾂ?ﾂ?
The question is: Does new voting tech enable or prevent mischief? The answer is: both.ﾂ?ﾂ?
Paper ballots are more effective in re-assessing aﾂ?particular voteﾂ?and agreeing on an outcome. If we remember voting machines in Florida that led to the re-count inﾂ?2000, they didn???t even involve a computer. It was simply a punch card with a manual punch to vote. However, the mechanical design was flawed, andﾂ?it became more difficult to vote for a popular in the end of the day because punched out paper from previous votes were blockingﾂ?the punch.ﾂ?ﾂ?
A Florida election official trying to interpret a paper ballot during the 2000 U.S. presidential elections.ﾂ?
As a result, Congress passed the Help America Vote Act (HAVA). It provided funding to modernize voting and to make it more ???accessible??? to a wide range of voters. Most of the current equipment did not comply.ﾂ?However, the technology wasn’t broadly available.ﾂ?ﾂ?
The DRE voting machine was a common new form of computerized voting that works similarly to an ATM. It counts the votes in an internal computer. Looking at the entire journey, software touches each part of the voteﾂ????ﾂ?such as voter registration databasesﾂ?andﾂ?software to check who???s already votedﾂ?orﾂ?to count and report the votes. The security of this software is critical to theﾂ?legitimacyﾂ?of the election.ﾂ?At the same time, software is designed to be replaceable and easily changed. It???s aﾂ?really hardﾂ?problem to solve.ﾂ?ﾂ?
Software security and reliability is hard, even under the best of circumstances.ﾂ?In practice, the attack surface is huge: county election management software, voting machine firmware, communications, procedures, physical security,ﾂ?and people. Attacksﾂ?includeﾂ?anything fromﾂ?denial of service to forging the vote. Every piece of computerized voting technology so far has been terrible.ﾂ?ﾂ?
The DMCA Security Research Exemption makes it legal to buy surplus voting machines, hack them, and to report on your findings. The DEFCON Voting Village does this, and everything is worse than we thought.ﾂ?ﾂ?
We haveﾂ?two options:ﾂ?We could just hand-count all votes on paper or amp up the technology (blockchain FTW!). The size of the US election is so large thatﾂ?hand–counting would be extremely hard. It would beﾂ?very difficultﾂ?to eliminate all reliance on software for the entire election.ﾂ?ﾂ?
On the other side, the blockchain makes us more dependent on software.ﾂ?Also, the blockchain is decentralized while elections have a central oversight, which is a contradiction. Just detecting election fraud is not helpful either, we need to prevent it to start with.ﾂ?ﾂ?
There were two breakthroughs since 2020 that help us:ﾂ?ﾂ?
- Ron Rivestﾂ?inventedﾂ?software independence. A voting system is software-independent ifﾂ?anﾂ?undetected change or error in its software cannot cause an undetectable change or error in an election outcome.ﾂ?ﾂ?
- Stark et al developed a new statistical method to sample a subset of voting machines (e.g. paper ballot optical scanners) for post-election hand audits to ensure they reported correct results. If not, the other ones can be hand–counted.ﾂ?ﾂ?
These two ideas have become the gold standard for securing elections since 2020. Progress is positive but slow, and it addresses the key concernsﾂ?computer scientistsﾂ?wereﾂ?worried about in past elections.ﾂ?If you???d like to read up on election security, Blaze recommends theﾂ?National Academy of Scienceﾂ????Securing the Vote??? (2018) study.ﾂ?
Matt???s talk would have ended here if it wasn???t for the pandemic…ﾂ?
The pandemic changed everything because it???s disrupting the vote.ﾂ?ﾂ?
Generally, there are several reasons whyﾂ?aﾂ?vote may be disrupted:ﾂ?ﾂ?
- Voter-level:ﾂ?Individualﾂ?voters are unable to makeﾂ?it to the pollsﾂ?
- Local or regional emergencies:ﾂ?Earthquakes, floods, 9/11ﾂ?
- National-scale emergencies:ﾂ?Wars, pandemics, large-scale cyberattackﾂ?
Postponing elections is absolutely the worst-case option. There are often no rulesﾂ?forﾂ?this. It may be preferable to hold an election that people regard as illegitimate.ﾂ?ﾂ?
A huge logistical challengeﾂ?ﾂ?
Emergencies (such as a pandemic) likely require scaling up mail-in voting. Absentee voting exists in every U.S. jurisdiction, but they often require a reason, such as being out of town ??? unlikely during the pandemic. Some places allow absentee ballots without an excuse.ﾂ?ﾂ?
The question is how we scale up absentee voting during an emergency, and this is a resource and logistics problem.ﾂ?ﾂ?
The voter-side of an absentee ballot is reasonably easy but the workflow on the system side is relatively complex.ﾂ?It???s aﾂ?fairly labor-intensiveﾂ?process that involves checks by multiple people and can involve some technology. Exception handling, like signature mismatches, is even more labor–intensive because they require reaching out to the voter. Simple logistics of theﾂ?number of envelopes and ballots and the throughput of your counting machines may provide restrictions. Ballots themselves have security features so they can???t simply be printed at a localﾂ?copy shopﾂ?either.ﾂ?ﾂ?
Vote batch scanning machines are big, bulky and hard toﾂ?mass–produce.ﾂ?ﾂ?ﾂ?
Your local election officials need your skills ??? ask how you can help!ﾂ?ﾂ?
There are reasons to be optimistic and pessimistic. We don???t know how many people need paper ballots, so we???ll have to over-produce just to be sure. Most jurisdictions don???t have the funding to do this. Time isﾂ?really shortﾂ???? less than 100 days away.ﾂ?This problem isﾂ?similarﾂ?toﾂ?some computing problems. This community is going to be needed by the local election officials. Phone them, find out how you can help.ﾂ?ﾂ?
*** This is a Security Bloggers Network syndicated blog from Application Security Research, News, and Education Blog authored by email@example.com (ckirsch). Read the original post at: https://www.veracode.com/blog/security-news/live-black-hat-stress-testing-democracy-election-integrity-during-global