Why one of America’s top experts is hopeful for better election security

Voting machines and elections in general are still vulnerable to hacking, says Matt Blaze, but adoption of risk-limiting audits and software independence gives opportunity for improvement.

Election 2016 teaser - Electronic voting security for digital election data

In the aftermath of the 2016 presidential election, election security quickly became one of the hottest political and cybersecurity research topics. The growing unease that foreign and other adversaries might meddle in our digital voting infrastructure gave way to a growing chorus among some experts to disband digital voting technology altogether and revert to paper ballots.

Six top-tier information security experts issued an alarming report about what they had discovered when they took apart voting machines at DEF CON's Voting Village last year. They found dozens of severe vulnerabilities in a range of voting equipment, including one in a device from top voting technology supplier Election Systems & Software that could allow an attacker to remotely hijack the system over a network and alter the vote count.

One of those experts, Georgetown University professor and noted cryptographer Matt Blaze, told attendees at this year’s annual Shmoocon conference that in the 20 years he has been studying election security, “it is the hardest security problem I’ve ever encountered.”

Voting secrecy versus transparency

Part of this hard problem is that some voting requirements contradict each other in the inherent tension between the need for secrecy and the need for transparency. “You must not be able to discover someone’s vote,” Blaze said. But at the same time, “You want to be confident that your vote counted,” he added. Moreover, there are no “do-overs” after an election because of requirements that vote totals be certified by a certain date.

On top of that, there are 54 different sets of elections laws in the country. More than 5,000 counties run elections, and voting takes place in hundreds of thousands of neighborhoods. Complicating the situation further, a new dimension in the threat landscape appeared during the 2016 election: nation-state actors, which brings the firepower of foreign intelligence agencies into the mix. Long gone are the simpler days of someone trying to steal the local dog-catcher election.

The Help America Vote Act, which was hurriedly passed after the 2000 presidential election to move voting past the “hanging chad” controversy in the Bush v. Gore fight, in which old-fashioned punch cards highlighted the archaic nature of America’s voting infrastructure, accelerated the shift to electronic and digital voting machines. This shift made the security of voting wholly dependent on hardware and software and most “software really sucks,” Blaze noted, and there are no general techniques to determine if the software is correct.

“Public confidence in election outcomes depends partly on public confidence in the mechanism,” Blaze said. Paper ballots do, in fact, have a high confidence level because everybody is watching, which makes it very difficult to cheat. Moreover, unlike with digital means of voting, with paper ballots “there is no catastrophic failure that affects every ballot box in the country.” 

Yet it’s not clear at scale that removing computers and software from the voting equation solves anything. For one thing, U.S. elections are the most complicated in the world, with multiple candidates and issues on the ballot, Blaze said. For another thing, it’s hard to argue that having people count by hand is better or more accurate than counting by machine.

The actual act of casting a vote is only one part of the election equation. Behind the voting terminals themselves there are a host of deeply computerized functions, including ballot definition, voter registration and back-end tallying and reporting. “Computers solve real problems that elections officials have,” Blaze said. “It’s a really hard sell to say computers have no role in elections.”

So, paper ballots are really not an option anymore, and they certainly don’t scale to the level we need them in modern U.S. elections, Blaze said. What, then, is the solution to the conundrum?

Software independence, risk-limiting audits the answer

The solution isn't blockchain technology, as some have advocated, because, “We can’t possibly know what’s on the blockchain without software, so all the problems still exist if you’re using the blockchain on the back end,” Blaze said.

According to Blaze, the most effective solutions to the election security problem were put forth by the National Academies of Science, which conducted a consensus study on election security and published its findings in a 2018 report called Securing the Vote. “It is the single best document on voting security that has ever been produced,” he said.

The report advances two principles that should govern the digital voting apparatus surrounding elections. The first is something called software independence. A voting system is software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome.

The second principle is the idea of risk-limiting audits. This is a statistical method to sample a subset of voting machines for post-election audits to ensure they report correct results. If the subsets show problems, then you can hand count votes. “If you do this right, you can have an exceedingly high confidence interval,” Blaze said.

Because policymakers can’t ignore the National Academies of Science, this report carries real weight, Blaze said. Some bills have already emerged in Congress to give states funding for adding paper ballot backups and risk-limiting audits and they have bipartisan support, Blaze said. Some states have already begun to conduct their own risk-limiting audits.

For these reasons, Blaze is more optimistic now than he was last year when he and his colleagues released the results of their DEF CON Voting Village work. In the meantime, despite the rampant flaws the researchers discovered in the election equipment, no one has yet found actual exploitation of any of them U.S. in elections, Blaze said.


Copyright © 2019 IDG Communications, Inc.

The 10 most powerful cybersecurity companies