It is no secret that wildly different political views aside, the threat of foreign and even domestic interference in the 2020 U.S. presidential elections is dominating our politics in advance of November.
At its core, the subject of election security comes down to one key question: How secure is your vote?
As the nation increasingly moves toward electronic voting, increased electronic tabulation, and increased electronic transmission of results, we should be rethinking our strategy for ensuring the integrity, authentication, and non-repudiation of elections that rely so heavily on technology.
Currently, the FBI, Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), U.S. Cyber Command, and various other government agencies do their best to react to cybersecurity threats during elections.
While they do a good job of reacting to reports of fraud and cyberattacks and validating whether or not they occurred, this is all reactionary and does not amount to detection or prevention.
According to the Election Assistance Commission, there are only about ten approved electronic voting machine manufacturers and three of them account for almost 90% of the market.
When you go to the polling place, you will likely encounter one of those three companies’ machines.
Most likely it will be similar to a giant scantron where you either fill in the bubbles or punch out a chad and then feed your ballot into the machine.
If you are provided with a confirmation that the machine counted your vote, it will either be a visual counter on the machine or a paper receipt confirming only that the machine has accepted your ballot.
You do not get anything that you can later use to prove how you voted in a contested election.
What is most alarming is that there are no mandated security features for voting machines.
There is a set of Voluntary Voting System Guidelines (VVSG), which are a set of specifications and requirements for determining if voting systems meet required standards (including security recommendations), but they were last updated in 2015.
Tests run by third-party vendors in 2019 and 2020 found that none of these systems met the security protocols outlined in the 2015 standards.
Since then, additional security features have been recognized as needed by the National Institute of Standards and Technology (NIST) and Version 2 of the VVSG is in draft form which includes them.
But even then, there is no mandate, regulation, or law requiring that the voting machine meet these requirements.
Many machines in use today also predate even the 2015 standard and are using the 2010 guidelines, if they are using any at all.
Once the ballots are counted by the machines, they are transmitted electronically to higher-tiered election officials and eventually the Secretary of State (or equivalent) for that State.
Generally, these kinds of networks of election machines are known as election-management systems, and there are no security requirements for these systems either.
During this chain, there is a general lack of checking to ensure that the tallies were correct at each site or that the transmitted results were not tampered with.
As an extreme example, during the 2018 midterm elections, Georgia was still using voting machines that had not had a security patch applied since before 2005.
To make matters worse, the FBI was contacted by a politician in Georgia around this time who had been called by someone who said they could hack the result to guarantee that candidate won the race for just $50,000.
In that case, the FBI successfully resolved the issue, but it relied on the fact that the politician was honest enough to report the offer, and the resolution did not make the process of voting any more secure.
So how do we actually make the process more secure and ensure the integrity of legitimate ballots cast?
The three most crucial measures the U.S. can (and should) take are authentication, integrity, and non-repudiation. Let’s look at each of these measures in more detail.
A process must be put in place that can be used to authenticate that:
This process must also allow for provisional voting that can be verified at a later date.
The NIST recommendations and VVSG 2 should be ratified, and those standards should be made mandatory for a machine to be used.
Penetration and vulnerability testing of all machines should be required prior to their adoption. Penalties should be assessed against vendors who claim their machines are secure but who fail this testing, including barring them from the marketplace.
Older machines that cannot pass security testing must either be patched by the vendor or replaced. If the machines cannot be replaced in a timely manner, paper voting must be implemented as a backup.
Both voting machines and election-management systems must be checked prior to and after elections to ensure that the code deployed on both are the same.
When ballots are cast, the person voting should be given a paper receipt which shows them how the machine recorded their vote, including a two-way cipher that can be used to authenticate their results. In the event of a close or contested election where a recount occurs, the cipher can then be reversed.
Without a paper trail of each vote, no one can adequately check for discrepancies.
Failure to adopt these concrete solutions puts the integrity of the 2020 election and future elections at risk.
Not addressing these concerns doesn’t mean our elections will be hacked, but there is no question that it increases the likelihood of interference, fraud, and distrust.