By Shannon D. Hanson
Since 2017, attendees to DEF CON – the premier hacker convention – have been invited to attempt to hack voting machines. The Voting Village founder’s goal is to discover vulnerabilities in voting technology.
The hope is that the companies who make voting machines will see the hackers as white hats and use what is discovered at DEF CON to provide greater security to the machines used in our elections. Hackers have risen to the challenge, unfortunately, voting machine companies have not.
ES&S the largest voting machine manufacturer claimed that these hackfests cause greater insecurity because bad actors learn the vulnerabilities of the systems from events like this. A spokesman also said, “ES&S submits its equipment to testing by independent security researchers and proactively seeks to work with independent experts in election security.” And yet their machines were hacked.
After the 2018′ DEF CON four members of the Senate Intelligence Committee signed a letter to ES&S expressing concern that the machines ” … may not be prepared for the growing threats to our elections.”
ES&S’ CEO responded that “…exposing technology in these kinds of environments makes hacking elections easier, not harder, and we suspect that our adversaries are paying very close attention.”
The good news is that in June of 2019, ES&S announced that it had changed its position and now believes congress should pass laws requiring independent testing. The company also said it will no longer sell machines that do not use a paper ballot.
Of course, no such legislation has passed through Congress but that doesn’t stop ES&S and other companies from taking the initiative to harden their systems. And yet the machines continue to be easily hackable.
Once again at the 2019 DEFCON, participants were able to hack all of the more than one hundred machines present. Vulnerabilities included back doors and extremely weak passwords (one device had password as the root password another was abcde) Worse yet some vulnerabilities were decades old. Every model present is in use somewhere in the US.
It is not just the companies that supply these machines who are critical of the exercise. Election officials claim the convention does not represent the real world. It is not that they deny how easily the machines are hacked, but rather they claim the machines are not vulnerable because they are never connected to the outside world. Never mind that a virus called Stuxnet destroyed hundreds of Iranian centrifuges none of which were connected to the outside world.
You can help National Compass continue to bring you unique and insightful news analysis without pop up ads and paywalls, by simply using the Amazon partner link above when you make your next purchase.
The Matter of Trust
Suppose that we could get Congress, State & County election officials, and voting machine manufacturers to take security seriously. Suppose voting machine companies did provide patches and further suppose that election departments had personnel with sufficient training and time to apply the patches to all the machines. Would that mean our election technology would be secure?
Maybe, but even if it did would that make our elections secure? Not at all. In fact, it could make things worse.
Imagine that DEF CON 2020 comes and goes and the hackers are unable to break into any of the voting machines. That’s good, right? Not so fast. Think of an electronic voting machine as a black box. A voter’s choices are input, the device tallies the results and when asked outputs the totals. It seems pretty simple, but do you trust what is happening inside the box? I don’t, and neither should you.
- Many of the voting machines have computer parts manufactured in foreign countries. Those countries may have a preference in how our elections turn out or even just in making us doubt the results. Do you fully trust that all those processors and other chips? Perhaps you haven’t read about the Supermico Situation or the Huawei Hubbub.
- Do you doubt that at least some of the owners or directors of the companies which make voting machines have a partisan leaning? Do you trust them not to diddle with the results? Do you trust every employee?
- Do you trust every Election official and every employee who does have access to these machines?
- The above mentioned Stuxnet virus was introduced into a closed system via what is known as a third-party exploit. The systems of a vendor were hacked and the virus was introduced to the system inadvertently by the vendor.
While It may seem at first that keeping everyone out of election machines provides the most security, in fact, it could cost us our best chance to actually make our elections secure. What if instead of working so hard to keep hackers out we invited anyone in? Don’t make them hack the system, instead, leave the door open and put a sign up that tells them to come in and look around.
If congress ever does decide to hold voting machine makers to some rules, it would best if those rules required that the main software be open source and the votes be stored using blockchain technology.
Obscurity VS Openness
If you think getting these companies to secure their machines is tough, try getting them to open the source code.
Open-source simply means that the source code which makes a computer program do what it does is open to review and scrutiny. This page was delivered to you using at least three open-source projects (WordPress, Mysql, PHP) It is also likely that Apache and or Nginx are used and that Linux underpins all of those.
Your web browser could be at least partially open source. If you are on an Android-based phone that is also open source. Clearly, open-source is a part of our lives.
A key philosophy of open-source is that more people looking at the lines of code the more chances that bugs and security flaws in the code will be found. Linus Torvalds who created Linux believed that “given enough eyeballs, all bugs are shallow.” Open source projects encourage people to look at the code, report bugs and flaws they find and when appropriate share how they fixed the issue. The project leads can then test these fixes and integrate them into the project.
Contrast this with the rationale of the closed source proponents who cling to a theory dubbed “security through obscurity.” The thought is that keeping the source code secret will keep people from finding bugs. Never mind that it hasn’t worked out that way. the same people who create the buggy code are responsible for finding the bugs.
Any of the many distributions of the Linux operating system are considered more secure than Windows or Mac OS. Being open-source is one of the reasons why.
A common myth about open source is that companies can not make a profit using it. In 2012, Red Hat – which creates its own variant of the Linux operating system became the first open-source software company to exceed one billion in revenues. In 2018 revenues for Red Hat neared 3 billion and net profit was more than 250 million. Automatic, the company responsible for WordPress is valued at 3 billion dollars.
But, if the software which we use to cast and count our votes is open-source wouldn’t this mean that foreign entities could find ways to exploit it? Yes, but are you one hundred percent sure they have not and will not find exploits in closed source solutions? Evidence suggests they can and have.
At least with open-source, American programmers with an interest in fair elections could scrutinize and scour the code, chances are they are going to find the exploits as well and suggest ways to close them.
Perhaps more importantly, opening the source code allows us to see if these machines are doing what they are supposed to do and nothing else. Americans should demand nothing less.
The Satoshi Protocol
Assuring that votes are recorded accurately is critical, but useless if the results can be changed later anyway. If you don’t think vote counts can be manipulated you might want to give this article a read. Still not convinced? Fair enough, but why take a chance? Why not require the use of an available technology which would make it impossible (or so nearly so as to not matter)? That technology is called Blockchain.
You may not have heard of Blockchain, but I’d bet you have probably at least heard of Bitcoin? To help you understand how blockchain could help elections -or maybe just because I am a geek – I think it helps to understand how Blockchain solved a big problem with Bitcoin.
Bitcoin is a cryptocurrency that was introduced in 2008 by a person or group of people known as Satoshi Nakamoto. The white paper that Satoshi dropped on the world outlined using Blockchain technology (though it didn’t contain the word Blockchain) for its underlying database.
Chances are, it was a lot easier for me to ravel that sentence than for you to unravel it. If not, you might want to skip ahead a few paragraphs.
Cryptocurrency is a type of digital money that was first conceived in 1983 and implemented in 1995 as Digicash. One issue with cryptocurrency is double-spending. Since digital money is just a file on a computer it can be copied and then both copies spent. One way to solve this is to have a strong central authority such as a trusted third party, bank or government, acting as a middleman.
There are problems though with a central authority. Money transfers can be tracked for one thing, which defeats one of the primary purposes of digital cash. Secondly, how do we know we can trust the central authority? Also, middlemen generally charge fees. For example, think of the small amount that goes in someone’s pocket every time you swipe your credit card or the amount it costs to wire money.
The Satoshi proposal was the first to solve the double-spending problem without needing a central authority. It did this by using a public decentralized ledger to record bitcoin transactions. This is where Blockchain comes in.
To explain what a public decentralized ledger is, I could get further in the weeds, but to simplify, Imagine a shared spreadsheet listing monetary transactions or voting records. This spreadsheet is available to any computer on the internet.
If only one copy of the spreadsheet could be changed that would be a centralized setup. Most states use election systems that are centralized. Vote tallies are fed from polling places to one main machine. A ne’er do well only needs access to that one machine. This also provides a single point of failure which is never a good idea.
A decentralized setup means that each user who requests access is given a full copy of the spreadsheet. When any records are added to the sheet every copy in use is updated. Imagine if every machine in every polling place had the vote records for every other machine in that and every other polling place.
Think of that spreadsheet as a chain and each voting record as a block.
A key component of blockchain technology is that records are run through a cryptographic algorithm that produces a hash. the smallest change to a record would produce a different hash. Before any new block can be added to the chain at least 51% of all computers participating in the blockchain network must have the same hash.
This example massively oversimplifies the technology but, for purposes of this article, three things are important.
- A new record can not be written to the chain until 51% of the computer (users) agree on its contents
- Once a new chunk of information (block) is written to the chain, it is immutable.
- Each block of new information is written in such a way that its position in the chain can not be changed.
This makes a blockchain virtually impossible to hack.
In our example, every computer connected to a network of voting machines would have a full chain containing a record of each vote that had been cast in that election. Even is a hacker gained access to a computer and altered a voting record, those changes would never be accepted by 51% of all the computers. The changed copy would be rejected in favor of the one that was agreed to be accurate.
A hacker would need to gain access to at least 51 percent of all the voting machines to have any chance of affecting an election. Imagine again a system where every machine in every precinct across a State or better yet the nation is a peer in a blockchain network. It is hard to construct a scenario where anyone can get access to over half of them.
DARPA, a governmental agency concerned with developing technologies for the military and national security, agrees with me, at least in part. They awarded a 10 million dollar contract for the creation of an open-source voting system to Galois, a longtime government contractor.
Galois does not plan on selling voting machines. The idea is to create a prototype using fully open-source hardware and software. Other companies can then adopt the technology and customize it for use in their own systems.
The good news is Galois has experience in creating secure systems and is focusing on ways to make the hardware secure. The bad news is they admit that even with secure hardware these machines could potentially be hacked. Sadly when it comes to cybersecurity even millions of dollars can’t buy you a guarantee anymore.
Unfortunately, the system does not seem to be decentralized or to use a secure storage system such as Blockchain. It also does not have a way for a voter to check that the choices they made are the choices that were recorded.
Will this be the future of elections in America? Hard to say. Unfortunately, governmental entities are not always quick to adopt new technologies. Even when they are eager the money is not there. In any case, if we are to change the way we do elections it will come from the grass-roots because election system manufacturers are not going to make changes unless we make them.
For more information on open-source voting check out the OSET institute web site.