Worried about election hacking? There's a technology fix – Helios
End-to-end encrypted, verifiable voting already in action
Election hacking is much in the news of late and there are fears that the Russians/rogue lefties/Bavarian illuminati et al are capable of falsifying results.
For example, voters in the state of Georgia's sixth district are going to the polls on Tuesday for a close-fought election, and serious doubts have been raised about the security of the voting systems used. Georgia uses electronic voting machines that don't give a paper ballot, making recounts impossible, and security researcher Logan Lamb has doubts about their security. (This is, of course, amid evidence of Russian hackers targeting election boards and makers of voting software and hardware in the US.)
While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, Lamb found that the website was misconfigured, exposing the state's entire voter registration record, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast.
"You could just go to the root of where they were hosting all the files and just download everything without logging in," Lamb told Politico.
Lamb is not alone – many in the security sphere have serious doubts about America's headlong rush into electronic voting. After the 2000 election hanging chads fiasco, the government threw money at the states to upgrade their voting machines and many systems are hopelessly bad.
Paper ballots have a number of advantages over electronic voting. They may be slower to count, but it's much harder to falsify results because you need large numbers of ballots to be prepared by hand. Electronic voting is, in its current form, potentially hackable, but there are systems that combine electronic voting with encryption to give an election that can be checked, protects voting privacy, and allows for on-the-spot checks.
The appliance of science
At this year's Enigma conference, Ben Adida, veep of engineering at educational software firm Clever, detailed a new kind of secure voting system called Helios – watch below.
The system is fairly simple. Voters cast their ballot, which is then encrypted, and the voter is given a tracking number to keep. That number can be checked against an election tally system to ensure that the vote was cast as specified, while not compromising the privacy of the ballot.
The system allows for parties to check that their supporters have voted and lets vote checkers examine results as they come in, while keeping the ballot secret. Adida said that the voting system is already in use for student council elections at Princeton University in New Jersey, where it proved its worth.
In a recent Princeton election, one of the candidates, a sophomore, was standing against a senior. The sophomore complained that an email reminding students to vote hadn't been received by other sophomores, and was originally told by the university that no fault had occurred.
However, the Helios system allowed the voting team to check the levels of votes by different years of students (freshmen, juniors, etc), and saw that while voting rates among other years had spiked after the email had been sent out, this wasn't true for sophomore students.
The university later found out that a misconfigured email server had only sent out reminders to 10 per cent of sophomores. They rectified that error, and the sophomore later won the election by just 2 per cent.
The Helios software is all open source and is available for anyone to check up on or use. Adida told The Register that the system can scale to national elections, but that this was unlikely in the next election cycle.
"In the United States, the most difficult aspect of that question is that decisions on voting systems and equipment are very decentralized. So I don't see a way in which a Helios-type system is in broad use in 2020," he said.
"If anything, the difficulty of running pilots with new voting technology is probably the biggest impediment of all: no one wants to use a system that hasn't been proven at scale in national elections. It would be better if states were willing to try new technologies in controlled conditions at small scale. Then we could make more progress." ®
Sponsored: Becoming a Pragmatic Security Leader