The cat is out of the bag – there is public evidence citing Russian hacking attempts against the U.S. election system. Multiple news sources have reported that Russian hackers penetrated electronic voting systems in 39 states leading up to the November 2016 election.
The Intercept recently published a top-secret National Security Agency document describing Russian hacking attempts made against the US electoral system. While there is no evidence that the hackers had any effect on the 2016 election results, it has become clear that the U.S. election system is in danger of being compromised in the future.
Rise of the Machines
Most people might remember the vote-counting incident that happened during the 2000 presidential election. This was the closest election in the nation’s history, and the narrow margin resulted in a mandatory machine recount the following day. As a result, the Help America Vote Act (HAVA) passed in 2002. This act worked to phase out punchcard voting systems that caused millions of ballots to be tossed during the 2000 election.
In 2004, there were also multiple issues with electronic voting machines, most notably in Ohio. Between 2004-2008, states attempted to pass laws that mandated certain provisions, but regulation remained incomplete.
The challenges associated with electronic voting systems struck a nerve for Jonathan Bennun, an expert in application security and now a cybersecurity product leader in the Silicon Valley startup scene. Bennun leveraged years of experience as a security engineer and ethical hacker to co-found one of the world’s first secure voting startups.
Bennun’s expertise in security helped develop the Wombat Voting System. This product was created in 2011 by a team of Israeli computer science professors, Alon Rosen, Amnon Ta-Shma and Ben Riva, with contribution by Swedish professor Douglas Wikström, to ensure “end-to-end” verifiable voting.
An end-to-end verifiable voting system provides 2 main benefits. First, it helps with individual verifiability, by which any voter may check that his/her ballot is correctly included in the electronic ballot box. Second, it creates universal verifiability, meaning anyone may determine that all of the ballots in the box have been counted correctly. No one is capable of altering a vote without being detected in such a system, not even administrators.
“The concept of secure voting has been studied in academia for a while now,” Bennun said. “Prior to Wombat, a number of very good end-to-end verifiable voting systems had been implemented, such as Prêt à Voter, Scantegrity and Helios. However, my team had a strong desire to take this effort a step forward. First, some prior systems suffered from technical issues such as operational complexity or lack of resilience to power outages. Or, they were less fitting for some election models worldwide, so more approaches needed to be developed and tested. Second, it is difficult to bring such a system to full maturity for testing in formal elections. We wanted to prove we could build and launch a fully commercialized product, with a good user experience and features such as a smartphone app for verifying that your vote was counted.”
The Wombat Voting system went on to become one of only a handful of verifiable voting systems successfully operated, servicing over two thousand voters in student council elections and over a thousand voters in primary elections.
Traditional Electronic Voting Vs. End-To-End Verifiable
Electronic voting essentially means that a computer stores in memory the votes for each candidate. This is done by letting voters scan a paper ballot, or selecting a candidate via a touch screen. The computer stores records of the votes and increases the vote count for the selected candidates.
Since the goal is to keep votes anonymous, the vote tally is often stored in a way that if maliciously altered, or even computed incorrectly due to a non-malicious flaw in the system, it cannot be validated or audited. Thus, ordinary voting machines using a simplistic voting protocol are fundamentally vulnerable to manipulation.
This gets even worse when considering that many U.S. electronic voting machines are vulnerable to cybersecurity attacks and data breaches because of the underlying hardware or software. Unfortunately, most of these machines are running on Windows XP and Microsoft hasn’t released a security patch since April 2014. Researches have shown that many of these machines are susceptible to malware or a well-timed denial-of-service attack.
End-to-End Verifiable voting systems, however, have well-defined security measures for privacy, verifiability and the tallying process. They typically use a public key cryptosystem, which means the voting machine can encrypt your vote, but no one can decrypt it without knowing the secret private key. They also use a form of encryption called a threshold cryptosystem, where a group of political party trustees share the secret private key in a way that no party can decrypt a message without the help of others. In other words, the voter can prove that he/she voted and that their vote was counted properly, but no single attacker can read or compromise their vote. In addition, the electronic tally is published online with proof, such that anyone can check its validity.
What is particularly appealing about the Wombat end-to-end verifiable system is its Voter Verified Paper Audit Trail (VVPAT), which makes electronic voting resilient and verifiable. One part of the computer-printed ballot, with the vote in plaintext, is cast into a ballot box as backup in case of any issues with electronic tallying. The second part of the ballot is scanned, uploaded to the ballot tracking web page, and given to the voter as a receipt to keep as proof that he/she voted. However, other systems such as Scantegrity, which works on top of optical scan voting systems popular in the U.S. and combines smart electronic confirmation codes with traditional paper ballots, might be more suitable for U.S. voting.
What’s the Next Step for Secure Voting?
Over the past few years, Bennun has transitioned from improving government security back to the commercial world, leading security products at Cisco where he co-managed its $300M Firewall business and at OneLogin, where he headed the building of its market differentiators and positioned the company as innovator in identity management. Bennun’s career experience allows him to provide a valuable perspective on how cybersecurity trends apply to secure voting going forward.
“Some people may consider Internet voting viable, but recent ransomware attacks have demonstrated just how malware could compromise data integrity on a large scale, ” explains Bennun. “Internet voting is not safe, and we should first figure out better solutions for in-person voting. The security vulnerabilities we see in the wild actually teach us the value of a low-tech approach, with the emphasis on having a paper trail. Cheaper commercial-off-the-shelf (COTS) hardware should make it easier to finally replace aging vulnerable electronic voting machines. In addition, some upcoming tech such as cryptographic ID cards or blockchain could potentially help secure some parts of the voting process in the future. ”
The question remains though - Should U.S. voters continue to cast their votes on the electronic systems currently used in America’s elections?
As we undergo a digital revolution, it only makes sense that electronic voting systems will continue to be used in the future. What does need to be made clear is that stronger security measures need to be taken immediately in order to secure votes and personal information.