Even Before Russian Interference, US Election Tech Was Failing

The Senate Intelligence Committee recently released a report detailing Russia’s interference in the 2016 election. Russian interference is nothing new – discourse since 2016 has focused on Russia’s (technically legal) social engineering and manipulation of social networks. The report, however, confirms Russia’s definitively illegal interference with electronic voting systems, and “the US was unprepared at all levels of government for a concerted attack from a determined foreign adversary on our election infrastructure,” said Committee Chairman Richard Burr in an accompanying statement.

Given American technological capabilities, how was this interference possible?

Voting is still in the dark ages

Voting lies at the heart of democracy, yet it has failed to make the same technological advancements that we’ve come to expect in other facets of our lives. Almost five decades into the “digital revolution,” we still consider paper ballots the “secure” standard for choosing leadership.

Why don’t we vote electronically?

Implicit in our trust of paper-based systems is a distrust of technology. Although technology has the potential to revolutionize the democratic process, the digital voting systems currently in place are often far from secure.

Today’s electronic ballot boxes, when implemented incorrectly, pose astonishing risks: For example, the US’ electronic ballot systems (called DRE, which stands for “direct electronic recording”) have notoriously relied on Windows XP, a software released in 2001. In 2014, security expert Carsten Schuermann hacked into a DRE machine over a Wi-Fi network in mere minutes by exploiting Windows XP’s old security protocols.

Other hackers have successfully reprogrammed the same voting machines to blast “Never Gonna Give You Up” by Rick Astley. Newer DRE machines have also been plagued by malfunctions, occasionally casting a vote for the wrong candidate or simply shutting down altogether.

Internet-based voting has failed similarly. In 2004, the US hoped to pilot an online voting system called SERVE, which was built to facilitate ballot-casting for overseas Americans. A day before implementation, the SERVE pilot was stopped, as the system was shown to be vulnerable to attacks.

Even 15 years later, voting online through personal computers or smartphones poses security risks. Developers with legitimate access to computer and mobile applications or malicious hackers equipped with the right malware and viruses could easily manipulate votes.

Has electronic voting ever been successful?

Some countries have successfully implemented digital voting. In 2005, Estonia introduced an Internet-based voting system, which is now used by over 30% of eligible voters. Estonia’s system has drastically increased voter turnout, and elections have been lauded as “free and fair.”

However, some experts have raised concerns about the system’s integrity:

“Operational security is lax and inconsistent, transparency measures are insufficient to prove an honest count, and the software design is highly vulnerable to attack from foreign powers.”

The voting system has been accused of relying on “blind trust” in digital systems such as computers and servers.

In response, Estonia reiterated that its voting systems have been implemented in recent years without incident. That said, unlike Estonia, the US is the epicenter of power, making its elections more appealing to steal or manipulate.

What does the future of online voting look like?

For an electronic voting system to succeed, there are key security criteria that must be met:

Accuracy – The ability to ensure that votes are recorded and counted properly.
Privacy – The dissociation of one’s vote from a specific candidate, so that digital votes don’t lead to personal data leakage.
Accountability – The ability to verify votes as real (and not bots), representative of an authentic, eligible citizen.
Uniqueness – The ability to vote only once (so no digital ballot-stuffing).

Stanford cryptography professor Ben Lynn shared a brilliant solution to electronic voting that meets all of the above criteria. His proposal relies on mathematically fool-proof concepts such as public key infrastructure (PKI) and zero-knowledge protocols (ZKP) that guarantee safety and security. The only challenge is implementation – the US currently lacks the infrastructure needed to implement secure electronic voting solutions.

Why is Internet-based voting important?

The current archaic voting system is time consuming, inefficient, and aggravating – especially for younger generations that have grown up surrounded by quick, powerful technology. The convenience of voting on a personal computer or smartphone is also a great equalizer, as it would allow eligible voters to participate in democracy from any physical location.

Counting ballots is costly, slow, and often inaccurate. Not only would Internet-based voting save thousands of work hours, but they would also enable accurate, real-time data to be shared with citizens and news agencies.

Trusted Internet-based voting systems would increase both confidence in fair elections and voter turnout, improving the integrity of democracy itself. It’s time for change: Let’s create a new system fit for the technological era.

read original article here