Posted August 11, 2020
Black Hat USA is one of the biggest events in the cybersecurity world, and the infosec community gathers once a year for several days of training, briefings and demos. Due to COVID-1
Matt Blaze gave an extremely relevant keynote with the title “Stress-Testing Democracy: Election Integrity Under a Global Pandemic”. Blaze is a cryptographer and professor of computer science who holds the McDevitt chair in computer science and law at Georgetown University. His work focuses on the security of systems on a scale, and on the intersection of technology and public policy. In the following, we take you through the main points of his lecture.
The problem of safe choices
Blaze began by reflecting on the relationship between technology, elections and democracy. He points out that in order for people to have confidence in the outcome of the election, they must have confidence in it mechanisms as voices are recorded and tabulated – especially when the mechanisms become more complicated, such as for voting machines and computer tuning. But Blaze notes that it is actually quite difficult to guarantee the security of elections, and says: “I am a computer scientist studying computer security, which is full of terribly hard problems. I do not think I have ever encountered a problem that is more difficult than the security and integrity of the citizen election.
Part of this difficulty lies in the fact that democratic elections have two key demands that are fundamentally contradictory: on the one hand, we want voting to be secret, and for citizens to be able to cast ballots anonymously; but on the other hand, we need the results of the election to be verifiable, so that voting can be revised according to the fact if the need arises. In the United States, there are other challenges as well. There are a large number of potential voters (around 230 million people are eligible to vote in the upcoming election in November), but the management of the election is largely decentralized, with small local authorities operating thousands upon thousands of polling stations across the country.
So how safe is the US election? Blaze says that although voting mechanisms in the United States are quite well reinforced against traditional threats to the integrity of elections – things like the ballot paper and mismanagement – they may not be able to handle more modern threats such as interference and disruption caused by foreign opponents. He also points out that there is good reason to worry about direct attacks on voting systems, saying: “Every current voting system that has been examined is terrible in some way and can probably be exploited.”
Make choices safer
Many people have strong feelings about how to make choices safer. But Blaze says there are serious problems with the most common approaches to the problem.
At one end of the spectrum, you have people who say that the only way to make choices really safe and tamper-proof is to eliminate the software’s role in voting completely. But Blaze points out that this is easier said than done: Backend tallying is very dependent on software, even if votes are cast without it; and many related election processes, such as voter registration and reporting, are highly software dependent. In addition to a system where each ballot is counted by hand, it is not clear that humans would do better than software to accurately tabulate votes in scale. A final concern is that eliminating software from the voting process may reduce the availability for some voters.
On the other hand, you have people who want to solve security issues with choices with more technology, often appealing to ideas such as blockchain voting. But there is little reason to believe that a blockchain voice system would actually solve the overall problem of software vulnerabilities, because it would still depend on the integrity of the client software that writes the voices. to block chain. Furthermore, there are a couple of reasons why blockchain technology, by its nature, may not be a good choice for choice. First, while it is good at detecting tampering, it is not really designed for that prevent intervention. And second, while blockchain tech’s decentralization is perfect for something like Bitcoin, it’s not nearly as appropriate for public elections, which are not. meant to be decentralized: They are specifically meant to be administered and managed by civilian authorities.
Blaze believes that a mid-term approach is needed to make safe, modern choices – and he points out that there is some good news here: The 21st century has already given us the conceptual and analytical tools needed to get the job done. He identifies two recent breakthroughs in security of choice: software independence and risk mitigation audits.
Software independence is a concept that can be used to design secure voting systems. It stipulates that all software used in a voice system must be implemented in such a way that one undiscovered software change (either unintentional or malicious) can never lead to a undetectable change in the outcome of the election. Thus, software-independent voice systems are free to use software, but must be designed in such a way that the results they provide are auditory.
The second breakthrough that Blaze mentions is the risk-reducing supervision. This is a statistical methodology where election results can be verified. A risk-limiting audit involves careful selection and examination of samples of the results from voting machines with optical scanning. If done correctly, it is a feasible way to establish – with an extremely high degree of mathematical certainty – that the voting machines report results accurately. In other words, as Blaze puts it, it makes you feel confident that “the reported election results are the same results you get by counting all the ballots – but without having to count all the ballots”.
COVID-19 as game changer
According to Blaze, there has been progress in implementing these two important ideas, and computer scientists like him had begun to feel cautiously optimistic about solving the problem of choice. But then, of course, hit COVID-19 – and produced a number of new challenges.
He points out that due to the pandemic, there will probably be an increase in voters who cannot vote in person, and that some local polling stations may not be able to function at all. In addition, some voters may be displaced – perhaps even in hospital or quarantined – and therefore unable to vote as they normally would. All of this is likely to put a huge strain on the system to handle exceptions to the normal voting process: ie post-in voting.
The challenges of upscaling postal votes to the extent required by pandemic conditions are formidable. But Blaze believes that we can analyze the problem and determine the right course of action by thinking about systems and logistics.
He cites several key issues that need to be addressed. To begin with, we must keep in mind that the processing of post-in ballot papers is extremely labor-intensive. In particular, it takes a lot of time and effort to handle cases where there appears to be a mismatch between the required signature on the outer envelope of a post-in ballot paper and the voter’s signature kept by the election officials. This means that processing centers are likely to need to recruit and train more personnel to handle the overflow. In addition, there are basic physical capacity issues to deal with: printing, sending and storing a large number of additional ballot papers; the capacity of ballot papers used to count the votes; and so on.
So what should be done? Unfortunately, no one really knows what’s going to happen when we get closer to November: We may see a huge wave of requests for post-in ballot papers, or there may be a large number of people deciding to go to the polls in person . And when we know how things will go, it will be too late to change course if we find that we have done wrong.
According to Blaze, this simply means that we need to prepare for a wide range of possible scenarios … some of which may not actually happen. If it turns out that most not choose to submit a vote, we may end up with stock full of unused paper votes; Alternatively, we may have thousands of boring pollsters sitting on their hands on election day if turnout is low.
This complexity – and the uncertainty – means that local election officials will need help if they are to prepare for election day. And while that help will need to come from several quarters, Blaze believes that members of the infosec community, because of their expertise and because of the kinds of issues they are used to working with, are uniquely suited to provide a hand. He ended the talk with what he called a “call to arms” and encouraged listeners to get in touch with local election officials, and to engage with them, perhaps by volunteering to work at a polling station, to earn a living. as a signature judge for email voting, or to use their technical skills to provide IT support. Blaze closed the keynote on an optimistic note, saying, “We can do this. But we must want it. And we must all take responsibility for this.