Microsoft offers software tools to secure elections
Microsoft announced an ambitious effort it says will make voting secure, verifiable and subject to reliable audits. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their proprietary voting systems.
The software kit is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA.
Dubbed “ElectionGuard,” the Microsoft kit will be available this summer, the company says, with early prototypes ready to pilot for next year’s general elections. CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle.
Nadella said the project’s software, provided free of charge as part of Microsoft’s Defending Democracy Program, would help “modernize all of the election infrastructure everywhere in the world.” Microsoft also announced a cut-rate Office 365 application suite for political parties and campaigns for what it charges nonprofits. Both Microsoft and Google provide anti-phishing email support for campaigns.
Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. Open-source software is inherently more secure because the underlying code is easily scrutinized by outside security experts.
Two of the leading vendors, Election Systems & Software of Omaha, Nebraska, and Hart InterCivic of Austin, Texas, both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for a third vendor, Dominion Voting Systems of Denver, said the company looks forward to “learning more” about the initiative.
Anyone with an existing voting system or developing a new one will be able to incorporate the ElectionGuard development kit – at the state or local level in the U.S. or national level for jurisdictions abroad.
“It can be used with a ballot-marking device. It can be used with an optical scanner, on hand-marked paper ballots,” said Josh Benaloh, a senior cryptographer at Microsoft Research and key contributor to the ElectionGuard project.
Benaloh helped produce a National Academies of Science report last year that called for an urgent overhaul of the rickety U.S. election system, which faced serious threats from Russian hackers who in 2016 attempted to infiltrate voting administration systems in several states.
That report called for all U.S. elections to be held on human-readable paper ballots by 2020. It also advocated a specific form of routine postelection audits intended to ensure that votes are accurately counted. While U.S. officials say there is no evidence of hackers tampering with election results, experts say systems used by millions of U.S. voters remain susceptible to tampering.
One election official who has been in informal conversations with the ElectionGuard project leaders is Dean Logan, who runs elections for Los Angeles County, the nation’s most populous, and is building an open-source voting system for it.
Election integrity activist Susan Greenhalgh of the National Election Defense Coalition said she hoped the project would encourage innovative thinking at the level that elections are actually managed.
ElectionGuard aims to provide “end-to-end” verification of voting in two ways, Benaloh said. First, it lets voters confirm that their votes are accurately recorded.
Second, the unique coded tracker it produces registers an encrypted version of the vote that keeps the ballot choice itself secret while ensuring votes are accurately counted. Outsiders such as election watchdog groups, political parties, journalists and voters themselves can verify online that votes were properly counted without being altered.
The system would also allow for reliable postelection audits and recounts. Microsoft executives say they also plan to build a prototype voting system for reference.
A spinoff of Galois called Free & Fair developed the sophisticated postelection audits , known as “risk-limiting,” for Colorado, which was the first U.S. state to require the audits recommended in the National Academies of Sciences report.
ElectionGuard is not designed to work with internet voting schemes – which experts consider too easily hackable – and does not currently work with vote-by-mail systems.
ES&S told The Associated Press via email that it was excited to partner with Microsoft and “still exploring the potentials” for incorporated the software kit its voting systems.
Hart InterCivic, the No. 3 vendor, said it planned a pilot project with Microsoft to “incorporate ElectionGuard functionality as an additional feature” layered over its core platform.
A spokeswoman for Dominion, the No. 2 vendor, said “We are very interested in learning more about the initiative and being able to review the various prototypes that are being planned, along with hearing more about other federally-supported efforts in the elections space.”
Edgardo Cortés, a former Virginia elections commissioner now with New York University’s Brennan Center, welcomed additional private sector support for election systems.
“I think it’ll take a while to catch on and see how beneficial (ElectionGuard) ends up being,” he said. “But I think it certainly does have a great deal of potential.”
Columbia University will be partnering with Microsoft to audit the pilots.