On Super Tuesday, America's voting technology will be under intense scrutiny - CNBC

On Super Tuesday, America's voting technology will be under intense scrutiny - CNBC


On Super Tuesday, America's voting technology will be under intense scrutiny - CNBC

Posted: 02 Mar 2020 12:00 AM PST

Shelves and shelves of sequestered voting machines, wrapped with yellow caution tape, sitting unrecorded, and unused, at the Fulton County Election Preparation Center in Atlanta, Georgia on Tuesday November 6, 2018, after 700 voting machines in Fulton County were sequestered due to a lawsuit over paper ballots.

Melina Mara | The Washington Post via Getty Images

March 3 is Super Tuesday, when voters in 14 states will be making primary election candidate decisions. However, America's election technology has turned out to be a vital issue itself, as many voters worry about the security of the process.

The Iowa caucus on Feb. 3 was a significant cause. It took three days for results to be reported from IowaRecorder, an app made by Shadow, and the delays and disarray made some voters suspicious of the overall process.

Recognizing the many ways in which an election can be compromised, some companies are working on technological solutions that they say improve security. Eyal Elyashiv, CEO and co-founder of Cynamics, which provides threat detection AI for smart networks and cities, said that tech companies hoping to safeguard the voting process should use artificial intelligence to keep pace with the evolving threats.

"There has been an increase in machine-speed attacks across U.S. organizations," he said. "One strategic way to increase the safety of election technology is to apply AI to identify critical cyberthreats in a scalable way. AI-enabled cybersecurity solutions help cities streamline their election processes by identifying, isolating and deleting malicious software files and other cyberattacks in the most efficient way possible."

One company hoping to improve the voting process for mobile natives is Voatz, whose CEO and co-founder, Nimit Sawhney, wants people to cast ballots from their Apple, Samsung and Google smartphones. He said that the app uses a combination of facial recognition software, biometrics and cryptography to ensure that each voter can anonymously and securely make their choices. The app has been used by voters in Utah and voters in West Virginia.

The Voatz app allows people to cast ballots from smartphones, using a combination of facial recognition software, biometrics, cryptography, and blockchain to ensure that each voter can anonymously and securely make their choices, but a recent MIT study has claimed to find multiple vulnerabilities in the app.

Voatz

"It allows you as a voter to get verified on your smartphone against the registration database, to vote on your smartphone and to confirm that your selections were counted as cast," Sawhney said.

The actual voting happens within the app itself, which employs blockchain technology to store votes securely and make them available to whichever entity is counting them. Voatz also backs up every vote with a paper copy.

Voatz flaws alleged in MIT study

Not everyone is sold on Voatz. The app was the subject of a recent study at the Massachusetts Institute of Technology, which found what the researchers described as multiple vulnerabilities.

The study, conducted by graduate students Michael Specter and James Koppel under the guidance of MIT's Computer Science and Artificial Intelligence Lab's principal research scientist Daniel Weitzner, found that someone with remote access could discover a user's vote. It could then be changed via a hacked server.

They also said malicious actors could detect the voter's choice and stop their connection, thereby preventing the vote from recording.

"When you encrypt something, it protects the contents of what you're sending but not the length," Specter told CNBC. "So if you were choosing between two candidates with different names — one long and one short — you could actually tell which way someone voted based on the length of the encrypted data."

He said that it was also possible to determine a voter's intent by the amount of metadata sent, such as images of the candidate, the URL of the candidate's home page, or just general information about him or her. With that information in hand, a hacker could suppress a vote.

Voatz referred CNBC to its official statement on the MIT claims, describing the study as "fundamentally flawed." It said that "the foundation of the research is based on an Android version of the Voatz mobile-voting app that was at least 27 versions old at the time of analysis."

Furthermore, the app used in the study "was never connected to the Voatz servers," according to the statement. "This means that they were unable to register, unable to pass the layers of identity checks to impersonate a legitimate voter, unable to receive a legitimate ballot and unable to submit any legitimate votes or change any voter data."

The interference in the 2016 election was largely done through social media, not through interference with the polling mechanism. As citizens, we need to hold information sources accountable.

Eyal Elyashiv

CEO and co-founder of Cynamics

While election technology will continue to evolve to meet new threats, Heikki Nousiainen, CTO of the open-source technology company Aiven, said that companies hoping to safeguard the process will always have to split the difference between verifying a vote and protecting the voter's anonymity. He suggested that an open-source model could help achieve this.

"Having those implementations open and reviewable by outsiders can gain user trust, knowing that the systems are really designed correctly and doing what the technology claims to do," Nousiainen said.

This advice may have greater relevance after Super Tuesday, depending on how smoothly it goes. Many counties in California have changed their voting procedures since 2016, with some rolling out new technology for the very first time. Other states have made their changes as well, such as moving to voting machines with paper trails.

In 2019 the U.S. Elections Assistance Commission distributed $425 million to state election offices to strengthen election security. The Cybersecurity and Infrastructure Security Agency was also created when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018.

The integrity of the vote itself is not the only thing that needs protecting.

Cynamics' Elyashiv said that voters need to do their part as well, which includes making an effort to be more critical of what they see on the internet.

"The interference in the 2016 election was largely done through social media, not through interference with the polling mechanism," he said. "As citizens, we need to hold information sources accountable."

The biggest technology firms are attempting to solve election problems as well. People in the small Wisconsin town of Fulton were recently the first to try out software Microsoft designed — it was installed by the nonprofit VotingWorks in a partnership with the Wisconsin Elections Commission — to confirm that votes are being properly counted.

Fulton residents used Microsoft's ElectionGuard software to vote on who would join the local school board and hold a seat on Wisconsin's state supreme court. ElectionGuard counts votes electronically, while providing a separate means for voters to confirm that their votes are included in tallies. There were no glitches reported. 

The ElectionGuard technology won't be responsible for tallying votes in the Wisconsin primary election, however, and Microsoft — which had been the provider of voting technology to Iowa previous to Shadow's technology being used this year — said it does not have plans to get into the election-voting systems business. The company is offering the technology for free. At a time when big tech firms, such as Facebook and Twitter, have come under fire for their role in elections, Microsoft says the project is about restoring trust in the voting process. 

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

VPN browser extensions: Why you shouldn't use then - Tech Advisor

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com