Building 83 doesn’t stand out on Microsoft’s massive Redmond, Washington, headquarters. But last week, the nameless structure hosted what might be the software giant’s most important product of 2020.
Tucked away in the corner of a meeting room, a sign reading “ElectionGuard” identifies a touchscreen that asks people to cast their votes. An Xbox adaptive controller is connected to it, as are an all-white printer and a white ballot box for paper votes. If you didn’t look carefully, you might have mistaken all that for an array of office supplies.
ElectionGuard is open-source voting-machine software that Microsoft announced in May 2019. In Microsoft’s demo, voters make their choices by touchscreen before printing out two copies. A voter is supposed to double-check one copy before placing it into a ballot box to be counted by election workers. The other is a backup record with a QR code the voter can use to check that the vote was counted after polls close.
With ElectionGuard, Microsoft isn’t setting out to create an unhackable vote — no one thinks that’s possible — but rather a vote in which hacks would be quickly noticed.
The product demo was far quieter than the typical big tech launch. No flashy lights or hordes of company employees cheering their own product, like Microsoft’s dual screen phone, its highly anticipated dual-screen laptop or its new Xbox Series X.
And yet, if everything goes right, ElectionGuard could have an impact that lasts well beyond the flashy products in Microsoft’s pipeline.
ElectionGuard addresses what has become a crucial concern in US democracy: the integrity of the vote. The software is designed to establish end-to-end verification for voting machines. A voter can check whether his or her vote was counted. If a hacker had managed to alter a vote, it would be immediately obvious because encryption attached to the vote wouldn’t have changed.
The open-source software has been available since last September. But Microsoft gets its first real-world test on Tuesday, when ElectionGuard is used in a local vote in Fulton, Wisconsin.
The local election will provide Microsoft an opportunity to find blind spots in the ElectionGuard system. The question is how many it will find. During ElectionGuard’s first demo at the Aspen Security Forum last July, Microsoft identified some user experience flaws. A big one: Voters were confused as to why two sheets of paper were printing out.
“This is a critical, important part of why we’re having this pilot next week,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, told a group of reporters at Building 83. “To find out, does this stuff all work? Do people verify? Do they do these things?”
Elections and the tech industry
Microsoft isn’t alone in looking to keep the vote safe from hackers, disinformation campaigns and other forms of interference. Tech giants, election officials and governments around the world are all tackling the issue after cyberattacks played a key role in the 2016 US presidential election.
Election security poses a maze of concerns beyond the potential for voting machines to be compromised. Political campaigns have been targeted, voter registration databases have been hacked and a lack of funding or training — sometimes both — has hampered local officials. Then there are the coordinated disinformation campaigns that use social media to undercut democracy.
The Department of Homeland Security says no votes have been tampered with in the last four US elections. But that doesn’t mean voting machines can’t be hacked. In 2017, the Defcon hacker conference introduced a Voter Hacking Village. Every year since then, attendees have found security issues with machines used in actual elections. Sometimes the vulnerabilities were found in as little as 15 minutes.
Many of these machines are still being used because red tape prevents software patches or the budget isn’t available to replace them.
Even if no votes had been hacked, the vulnerabilities present another thing to fret about: disinformation about the integrity of election results. US officials consider that to be more worrisome than a cyberattack. If you can be convinced that your vote was hacked, you lose confidence in the results. That’s potentially as powerful as the effects of an actual hack.
Microsoft isn’t alone in proposing solutions to the problem. Since 2016, many tech giants have rolled out programs aimed at buttressing trust in the system. Google’s Advanced Protection Program for political campaigns protects their accounts from basic cyberattacks. Facebook has plans to take on disinformation campaigns and protect campaigns that use the social network.
Still, Microsoft is the first major tech company to directly address voting machine infrastructure, the front line of election security. But it isn’t promising that ElectionGuard prevents machines from being hacked. Rather, it’s promising to make it obvious if a machine is hacked.
“This is not a system that cannot be hacked by an adversary. it is a system that is pointless for an adversary to hack,” Burt said. “Even if they can figure out a way to somehow influence that or change that, it would be detected by the system, and you can go to the paper ballots and do a hand count if you needed……Read More>>