Microsoft pushes open-source software kit to election agencies, voting-tech vendors
Election officials around the U.S. could soon have access to an open-source software development kit from Microsoft that is intended to make voting more secure and transparent.
The software kit, called ElectionGuard, will allow third parties to validate election results and voters to ensure their ballots were correctly counted, according to Microsoft. Each voter would get a unique code to track the encrypted version of his or her vote to confirm that it was not altered.
“It will not be possible to ‘hack’ the vote without detection,” Tom Burt, a Microsoft corporate vice president, asserted in a blog post Monday. He touted the kit’s use of homomorphic encryption, which will allow votes to be counted without decrypting the data, as a feature that will protect votes individually and collectively.
The software, which will be available starting this summer to election agencies and vendors, is meant to supplement, rather than replace, paper ballots. Its code will be posted to GitHub, and can be layered onto existing voting software for added integrity.
The tech giant plans to have ElectionGuard ready for piloting in the 2020 elections — a vote that federal, state, and local officials are already preparing to secure. Last month, FBI Director Christopher Wray said protecting the 2018 U.S. midterm elections from foreign meddling was a “dress rehearsal for the big show” of the 2020 presidential contest.
Some election security experts welcomed Microsoft’s decision to take the initiative on the issue.
“By providing an open-source method for voters, advocates, and researchers to verify that cast votes have been counted accurately, Microsoft has shown its corporate commitment to bringing trustworthy elections to everyone,” said Maurice Turner, senior technologist at the Center for Democracy and Technology. “I hope that other companies will follow this example and push the technical envelope toward safe and secure elections.”
Aaron Wilson, senior director of election security at the nonprofit Center for Internet Security, said his organization believes “this technology has significant potential to improve the future of voting.”
It will be up to the country’s big election-equipment vendors – Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic – whether to incorporate the new software kit into their systems. Of those three, Microsoft said that ES&S and Hart InterCivic were exploring how to deploy the software. The three companies have been under increasing pressure to take more measures to improve their products for 2020 and beyond.
Steven Sockwell, vice president of marketing for Hart InterCivic, said his company would test ElectionGuard through a pilot program with the vendor’s own voting software, Verity.
“Verity would operate the way it currently does but would also support providing individual voters with the codes needed to track and validate their ballot as described in the ElectionGuard program materials,” Sockwell told CyberScoop in an email.
An ES&S spokesperson said the company is “exploring the potential for how this new [software development kit] could be incorporated into ES&S voting systems, and we are excited to see its development and learn more about this emerging technology.”
Kay Stimson, vice president of government affairs at Dominion Voting Systems, said her company is “very interested in learning more about the initiative and being able to review the various prototypes that are being planned, along with hearing more about other federally-supported efforts in the elections space.”
Galois, an Oregon-based systems-engineering company, is helping develop code for ElectionGuard. The Defense Advanced Research Projects Agency (DARPA) has given Galois a $10 million contract to build an open-source voting on secure hardware. Microsoft cast the ElectionGuard initiative as part of that quest for “end-to-end” verification of voting results.
UPDATE, 9:08 p.m. EDT: This story has been updated with comment from the Center for Internet Security and Dominion Voting Systems.