From checking in at a polling place on a tablet to registering to vote by smartphone to using an electronic voting machine to cast a ballot, computers have become an increasingly common part of voting in America.
But the underlying technology behind some of those processes is often a black box. Private companies, not state or local governments, develop and maintain most of the software and hardware that keep democracy chugging along. That has kept journalists, academics and even lawmakers from speaking with certainty about election security.
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no interference with the results.
“It’s very much like the cybersecurity version of a tamper-proof bottle,” said Tom Burt, Microsoft’s vice president of customer security and trust, in an interview with NPR. “Tamper-proof bottles don’t prevent any hack of the contents of the bottle, but it makes it makes it harder, and it definitely reveals when the tampering has occurred.”
Developed with the computer science company Galois, the kit will be available free of charge for election technology vendors to incorporate into their voting systems.
Microsoft is partnering with a number of voting machine vendors, including the largest manufacturer in the country, Election Systems & Software, but it’s unclear how extensively the industry will use the new software in its offerings. The voting machine industry has traditionally been tight-lipped about its security practices.
Galois plans to use the new technology as part of an open-source voting system it is designing with grant money from the Defense Department. That system won’t be for sale, says Joe Kiniry, a principal scientist at Galois. Instead, it will serve as a model of a secure voting system that private companies can build off of.
“It gives the ability to double-check, even if a system is terribly written, even if it’s hackable, it gets detected,” said Kiniry. “It’s not magic pixie dust. We need this plus unhackable systems.”
The software works in tandem with voting systems that use paper ballots, which many states and counties are returning to after more than a decade of using touchscreen voting machines that didn’t produce a paper receipt.
An election system using Microsoft’s ElectionGuard would provide a voter with a unique code that would not reveal who or what they voted for. The code could then be used to follow the vote from the moment the voter casts it, after the voter has verified the selections are correct, to the moment it’s counted.
“For voters, the most tangible thing they would see from this is they would now have the ability to track the ballot as it goes through the entire process,” said Joe Hall, the chief technologist at the Center for Democracy and Technology. “Similar to what voters have with packages, or pizza, it will say this is at this facility, it has been counted.”
Microsoft’s Burt says he expects to see pilot use of the technology in the 2020 election, but because of how long certification and incorporation of new technology takes in voting, realistically, he hopes for “broad deployment” by 2024.
But that deployment will be only as broad as tight state and local government budgets allow.
“This will help voters track their votes; it’s going to build in this audibility that’s sort of the holy grail,” Hall said. “But it’s not going to reach the smaller jurisdictions that don’t have the money to upgrade or have older equipment.”