Posted on 07/21/2019 12:23:39 PM PDT by dayglored
'Defending democracy' initiative to resist nation-state attacks
Microsoft has demonstrated its ElectionGuard electronic vote system at the Aspen Security Forum under way in Colorado and warned that nearly 10,000 of its customers have been targeted by nation-state attacks.
ElectionGuard aims to enable end-to-end verification of voting. Voters receive a tracking code and can check via a web portal that their vote has been counted, and, crucially, not altered. The portal does not show the content of the vote, protecting voter confidentiality. "It will not be possible to 'hack' the vote without detection," said Microsoft's Tom Burt, CVP of Customer Security and Trust, in a post about the company's latest efforts to counter threats against democracy.
The system uses homomorphic encryption to allow data to be used in computation while still encrypted.
The demo uses a Microsoft Surface tablet with an optional Xbox Adaptive Controller, an accessible input device originally created for gaming. A standard printer outputs a printed version of the vote which can be dropped into a ballot box, showing how the system can be used in combination with paper ballots.
Microsoft will not be making ElectionGuard systems, but is waving it at voting technology vendors. Burt said the company will work with suppliers of "more than half of the voting systems used in the United States today". It has now added two more to the list, Smartmatic and Clear Ballot.
The code for ElectionGuard will be open source and posted on GitHub later this summer.
While not directly related to voter fraud, Burt also said Microsoft's Threat Intelligence Center had detected nation-state attacks on nearly 10,000 customers. "About 84 per cent of these attacks targeted our enterprise customers, and about 16 per cent targeted consumer personal email accounts," he said.
Microsoft claims the majority of nation-state activity is from actors in Iran, North Korea and Russia, and has assigned codenames to them: Holmium and Mercury from Iran, Thallium from North Korea, and Yttrium and Strontium from Russia. The motives of these actors could be intelligence gathering as well as searching for ways to achieve political objectives.
The company also has a project called AccountGuard, which is designed to protect "customers in the political space". This works in conjunction with Office 365 and offers extra security checks and notifications as well as best practice security guidelines and a direct line to support.
AccountGuard was specifically opened up to the UK on October 2018. In order to qualify, you have to be among "candidates running for office; the campaign organisations of all elected politicians; political parties; technology vendors who primarily serve campaigns and committees; and certain charity and non-governmental organisations, such as bodies that organise the electoral process, involved in the democratic process," the post explained.
Could ElectionGuard or something like it be taken up in the United Kingdom? We asked the Electoral Commission, which observed that any changes to the way elections are conducted have to be done through legislation – so don't hold your breath. The commission also considers that electoral fraud in the UK uncommon. You can see its report on the 2018 local elections here.
There is a bigger issue, though, to do with the vulnerability of voters to manipulation via social media or other means. In this case, the vote is valid but may be based on false information. The extent of funding for political campaigns is another issue and you will find plenty of instances of breaches on the Electoral Commissions site – likely to be the tip of a large and ugly iceberg.
"No single company can tackle these issues, and the need to protect democracy is more important than corporate competition," said Burt. Too right, but even with Microsoft's laudable efforts there is little cause for optimism. ®
No, no, that’s the beauty of it being Open Source.
Microsoft’s BSOD is Proprietary. It only can appear in Windows.... :-)
What a radical idea.
You sound like a troublemaker. :-)
LOL!
And you single-handedly solve a nationwide problem for a grand total of what? $500,000? Too simple for government to consider.
Bad idea.
BAD IDEA!
We need to go to all paper ballots counted by hand in front of many witnesses.
We might even need to go to non-secret ballots like a caucus.
He who casts the vote determines nothing, he who counts the vote determines everything.
Venezuela used an ElectionGuard type software,
to install a voter fraud Socialist government,
that transformed a wealthy people into impoverished peasants.
ElectionGuard poverty coming soon ...
BALLOT PICTURES
Mandatory Ballot Pictures let the people verify the count.
Where is the Republican Judge demanding it?
Slam that gavel in the name of Ballot Pictures.
All distraction. The only significant vote tampering will be neighborhood “organizer/activist/agitator/manipulators” who go around “harvesting” absentee ballots, which means they fill them in themselves; this happened LEGALLY in several areas in 2018, and will happen in the MILLIONS in 2020; will very likely swing the election the wrong way. We are under massive attack from the Stalinist Old Guard, make NO MISTAKE.
I ain’t no Expert, not by a long shot, but as I understand it, if it ain’t “Block Chain” it can’t be trusted.
I don’t know if you caught that it will be end to end. That’s what I’m worried about.
Electronic vote, paper ballot, purple ink, no mail in ballot save for military members.
If you don't care about secret ballots, it's easy. If you do, it is much more difficult to do. If you're interested in the nitty-gritty of this, do a google for "Bruce Schneier electronic voting". He's written several essays on all of this that goes into detail of the 'whys' of exactly how difficult this is to do correctly. Yeah, if you read other stuff of his, you'll see that he's a leftist (generally), but he is directly on point for this issue. I read his monthly newsletter because I respect him regardless of his politics after having read "Applied Cryptography" many years ago.
LOL. The BSOD will be the least of our worries.
The biggest problem with doing away with secret ballots is that it makes fraud verifiable. Let's say Mallory pays Alice $20 to vote for socialist candidate A. With a secret ballot, Alice can go into the voting booth, and cast a ballot for Constitutionalist Candidate B, step out of the voting booth and collect her $20, with Mallory being none the wiser.
I don’t know what the solution is but with secret ballots fraud can take place by adding or removing ballots from the count and nobody will ever know.
I think it might be easier to catch vote buying than secret ballot fraud.
I’m trying but not succeeding. Just because it shows on your end your vote went to X doesn’t mean it did on the other end.
tint = tiny
I’ve never understood how a person can be smart and liberal at the same time. Common sense seems to debunk all their ideas. Weird. But yeah, Schneier on crypto is awesome.
“Trouble” is my middle name!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.