Posted on 07/21/2019 12:23:39 PM PDT by dayglored
'Defending democracy' initiative to resist nation-state attacks
Microsoft has demonstrated its ElectionGuard electronic vote system at the Aspen Security Forum under way in Colorado and warned that nearly 10,000 of its customers have been targeted by nation-state attacks.
ElectionGuard aims to enable end-to-end verification of voting. Voters receive a tracking code and can check via a web portal that their vote has been counted, and, crucially, not altered. The portal does not show the content of the vote, protecting voter confidentiality. "It will not be possible to 'hack' the vote without detection," said Microsoft's Tom Burt, CVP of Customer Security and Trust, in a post about the company's latest efforts to counter threats against democracy.
The system uses homomorphic encryption to allow data to be used in computation while still encrypted.
The demo uses a Microsoft Surface tablet with an optional Xbox Adaptive Controller, an accessible input device originally created for gaming. A standard printer outputs a printed version of the vote which can be dropped into a ballot box, showing how the system can be used in combination with paper ballots.
Microsoft will not be making ElectionGuard systems, but is waving it at voting technology vendors. Burt said the company will work with suppliers of "more than half of the voting systems used in the United States today". It has now added two more to the list, Smartmatic and Clear Ballot.
The code for ElectionGuard will be open source and posted on GitHub later this summer.
While not directly related to voter fraud, Burt also said Microsoft's Threat Intelligence Center had detected nation-state attacks on nearly 10,000 customers. "About 84 per cent of these attacks targeted our enterprise customers, and about 16 per cent targeted consumer personal email accounts," he said.
Microsoft claims the majority of nation-state activity is from actors in Iran, North Korea and Russia, and has assigned codenames to them: Holmium and Mercury from Iran, Thallium from North Korea, and Yttrium and Strontium from Russia. The motives of these actors could be intelligence gathering as well as searching for ways to achieve political objectives.
The company also has a project called AccountGuard, which is designed to protect "customers in the political space". This works in conjunction with Office 365 and offers extra security checks and notifications as well as best practice security guidelines and a direct line to support.
AccountGuard was specifically opened up to the UK on October 2018. In order to qualify, you have to be among "candidates running for office; the campaign organisations of all elected politicians; political parties; technology vendors who primarily serve campaigns and committees; and certain charity and non-governmental organisations, such as bodies that organise the electoral process, involved in the democratic process," the post explained.
Could ElectionGuard or something like it be taken up in the United Kingdom? We asked the Electoral Commission, which observed that any changes to the way elections are conducted have to be done through legislation so don't hold your breath. The commission also considers that electoral fraud in the UK uncommon. You can see its report on the 2018 local elections here.
There is a bigger issue, though, to do with the vulnerability of voters to manipulation via social media or other means. In this case, the vote is valid but may be based on false information. The extent of funding for political campaigns is another issue and you will find plenty of instances of breaches on the Electoral Commissions site likely to be the tip of a large and ugly iceberg.
"No single company can tackle these issues, and the need to protect democracy is more important than corporate competition," said Burt. Too right, but even with Microsoft's laudable efforts there is little cause for optimism. ®
I smell Soros.
At least it’s Open Source, available on GitHub. That’s a positive step.
Who watches the Watchers?
Noticeably absent is China. Why? Because Microsoft want to continue doing business in that country.
What could possibly go wrong?
What could possibly go wrong?
Just because it is open source doesn’t make it better!
With the open source license, a government “actor” can easily take the original source code and easily modify it to cheat.
And don’t think for a second that a bad actor like the state of California would hesitate for one second to use this for the benefit for the Democrats!
I dont believe the code they claim to be running will actually be the code that is running.
Microsoft is a private libtard run company. They have no right to just assume any mantle of “security” in official us elections.
Yeah the present system is just so much better /s/
Mixed views on this. Hopefully some sharp people will be able to keep it from being tampered with and it should stop the votes being miraculously discovered in the trunk of abandoned vehicles.
Google will have control of the results somehow. And the process allows cheating in so many ways.
Electronic voting is one of the greatest frauds ever perpetrated on the ballot box. No genuine trail exists. Paper ballots are the only way to go. Along with actually enforcing all the tried and true methods of keeping democrats from printing fake ones.
A copy of the code will be on github.
Maybe a sanitized copy. Unless every polling station has.. no wait, even that won’t work.
All vote on one day.
Must provide proof of citizenship to be compared to the voting rolls.
Picture ID required.
Finger dipped in purple ink.
...enable end-to-end verification of voting...
*********************************
Sadly, this would do absolutely NOTHING to verify the true identity and legitimacy at the FRONT end of the verification chain. In vote harvesting who did the actual voting...the harvestee or the harvester? Who really did the voting on absentee ballots? Is the voter a citizen? Is the voters vote being counted in the precinct of his/her actual legal residence? Has there been confirmation that this individual voter cant only a single ballot NATIONWIDE?
ALRIGHT! We’ll be the only country on earth that will have an election uncertifyable due to a blue screen of death.
Forget all this, go back to paper ballots, and end all political commentary and coverage of the elections the week up to the elections and election night.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.