Open source the secret sauce in secure, affordable voting tech
SAN FRANCISCO—The fastest, most cost-effective way to secure direct-record electronic voting machines in the United States, according to cybersecurity experts, is to stop using them. Switch to paper ballots and apply risk-limiting audits to ensure that vote tallies are conducted properly. And over the long term, consider switching to the cheaper—and more advanced and secure—voting technology that cybersecurity expert Ben Adida is dedicating his next career move to developing.
Adida’s new company, which he publicly announced at the Context Conversations event here Monday evening, which The Parallax co-sponsored, is the nonprofit VotingWorks. The company, which currently is hosted by another nonprofit Adida declined to name in a conversation after the event that eventually will become its own 501(c)3, has one goal: to build a secure, affordable, open-source voting machine for use in general, public elections.
With its focus on hardware and software for public elections, VotingWorks is different from Adida’s previous electronic voting system efforts, including Helios, an online voting system Adida said is best used in closed elections like those for university-level student body governments or corporate boards of directors.
In the aftermath of the 2000 election and the Help America Vote Act of 2002, the move away from paper ballots to electronic-only might have made sense from a technological point of view, Adida said, but it was actually bad for election officials.
“There’s no individual paper records that the voter is verifying,” Adida said. “So if anything goes wrong, what do you do? You don’t have anything to go back to.”
That issue came roaring into the current elections when reports from multiple Texas voters alleged that the eSlate machines they were using would sometimes change, without approval, the top vote on “full slate” or party-line vote option.
“I’m sure there’s a really good reason for why [the Texas eSlate machines] have this bug, but if they were using existing user-interface components, existing things that were battle-tested out in the world, this kind of stuff would have been debugged independently of the voting machine,” Adida said. Instead, he said, “a lot of these voting machines are built up from scratch.”
“How do you bake a pie? Well, first there’s the Big Bang, and then the universe, and eventually you get to the apple pie. Well, how about we start with the apples and go from there? That’s what we need in voting systems,” he quipped.
“I’ve always felt that eventually the vendors would catch up. The market would actually like to solve this, right?” Adida said. But “it’s not happening. So I’m going to try to do my part.”
VotingWorks, Adida told the Context Conversations audience, will “build open-source voting machines on commodity hardware. It will use paper, it will be easy to audit, and hopefully it can be a good complement to the efforts that San Francisco is making.”
“How do you bake a pie? Well, first there’s the Big Bang, and then the universe, and eventually you get to the apple pie. Well, how about we start with the apples and go from there? That’s what we need in voting systems.”—Ben Adida, founder, VotingWorks
San Francisco is one of the few voting jurisdictions in the United States that is exploring how to build its own voting machine from off-the-shelf hardware. Adida’s co-panelist, Chris Jerdonek, chairman of the San Francisco Elections Commission’s Open Source Voting System Technical Advisory Committee and former president of the commission, stressed why public elections are far more complicated than private ones.
Public elections in California have to accommodate everyone who lives in the voting jurisdiction, including people who speak different languages and have various physical disabilities, he said. And while the information about who is a voter is part of the public record, the votes themselves are cast by secret ballot.
Any open-source voting machine would have to protect that voting data while juggling the complex intersection of correctly interpreting handwritten marks on a paper ballot, integrating them with votes cast on a screen, and assisting in running audits of the process, he said.
For San Francisco, the basic open-source voting machine would need three hardware pieces, Jerdonek said: “An accessible voting machine for people with disabilities to mark a paper ballot,” “a precinct-based scanner that voters will put their paper ballot into, that will scan it, and check for errors,” and “a high-speed version of the precinct scanner that the jurisdiction would use to scan and tally vote-by-mail ballots.”
Each of these commonly available hardware components would need to run publicly developed, open-source software, Jerdonek said, similar to Mozilla’s Firefox browser or the Linux underpinnings of the Android ecosystem, to digitize the votes and tally them across machines.
The hardware he envisions powering future voting machines will sport secure boot (which allows only preapproved software to run on a device) and secure hardware, similar to devices that consumers already use today. “Two platforms that provide that: iOS and Chrome OS. iPads and Chromebooks,” Adida said. “But these are just initial ideas. This will be an iterative process; nothing is locked in. I’m going to start with a strong hypothesis, test it, and move from there.”
READ MORE ON ELECTION HACKING IN 2018
Funding fights lead to vulnerable votes
7 simple reasons to vote
Experts disagree on how to secure absentee votes
Context Conversations preview: Election security
Why current funding to secure U.S. elections ‘doesn’t cut it’ (Q&A)
There’s more to election integrity than secure voting machines
Mueller’s indictment of election hackers a cybersecurity ‘wake-up call’
A 2016 report by the University of Pennsylvania’s Wharton Public Policy Initiative called “The Business of Voting” concluded that if voters want to see more secure, cheaper, and easier-to-use voting machines, the systems for developing and selling voting machines in America need to be overhauled.
Little has changed in the aftermath of the 2000 election and its hanging chads, which led directly to the Help America Vote Act, the last major attempt by the U.S. government to invest in and computerize voting technology, the report says. “The industry that provides the hardware and software for the election process has been scarcely studied and often is opaque, even to election administrators, policymakers, and representatives at other governmental and nongovernmental organizations that support or directly participate in the election process.”
The report concludes that the municipalities that buy electronic voting machines should form coalitions that can better leverage voting-machine vendors to reduce prices and customize their needs; invest in open-source, commodity technology; and revise the voting-machine certification process to enable the approval of cheaper, off-the-shelf components for public voting use.
Adida and Jerdonek point to the report as an encouraging sign that their efforts are on the right path. But to achieve their goals will take more investment than either has secured at the moment. Jerdonek is restricted to the funds allocated by San Francisco’s government—about $300,000 so far. Adida, meanwhile, hopes to raise tens of millions of dollars in donations over several years.
“One thing that I hope I’ll be able to achieve with VotingWorks is to move quickly. I want to show off prototypes in the spring [of 2019]. I don’t want this to be a many-years process,” Adida says. “But I don’t want to overstate where we are with VotingWorks. There’s lots of discussion happening, as with any open-source project. And whatever your concerns are about voting machines, go out and vote today.”