This tech to secure voting machines won't be ready by 2020

This tech to secure voting machines won't be ready by 2020

A voter leaves the polling booth during the U.S. presidential election in Philadelphia, Pennsylvania, U.S. November 8, 2016. REUTERS/Charles Mostoller

LAS VEGAS—A blue box on display here at the DEF CON security conference could make voting machines much more secure—and the circuitry inside might do the same for consumer gadgets.

demonstration by the Pentagon’s Defense Advanced Research Projects Agency and Portland, Ore-based Galois only points the way towards harder-to-hack voting machines. 2020 is way too soon for your ballot to benefit from the work getting a public debut at the cybersecurity convention.” data-reactid=”23″>The demonstration by the Pentagon’s Defense Advanced Research Projects Agency and Portland, Ore-based Galois only points the way towards harder-to-hack voting machines. 2020 is way too soon for your ballot to benefit from the work getting a public debut at the cybersecurity convention.

But it could help put a stop to some of the more common cyber attacks on your connected devices.

Tap here to vote

Voting Village exhibit might not seem different from that of the obsolete voting machines lined up for inspection nearby.” data-reactid=”26″>The voting experience of the DARPA/Galois hardware at the Voting Village exhibit might not seem different from that of the obsolete voting machines lined up for inspection nearby.

You choose answers to such questions as “Favorite Star Wars Movie” and “Correct Pronunciation of GIF” on a touchscreen, a paper prints out with your choices and a QR code storing them, and you feed that into a scanner.

System Security Integration Through Hardware and Firmware project–SSITH for short.” data-reactid=”28″>But the circuit board inside a blue frame attached to that scanner incorporates the work of DARPA’s System Security Integration Through Hardware and Firmware project–SSITH for short.

“Yes, we did kind of make that fit inside the acronym,” program manager Linton Salmon said of the Star Wars reference during a talk Friday.

SSITH aims to build processors on open-source architectures that resist most common hacking techniques at the hardware level, if at some cost in performance.

“Most of the manufacturers of processors over the last 15 to 20 years have been primarily concerned with performance and power,” said Galois researcher Dan Zimmerman in an interview Saturday. One objective of this project is to quantify the cost of this added security in those areas.

An example of the SSITH in a voting machine. (Image: Rob Pegoraro)

Next year at DEF CON, this team hopes to see five different polling-place demos built on this design. But it would fall to other parties to ship voting hardware—as Salmon emphasized in an interview Saturday, “The SSITH program is not about voting results and security.”

buffer overflows (in which an attacker shoves excess data into an input field, causing a crash that opens memory in which hostile code can run) would help in areas from connected appliances to supercomputers.” data-reactid=”44″>That’s because their ambitions exceed elections. Processors that shrug off such common tactics as buffer overflows (in which an attacker shoves excess data into an input field, causing a crash that opens memory in which hostile code can run) would help in areas from connected appliances to supercomputers.

Our long national hangover continues

the 2000 election and its travails with punch-card ballots.

Help America Vote Act mandated replacing old, analog voting machines with newer and smarter models. Vendors met that demand with a round of devices built on general-purpose Windows platforms at a time when Microsoft (MSFT) was much more innocent about network threats.” data-reactid=”47″>The quickly-passed Help America Vote Act mandated replacing old, analog voting machines with newer and smarter models. Vendors met that demand with a round of devices built on general-purpose Windows platforms at a time when Microsoft (MSFT) was much more innocent about network threats.

“Almost everything produced to comply with the Help America Vote Act has had terrible security vulnerabilities,” said Voting Village co-founder and Georgetown University law and computer science professor Matt Blaze in a talk Friday. “We took a problem that was hard, and we added software to it.”

offered so many vulnerabilities that any red-blooded, purple-haired DEF CON hacker would laugh at the challenge of exploiting one.

still in service in 14 states suffer the same architectural defects of recording votes without a paper ballot first seen by the voter—meaning you must take the computer’s word for it. Newer proposals to collect ballots on blockchains also leave no analog records.” data-reactid=”50″>Those machines have long since been retired, but others still in service in 14 states suffer the same architectural defects of recording votes without a paper ballot first seen by the voter—meaning you must take the computer’s word for it. Newer proposals to collect ballots on blockchains also leave no analog records.

“risk-limiting” audit.” data-reactid=”55″>While Blaze allowed that DARPA’s work could open useful possibilities, he said it was more important to move to systems that record votes on paper—and then verify each count with a quick “risk-limiting” audit.

What we can do now

blocked votes on Democratic-supported bills to mandate more secure voting systems.

“Why hasn’t Congress fixed the problem? Two words: Mitch McConnell,” roared Sen. Ron Wyden (D.-Ore.) in a talk Friday. “I sure wish he had been walking around with me in the Voting Village, seeing a who’s who of hackable voting machines.”

Wyden also cast blame on the voting-machine lobby for flexing its “very big political biceps” to lock in contracts from states for “a new generation of overpriced, unnecessary technology.”

have a plan for this, announced in late June, but McConnell could easily still be around to block that.” data-reactid=”60″>But Wyden’s suggested remedy—that everybody at DEF CON tweet their support for election-security legislation—seems unlikely to move the immovable Kentuckian. Sen. Elizabeth Warren (D.-Mass.) and presidential candidate does have a plan for this, announced in late June, but McConnell could easily still be around to block that.

If you live in a state that’s adopted voting-security initiatives on its own—perhaps Nevada, whose deputy secretary for elections Wayne Thorley said in a talk Saturday that “the 2020 election will be much more secure than the 2016 election”–that could be fine.

Otherwise, you may have to hope the dice keep landing in your favor.

Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.” data-reactid=”63″>Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.

div#stuning-header .dfd-stuning-header-bg-container {background-image: url(https://safevoip.co.uk/wp-content/uploads/2017/04/slider.jpg);background-size: initial;background-position: top center;background-attachment: initial;background-repeat: no-repeat;}#stuning-header div.page-title-inner {min-height: 650px;}