Microsoft bets on ElectionGuard SDK to fortify election security
Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of electronic voting machine results.
Microsoft is aiming to make voting more secure with a free, open source software development kit dubbed ElectionGuard.
ElectionGuard, which was unveiled earlier this month during the Microsoft Build conference, was designed to enable end-to-end verification of elections, allow voters and third-party organizations to verify election results, and allow individual voters to confirm their votes were counted correctly.
Microsoft worked with Oregon-based security tech company Galois on the implementation and design of the SDK. (Microsoft said it was unavailable to comment on ElectionGuard.)
"The point of it is to enable election vendors, and really anyone who wants it, to securely implement elections systems," said Joey Dodds, research engineer at Galois. "It's really important to note that when we talk about end-to-end verifiability, which is one of the main properties that we want and that ElectionGuard provides, that guarantee won't extend to systems that do not use paper ballots. ... If you want end-to-end verifiability you must use paper ballots."
ElectionGuard has the potential to make a difference in the future of voting and is a step in the right direction, said Aaron Wilson, senior director of election security at Center for Internet Security.
This article is part of
Technology a double-edged sword for U.S. election security
"We support Microsoft's mission for secure, verifiable and auditable election," Wilson said. "If it meets all the claims that it is making, it would represent a very difficult voting system to hack and it would be an improvement over what we have today -- but again that would be in combination with the paper ballot."
Dodds said Galois worked on the APIs for ElectionGuard, which he said was a critical part of the open source SDK.
"One of the things you want with ElectionGuard SDK is it is very hard to misuse. ... We put a lot of effort into very carefully designing this API in such a way that anybody can really use the SDK and can be confident that they're using it correctly," he said.
With end-to-end verifiability, Dodds said, there is a lot of information about the election that can be made public without any risk to the privacy of the election or individual voter privacy. This can be done using the encryption that's built into the ElectionGuard SDK, he added.
The use of homomorphic encryption
In a blog post, Tom Burt, corporate vice president of customer security and trust at Microsoft, shared how ElectionGuard's end-to-end verification of election results is achieved in two ways.
Joey DoddsResearch engineer, Galois
An election system using Microsoft's ElectionGuard SDK would provide voters with a unique tracking code, which will allow voters to verify that their votes have been accurately recorded and were not tampered with.
"Second, ElectionGuard also includes an open specification -- or a road map -- which allows anyone to write an election verifier. Voters, candidates, news media and any observers can run verifiers of their own or downloaded from sources of their choosing to confirm tabulations are as reported," Burt wrote.
It is this combination of the tracker and the verifier that enables end-to-end verification.
"It will not be possible to 'hack' the vote without detection," according to Burt.
ElectionGuard uses homomorphic encryption to enable these two forms of verification.
Homomorphic encryption is a key building block to a verifiable secret ballot election, Wilson said.
"Typically you have some secret in cryptography that is necessary for the decryption of the information and so you want to prove that you did something right, and if you're on the side that has to prove that something went right, typically you have to give away the secret to another party for them to verify that you did it properly," Wilson said. "What's really beneficial with homomorphic encryption is a third party can verify that it was done properly without you having to give away the secret … there can be proof established that the system behaved properly without the verifier having access to the secret information -- the secret key . It really allows for a different level of transparency versus other types of cryptography."
People want elections to be verifiable and secure, Wilson said, but they also want their ballots to remain secret and not public.
The properties of homomorphic encryption, he said, seem to meet both of those objectives: It can be verifiable while maintaining the secrecy of the individual ballot.
Taking the open source route
Dodds said there were many reasons to use open source software for the ElectionGuard SDK, and one is the notion of security.
"We're worried about the public understanding that the elections are secure and the open source software is really critical there because you can have completely secure software, but if nobody can see what's going on there then they have no reason to believe that it's secure," he said. "Open source is completely critical to security for that reason and, honestly, the system will end up being more secure because people are incredibly excited about the security of elections."
The open source approach gives other people the opportunity to contribute to the work that Microsoft is doing, Wilson said.
Another aspect of open sourcing, Dodds said, is the hope to see an ecosystem of implementations come up around this SDK.
"You can also imagine that lots of people will want to run elections on their own, maybe for their clubs, maybe for their schools, and they might put work into implementing systems that use ElectionGuard and provide those to anybody else who wants to use them," he said. "We want everybody to have access to the most secure elections possible."
While TCE Strategy CEO Bryce Austin applauded Microsoft's efforts, he added that some things are best left to offline mechanisms.
"Some things are too important to be on the internet, exposed to cybercriminals across the globe," Austin said in an email interview. "Foreign nations simply have too much to benefit from influencing elections, and the thought that a SDK can be made immune to cyberattack is unrealistic in my opinion."
Election technology vendors, including Democracy Live, Election Systems & Software and Hart InterCivic are partnering with Microsoft to evaluate the ElectionGuard SDK, which will be available this summer to incorporate into their voting systems.