This week’s virtual Black Hat USA 2020 conference kicked off with a call to arms for cybersecurity professionals to help with election security issues this November.
The opening keynote, titled “Stress-Testing Democracy: Election Integrity During a Global Pandemic,” featured Matt Blaze, McDevitt Chair in computer science and law at Georgetown University.
Jeff Moss, Black Hat founder and director, says a record 117 countries are participating in the virtual event. He said election security is a hot topic with the upcoming general election with “lots of interference, lots of misinformation and lots of new technologies being deployed.”
Blaze said software can be an issue in election security because it’s difficult to secure. You need at least some software to run elections, but “we don’t want to depend on it.”
“This is something we’ve grappled with for two decades now,” he said.
Election Security Breakthroughs
There have been two “enormous” breakthroughs this year addressing election security issues, Blaze said. The first is software independence.
“This is essentially a requirement … that you should design your voting system in a way that an undetected change or error in the software can’t cause an undetectable change or error in the election outcome,” he said. “It doesn’t say you can’t use software. It says you shouldn’t depend on software for the outcome in ways that you can’t detect.”
Second, a UC Berkeley statistician came up with a method for achieving this with certain types of voting machines, Blaze said. Those are optical scan paper ballot voting machines. This involves auditing a subset of ballots and comparing the result to the reported outcome.
“If you do this enough, you can have very high confidence … that your reported election results are the same results you get by hand-counting all of the ballots, but without having to hand-count all of the ballots,” he said.
These two ideas were the “gold standard” for addressing election security issues at the start of 2020, Blaze said.
“So there’s been progress,” he said. “We finally know how to do this well. Election security at the beginning of the year was a matter of getting it implemented. And we’ve had some progress on that. The paperless voting machines are slowly being replaced by optical scan paper that’s compatible with risk-limiting auditing techniques. A few states are starting to employ risk-limiting audits and catching on.”
And there have been bills in Congress to fund states to shift to paper ballots, Blaze said.
“There was reason for optimism,” he said. “So if I were giving this talk in February 2020, that would be the end. I’d say we finally know what to do. We have our technological marching orders. And we can declare a certain amount of victory and be optimistic going forward that we will one day secure our elections really well.”
Pandemic Changes Everything
And then the COVID-19 pandemic came along and added a whole new set of election security issues that “got brought very sharply into focus,” Blaze said.
“So there can be a number of disruptions for voting,” he said, noting there are different ways to address them but it can be “increasingly difficult.”
Absentee or mail-in voting is available everywhere, but the vast majority of voters still head to the polls on election day, Blaze said. Therefore, local jurisdictions only have the resources and capabilities to handle smaller amounts of mail-in ballots, he said.
Verifying and processing mail-in ballots already is …