DARPA’s New/Old Plan for a Hack-Proof Voting Machine

elections, voting, election security, midterms

The Pentagon’s top research arm is working to build a hack-proof voting machine by combining something brand new with something old – specifically, secure open-source hardware and software using advanced cryptography on one end, and good old paper on the other.

The Defense Advanced Research Projects Agency (DARPA) recently awarded the tech company Galois a $10 million contract for the project, which grew out of a broader agency project to remedy hardware vulnerabilities, the snappily named SSITH, for System Security Integrated Through Hardware and Firmware.

Galois, which focuses on ensuring the trustworthiness of hardware and software, will design the system, which will start with a different approach used by established voting machine makers, who have come under criticism over the vulnerabilities in their systems, Motherboard reported. For one, it will use open-source software, rather than the proprietary systems used by companies such as Election Systems & Software. It also will use open-source hardware, built from designs developed under the SSITH program.

The goal is to produce a fully transparent and verifiable system, which DARPA plans to offer up for examination at the Voting Village at Def Con in August in Las Vegas. The agency also will invite a number of university research teams to test the system.

In addition to advanced designs and encryption, the system also would include a paper trail, a seemingly quaint but very effective way to ensure that people’s votes are properly counted. A paper record creates an independent, verifiable source of a voter’s choices, as opposed to a machine checking its accuracy against itself, which could be doubtful if the machine has been compromised.

But many states have resisted including paper records, often citing the expense involved in upgrading their systems. Georgia, whose electronic voting system has run into trouble, recently joined the flock, approving a plan to spend $150 million on touch-screen systems that print paper ballots, but there are about a dozen states that, as of last year’s elections, still go paperless.

Of course, a paper record can only be as accurate as the system it’s printed from, which is where DARPA’s system could raise the security bar.

The research agency’s SSITH program kicked off in 2017 to “propel new research in the area of hardware security at the microarchitecture level,” DARPA said at the time. Among the projects under the SSITH umbrella is one at the University of Michigan to build an unhackable microprocessor that involves moving data to randomized locations while also continually re-encrypting passwords, essentially making it a target moving too fast for hackers to hit. For another project, which preceded the recent deal for a secure voting machine, DARPA gave Galois a $4.5 million contract to develop ways to enable provable security for hardware used in a broad range of consumer, business, and government products, according to the company.

In fact, the agency decided to pursue a secure voting machine only because it was looking for a means to prove the viability of its secure-hardware approach in a way that people could relate to, according to the Motherboard report. The fact that it also could do some good is an added bonus.

The security of electronic voting machines has been an issue for years, but it came to the fore especially during and after the 2016 presidential elections. The Department of Homeland Security found that Russian hackers had probed systems in 21 states in advance of the election, and the U.S. Intelligence Community reportedly found evidence that systems in seven states had been compromised. No votes were changed, but the hackers apparently could have done that if they wanted.

Voting systems have been widely criticized for their vulnerabilities and exposed at a number of venues, including Def Con, where in 2017 hackers demonstrated how relatively easy they were to compromise. The system being designed by DARPA and Galois could shore up faith in elections on two fronts, securing the electronic process while providing a verifiable record on paper.

Categories

Recent