Can open source help safeguard elections?
- By Derek B. Johnson
- May 09, 2019
Lawmakers and policy experts are demonstrating increased interest in open source technology as a means to solving longstanding challenges and road blocks around election security.
State and local governments rely on proprietary software and hardware from a small handful of private vendors to power their voting machines, voter registration systems and other technologies. Those vendors have historically been reluctant or unwilling to allow third-party audits of their products, and when outside researchers have gotten their hands on voting machines or probed commonly used software like voter registration systems, they've found extensive and worrying cybersecurity vulnerabilities in nearly every model.
That reluctance has led to a number of projects that have sprouted up over the past year from organizations aiming to disrupt the status quo. One such organization, Voting Works, was created last year in partnership with the non-profit Center for Democracy and Technology and seeks to build "secure, usable, affordable and open-source voting machines" that will help to restore trust in the modern election system.
At a May 8 House Administration hearing, Chair Zoe Lofgren (D-Calif.) and ranking member Rodney Davis (R-Ill.) probed witnesses about open source tech that can be independently tested and verified for security.
Joseph Lorenzo Hall, chief technologist for CDT, told lawmakers that the goal of Voting Works and organizations like it is to create a foundation of election-related technology that can be used and improved over time through crowdsourced testing.
"We hope that by building things that people can take and use and build on through that work, it will spreads good things rather than keeping things proprietary and keeping things secret," said Hall.
On May 6, Microsoft unveiled a new free, open-source software development kit in partnership with Galois that can be integrated with the off-the-shelf software used in many current voting machines. According to Tom Burt, Corporate Vice President for Customer Security and Trust at Microsoft, the software supports best practice risk-limiting audits and has an end-to-end verification process that will allow both voters and third-party organizations to verify election results without disclosing the substance of individual recorded votes. The kit will be made available to the public on GitHub under an MIT Open Source License.
Galois also has a $10 million contract with the Defense Advanced Research Project Agency for another secure voting system that relies on open-source hardware and software and draws on previous DARPA security research and design. In line with what experts view as best practice, the software source code will be made available to the public and prototypes will be sent to the annual Def Con Voting Village for hackers to probe and prod for weaknesses, according to Motherboard.
However, it's possible that the push for more open-source products could still face resistance, not only from private vendors but also states, particularly if the federal government is involved. When Davis asked witnesses if the federal government should take a more aggressive role designing and deploying more secure elections technology, as DARPA is doing, he got different answers from state election chiefs.
Alabama Secretary of State John Merrill said, "frankly, I feel like the free market is the one that ought to determine what the availability of that equipment is and what should be purchased and what should not, as long as it meets the standards." Merrill later clarified that what he really objected to was the concept of non-voluntary "universal adoption" by states.
Michigan Secretary of State Jocelyn Benson said she would "welcome that type of investment at the federal level." She added that, "it would need to be a partnership with states and local election officials who have unique things to share into what that infrastructure should look like, but certainly I could only imagine that it would help our efforts to secure our elections if we had that level of infrastructure support."
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.