Securing Electronic Voting
As Election Day approaches, keeping the voting booth safe is as important as ever. For UC Davis’ Matt Bishop, 2020 is just another year of work to keep electronic voting safe. As a cybersecurity expert and professor of computer science, Bishop helps election officials vet electronic voting systems and the electoral process they’re a part of to find and fix as many security issues as they can to make elections as secure as possible.
Electronic voting machines have become widely adopted across the country as an alternative or supplement to paper ballots. These machines not only give election officials results faster, but also make it a lot easier and cheaper to print ballots for people who don’t speak English, easier for people with disabilities to vote and easier to identify ballots with stray marks.
Despite the advantages, these machines can pose security risks through both hardware and software, as hackers can mess with the source code as well as break into the machine to tamper with the data. During vulnerability analysis, Bishop and his team try to do both to identify potential points of failure. With this information, companies or organizations can plug security holes the team uncovers to make systems more secure.
“The question people usually ask is, ‘are electronic voting machines secure?’ and that’s exactly the wrong question because nothing is perfectly secure,” he said. “The right questions to ask are, ‘if I use this computer, does it make it harder to attack to the elections?’ and, ‘Does it eliminate problems that exist now, does it create new ones and if it does, are these more serious than the ones it addresses?’”
Changing the conversation
Bishop began studying electronic voting in 2003. He was invited by a former UC Davis graduate student at RABA Technologies to join a study of voting machines the State of Maryland had bought for the 2004 election. The team wrote a report for the state and the manufacturer finding severe security issues that made the machines easy to tamper with.
“It took one of us five minutes to get complete control of the machine you voted on and 30 minutes to get complete control of the machine that had the databases where the ballots were stored. The only reason it took that long was that it took us 25 minutes to get the program we wanted to use,” he said.
Though these machines were still used in the election, the RABA study made national headlines and soon, Bishop was contacted by election officials across the country. In 2006, he joined a team that evaluated a hotly-contested congressional race in Florida to see if the machines made a mistake in counting votes. Though the team concluded that the machines weren’t at fault, they identified similar flaws to those in the RABA study and wrote a report on how they could be used to attack the machines.
In 2007, then-California Secretary of State Debra Bowen asked the University of California to perform a “top to bottom” review of the state’s e-voting systems. Bishop co-led this study, finding major issues with all three systems they studied. Their results led to two of these systems being decertified until the security concerns were addressed; special procedures were required to use the third. This study, along with the RABA study and others, began to change the public perception of the technology.
“The entire dialogue changed from, ‘why are you objecting to the use of computers?’ to ‘maybe we’d better look at this more carefully,’” he said.
Since then, Bishop has worked closely with election officials in his home of Yolo County to help with vulnerability analysis each election cycle. Bishop hopes to audit the machines for Yolo County and probe the county’s voter registration database.
Despite having been around for almost 20 years, today’s machines, Bishop says, still have many of the same problems as the ones from the RABA study. However, he says there are a lot of steps officials can take to make the entire election procedure as foolproof as possible.
“All of security is a balancing act,” he said. “So when you pick a voting machine, you have to integrate it into the physical election process because people will be handling and setting up the machines, tearing them down, programming the ballots, counting the vote cards and things like that.”
Recently, Bishop has modeled electoral systems using “fault trees,” or maps that show the potential ways the election’s security can be compromised. In Yolo County, election officials have listened and implemented rigorous procedures to secure the election process. Though e-voting machines are required by law for people with disabilities, almost all voting in the county is still done, counted and re-counted using paper ballots. These machines are rigorously tested before the election, securely stored between elections and all ballots are accompanied by at least two people at all times on Election Day.
“The goal is to make sure you don’t have any single points of failure, so that if one thing goes wrong, the whole election is corrupted,” he said. “You want a system where two or more things have to go wrong for failure to occur, and ideally you want different people handling these things.”
Though the machines themselves have their problems and no election is 100 percent secure, he says that election officials are taking the right security measures and are more than happy to talk with voters about concerns. Above all, he says that none of these issues should scare people away from voting.
“Voting is absolutely critical because if you don’t vote, I guarantee you it’s not going to count,” he said. “If you have a choice, vote on paper and double-check that you voted the way you wanted to before you turn in your ballot.”
This story was featured in the Fall 2020 issue of Engineering Progress.