The defense research agency is exploring the feasibility of locking down election systems with open-source software and secure hardware.
The race to secure elections has researchers, voting machine manufacturers, lawmakers, hackers and tech advocates looking to a variety of policies and mechanisms to lock down the voting process.
The Defense Advanced Research Projects Agency awarded Galois, a computer science company with deep roots in security research, a $10 million follow-on contract under the System Security Integrated Through Hardware and firmware program. SSITH was launched in 2017 to develop concepts and designs to secure a broad range of Defense Department systems against software exploitation of hardware vulnerabilities by re-architecting CPUs.
Galois plans to build its open-source voting system on top of the secure hardware developed by SSITH.
In 2016, Galois spinoff Free & Fair began offering three high-assurance, open-source software applications for commercial off-the-shelf hardware, including a ballot scanning and tabulation system, a secure electronic poll book and an election administration solution that verifies each step in the voting process from check-in to ballot casting.
Joe Kiniry, the CEO and chief scientist at Free & Fair, is also a principal scientist and research lead of a number of Galois programs, including those on high-assurance secure hardware design, verifiable elections and high-assurance cryptography. He told Motherboard the idea for a secure voting platform came from DARPA, which was looking for an unclassified demonstration project for its secure hardware research that would be easily explainable, broadly useful and independently verifiable.
If a voting machine were built with secure hardware, it would be unaffected by someone plugging in a USB drive and uploading code that could add votes, modify records and logs or install malware that spreads a virus across voting machines.
“Our goal is to make this so that the hardware is blocked against all of these various types of attack from the external world. If this is successful, and if the software put on top is equally successful, then it means people can’t hack in and … alter votes," Linton Salmon, the program manager in DARPA’s Microsystems Technology Office who is overseeing the project, told Motherboard. "It would also mean that the person who votes would get some verification that they did vote, and all of that would be done in a manner that hackers couldn’t change.”
Galois will design two systems. One is a touchscreen voting machine that prints out a paper version of a voter's completed ballot so the vote can be verified by the voter before having it recorded by an optical scanner that tabulates the votes. The scanner would also print an encrypted receipt that allows voters and auditors to determine, after an election, that votes were counted. The second system scans hand-marked ballots.
The systems use open-source voting software, which will be posted online for testing by university security researchers and by white-hat hackers. Prototypes of the machines will be reviewed at Def Con Voting Village, the program that originally put insecure voting machines in the spotlight.