“The
fact that we are handing over the keys of American democracy to the
military-industrial complex — it’s like giving the keys to the henhouse
to a fox and saying, ‘here come in and take whatever you want.’ It’s
obviously dangerous.” — Investigative journalist Yasha Levine
by Whitney Webb
Part 5 - ElectionGuard isn’t immune to manipulation
Microsoft’s press release announcing ElectionGuard highlights its claim that its system would make elections more verifiable, secure, and auditable; be open source-based; and improve the voting experience. While all of these things sound nice enough, there is reason to believe — based on the description given by Microsoft — that some of these claims are dubious and misleading. Unfortunately, for now, analysis of ElectionGuard is restricted to Microsoft’s description of the software as it is not yet available for public examination. The ElectionGuard software kit is expected to be released later this year on the GitHub platform.
The first aspect of the “verifiable” claim relates to a voter tracking system, where each voter is given a unique tracking ID which allows them “to follow an encrypted version of the vote through the entire election process via a web portal provided by election authorities.” Voters can choose the option of confirming “that their trackers and encrypted votes accurately reflect their selections.”
Yet Microsoft notes that “once a vote is cast, neither the tracker nor any data provided through the web portal can be used to reveal the contents of the vote,” meaning that while a person can track whether their vote was counted, they cannot verify whether the content of the vote (i.e., who they voted for) is counted correctly or not. Microsoft goes on to note that only “after the election is complete” will the tracker page allow the content of the vote to be seen.
Yet Microsoft notes that “once a vote is cast, neither the tracker nor any data provided through the web portal can be used to reveal the contents of the vote,” meaning that while a person can track whether their vote was counted, they cannot verify whether the content of the vote (i.e., who they voted for) is counted correctly or not. Microsoft goes on to note that only “after the election is complete” will the tracker page allow the content of the vote to be seen.
The second “verifiability” component of ElectionGuard “is an open specification – or a road map – which allows anyone to write an election verifier.” Microsoft then notes that this open specification would mean that “voters, candidates, news media and any observers can run verifiers of their own or downloaded from sources of their choosing to confirm tabulations are as reported.”
Microsoft describes these two features as constituting “end-to-end verifiability” (E2E-V), which Free & Fair describes as “cryptographic technology that enables voters to vote in a normal fashion in a polling place and have evidence that the election is trustworthy.”
Microsoft describes these two features as constituting “end-to-end verifiability” (E2E-V), which Free & Fair describes as “cryptographic technology that enables voters to vote in a normal fashion in a polling place and have evidence that the election is trustworthy.”
Another focus of ElectionGuard is security, for which the system employs “homomorphic encryption, which enables mathematical procedures – like counting – to be done with fully encrypted data” and this allows individually encrypted votes to be “combined to form an encrypted tabulation of all votes which can then be decrypted to produce an election tally that protects voter privacy.” Notably, homomorphic encryption is the only ElectionGuard security measure named in the press release.
Election forensics analyst Jonathan Simon, author of CODE RED: Computerized Elections and the War on American Democracy, was not fully persuaded by the E2E-V claim. “Pardon my skepticism,” Simon told MintPress, “but I’ve read Microsoft’s ‘good news’ ElectionGuard flyer and it reminds me very much of the flyers and PR material long served up by the vendors and programmers of the current voting equipment — the very computers that IT experts discovered could be hacked by outsiders and programmed to add, delete, and shift votes by insiders.”
Election forensics analyst Jonathan Simon, author of CODE RED: Computerized Elections and the War on American Democracy, was not fully persuaded by the E2E-V claim. “Pardon my skepticism,” Simon told MintPress, “but I’ve read Microsoft’s ‘good news’ ElectionGuard flyer and it reminds me very much of the flyers and PR material long served up by the vendors and programmers of the current voting equipment — the very computers that IT experts discovered could be hacked by outsiders and programmed to add, delete, and shift votes by insiders.”
Simon continued:
"Right now, for example, they’re hawking expensive and completely unnecessary ballot-marking devices (BMDs) that turn your votes into a barcode, a code that no voter can read or verify. Very slick but yet another level of non-transparency, another step away from public, observable vote-counting, and another vector for fraud."
"Right now, for example, they’re hawking expensive and completely unnecessary ballot-marking devices (BMDs) that turn your votes into a barcode, a code that no voter can read or verify. Very slick but yet another level of non-transparency, another step away from public, observable vote-counting, and another vector for fraud."
"I’ve spent the last 17 years examining vote-count patterns and drawing attention to a parade of egregious red flags indicative of computerized vote-count manipulation. It has been a system designed for concealment and about as non-transparent as a process can be. It would be great if more advanced technology would bring transparency at last, as Microsoft seems to promise."
"But what I see so far is even more complexity — encryption that, whether open source or not, requires the most rarefied experts to penetrate or understand. And just a short step to full-on internet voting — even more convenient and about as secure as, say, Facebook."
"But what I see so far is even more complexity — encryption that, whether open source or not, requires the most rarefied experts to penetrate or understand. And just a short step to full-on internet voting — even more convenient and about as secure as, say, Facebook."
"Pending a demonstration showing with perfect layperson-accessible clarity how a third-party entity can verify aggregate vote-counts without having to take on faith some step in the pipeline (individual verification that ‘your’ vote was ‘counted’ is a useless bell-and-whistle), it still feels like the same old ‘trust us’ game. I’m willing to be persuaded but the historical context here is very cautionary.”
Simon’s concerns reflect some controversial aspects of the ElectionGuard approach. While encryption would ostensibly protect votes from tampering and thus elections results, it is important to point out that homomorphic encryption is a malleable form of encryption.
According to Brilliant.org:
According to Brilliant.org:
"A malleable crypto-system is one in which anyone can intercept a cipher text, transform it into another cipher text, and then decrypt that into a plain text that makes sense. Malleability is generally considered undesirable in a crypto-system. Imagine you’re trying to send the message ‘I love you’ to your friend using encryption. You encrypt it and send it off. But, it is intercepted by a hacker on the way. All they see is some cipher text, but they can change that cipher text to something that will decrypt to ‘I hate you’ when your friend tries to decrypt it. That is why malleability is not usually wanted.”
If that’s the case, then what stops a “hacker” or another third party — say a U.S. government agency like the NSA or a political operative with access to the electoral cyber-pipeline — from changing a person’s vote from Democrat to Republican or vice versa, or altering the encrypted tabulation of all votes?
While homomorphic encryption seems a reasonable choice in one sense, for allowing votes to be tallied without decrypting, there is an added layer of concern given Microsoft’s past, particularly Microsoft’s history of actually working with U.S. government agencies to bypass encryption.
While homomorphic encryption seems a reasonable choice in one sense, for allowing votes to be tallied without decrypting, there is an added layer of concern given Microsoft’s past, particularly Microsoft’s history of actually working with U.S. government agencies to bypass encryption.
Indeed, documents leaked by Edward Snowden revealed that Microsoft actually helped the National Security Agency bypass its own encryption so the agency could decrypt messages sent via certain Microsoft platforms including Outlook.com Web chat, Hotmail email service, and Skype. In addition, in 2009, a senior NSA official testified before Congress that Microsoft and the NSA worked together to create its Windows 7 operating system, leading some to worry that Microsoft had built a “backdoor” into the operating system to aid government surveillance activities. Now that Microsoft’s ties to the U.S. military and intelligence community are deeper than ever, it begs the question whether Microsoft’s covert cooperation with government agencies to the detriment of consumers is also a factor guiding its role in creating and promoting ElectionGuard.
Furthermore, with Microsoft’s president having vowed to hand over all its technologies to the U.S. military, one wonders if this type of encryption and methodology was not chosen on purpose, especially given the fact that the NSA is quite accomplished at breaking much more secure types of encryption even without help from Microsoft.
Furthermore, with Microsoft’s president having vowed to hand over all its technologies to the U.S. military, one wonders if this type of encryption and methodology was not chosen on purpose, especially given the fact that the NSA is quite accomplished at breaking much more secure types of encryption even without help from Microsoft.
Another of Microsoft’s talking points used to promote ElectionGuard is the fact that it will be open source, meaning the program’s code will be publicly available, a move apparently aimed at assuaging concerns that ElectionGuard’s code could contain hidden manipulations or vulnerabilities.
However, investigative journalist Yasha Levine likened Microsoft’s promotion of ElectionGuard’s still unreleased open source code to a “PR move.” Levine told MintPress:
However, investigative journalist Yasha Levine likened Microsoft’s promotion of ElectionGuard’s still unreleased open source code to a “PR move.” Levine told MintPress:
"Open source inevitably has bugs and vulnerabilities that are there accidentally because all code has vulnerabilities. This is true for open source and closed source systems. Open source just means that people can look at it, but then that code has to be run through a compiler that actually runs an executable program. So there you already have a degree of abstraction and separation from the open source code. But even if the executable code and the source code are the same, there are bugs which can be exploited."
"So, what open source does is give a veneer of openness that leads one to think that thousands of people have probably vetted the code and flagged any bugs in it. But, actually very few people have the time and the ability to look at this code. So this idea that open source code is more transparent isn’t really true because few people are looking at it.”
Levine went on to note that there are many examples of open source systems — including widely used open source systems — having major vulnerabilities that go undetected for years. One of the best examples, in Levine’s opinion, is the “Heartbleed” bug, which was a security vulnerability in the open source OpenSSL software, a system that allows for the basic encryption of web traffic by encrypting “http” connections. The Heartbleed allowed hackers access to the memory of data servers for an estimated half a million websites and went undetected for years, despite the fact that OpenSSL is an open source system.
Levine also underscored the fact that both American and foreign intelligence agencies “more than any other person or group” are involved in seeking out such vulnerabilities and exploits, which they keep hidden from the public in order to give themselves an advantage in cyberwarfare. Some of the CIA’s lists of such exploits or vulnerabilities were revealed in the WikiLeaks Vault 7 release.
Levine also underscored the fact that both American and foreign intelligence agencies “more than any other person or group” are involved in seeking out such vulnerabilities and exploits, which they keep hidden from the public in order to give themselves an advantage in cyberwarfare. Some of the CIA’s lists of such exploits or vulnerabilities were revealed in the WikiLeaks Vault 7 release.
Source, links:
Comments
Post a Comment