Black Hat 2020 Keynote: Stress-Testing Democracy

A decade ago, I ran marketing for a video webcasting startup that was trying to make hay out of the “virtual tradeshow” paradigm that seemed unstoppable at the time. Well, it turned out to be quite stoppable. People liked to travel to live conferences. Today, however, with COVID-19, virtual conference technologies are enjoying a second life.

Black Hat 2020 is all-virtual, which I rather like. The fog machines and laser shows are good eye candy, but they distract us from what event founder Jeff Moss calls Black Hat’s “community of ideas.” People were watching from 117 countries, ready to dig into dozens of online presentations.

Professor Matt Blaze, presenting his Black Hat 2020 keynote virtually

The kickoff speech came from Professor Matt Blaze, the McDevitt Chair of Computer Science and Law at Georgetown University. He is also on the board of directors of the Tor Project. Blaze is one of those casually brilliant people who blows you away with his mastery of complex subjects. He was certainly in his element in his keynote, “Stress-Testing Democracy: Election Integrity During a Global Pandemic.”

More a lecture than a keynote, Blaze’s talk focused on the remarkably difficult challenge of securing elections in the United States. As he explained, the old system of putting paper ballots into locked boxes on election day is hard to beat when it comes to meeting voting’s twin, contradictory requirements: Transparency and secrecy. With the traditional ballot box, a voter could be reasonably confident that his vote (and it was only “his” at that time) had been counted and kept secret.

The use of computers and software for American elections greatly complicates the picture. Technologists and scholars like Blaze have long been warning that much of the technology and infrastructure the US depends on for voting suffers from exploitable vulnerabilities. Hackers could easily cast doubt on the integrity of elections.

Multiple software applications and computer platforms create a vulnerable ecosystem for elections. Voter registration systems, ballot scanners, voting machines and vote counting systems all rely on software and, in many cases, removable storage media. It’s a hacker’s paradise. And, as he noted, there are no do-overs.

Panicky predictions aside, the risks of a malicious actor affecting the outcome of the election by miscounting ballots is less likely than people might suspect. There are simply too many different elements that would require simultaneous hacking: voting is controlled locally, mostly in the 3,000+ counties in the US, with 116,900 polling places and 178,000 precincts—each with distinct or even multiple ballots.

The more serious risk, according to Blaze, is disruption of the process itself. Foreign nation state actors, such as Russia or China, may want to throw the upcoming November election into chaos.

The more serious risk, according to Blaze, is disruption of the process itself. Foreign nation state actors, such as Russia or China, may want to throw the upcoming November election into chaos. They might do this to embarrass the US and keep their own citizens for pining away for American-style democracy. They can say, “Look, American voting is a sham. Stop asking for it here.”

The Help America Vote Act (HAVA) of 2003, has further exacerbated the problem. It mandates accessible voting technology for people with disabilities. This is a worthy goal, but it has led to the prevalence of Direct Recording Elections (DRE) voting machines. These are fully computerized, with no paper backup for auditing results. The pandemic makes the whole system more vulnerable as well. State governments have to protect the health of voters and election workers.

Large, multi-component systems like the current voting infrastructure always have bugs. With the variety of election districts and authorities, there is no general technique to determine if all of this election software is working correctly. It is easy to hide malicious behavior at each stage of the voting process, starting with registration and ending with vote tallying. Denial of Service (DoS) attacks could also wreak havoc on election day.

Blaze dispatched with Blockchain as an option, explaining that the technology may be able to detect tampering but has no way to determine how the tampering affected the voter’s choice.

Assuming that a return to paper-only voting is not going to happen, what can be done about these risks? One bit of good news is that an exception to the copyright law allows for reverse engineering of voting systems to look for errors in the code. However, there are no easy fixes. Blaze dispatched with Blockchain as an option, explaining that the technology may be able to detect tampering but has no way to determine how the tampering affected the voter’s choice. It also lacks recovery capabilities.

Two emerging paradigms offer hope. “Software independence” posits that a voting system can be software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome. To make this work, the second paradigm, known as “Risk-Limiting Audits” uses statistical methods to sample a subset of voting machines to ensure that they reported the correct results.

We’ll have to wait until November to see how this all plays out.