Expert Insight On Microsoft To Deploy ElectionGuard Voting Software

ZDNet reported that today, February 18, residents of Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines that will be running Microsoft’s ElectionGuard software. These will be the first voting machines deployed in any US election that will be running Microsoft’s new voting software, which will face it’s first real-world test since being announced last year. ElectionGuard is a software development kit (SDK) that Microsoft made available for free on GitHub.

The project’s goal was to create the voting software that uses strong encryption, was built by some of the world’s brightest cryptographers, and was extensively audited for bugs. Microsoft created ElectionGuard after numerous media reports over the past years about critical vulnerabilities being discovered in the (closed-source) software of multiple voting machine vendors.

The OS maker purposely released ElectionGuard as open-source in an attempt to convince voting machine vendors to adopt it instead of their older obsolete and insecure systems. The project, which is viewed with optimism by US election officials, moved lightning-fast, going from a simple idea to an actual US election pilot program in only nine months.

Experts Comments

February 19, 2020
Richard Bejlich
Principal Security Strategist
Corelight
A push to modernise voting machines’ software is indeed a welcome improvement, but what is most essential to secure the election process is to integrate an encrypted, extensively tested software with a network security platform that creates an audit record of all the activity on the wire. Ultimately, it isn’t necessary for threat actors to actually compromise the voting process: all that foreign nation-state actors need to do is instil doubt into the accuracy of the results. To prevent.....Read More
A push to modernise voting machines’ software is indeed a welcome improvement, but what is most essential to secure the election process is to integrate an encrypted, extensively tested software with a network security platform that creates an audit record of all the activity on the wire. Ultimately, it isn’t necessary for threat actors to actually compromise the voting process: all that foreign nation-state actors need to do is instil doubt into the accuracy of the results. To prevent that from happening, there needs to be a neutral record of how the election network was used, not only for analysis at the time of the election, but as evidence to prove in the future that no tampering occurred.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.