Expert Insight On Microsoft To Deploy ElectionGuard Voting Software

ZDNet reported that today, February 18, residents of Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines that will be running Microsoft’s ElectionGuard software. These will be the first voting machines deployed in any US election that will be running Microsoft’s new voting software, which will face it’s first real-world test since being announced last year. ElectionGuard is a software development kit (SDK) that Microsoft made available for free on GitHub.

The project’s goal was to create the voting software that uses strong encryption, was built by some of the world’s brightest cryptographers, and was extensively audited for bugs. Microsoft created ElectionGuard after numerous media reports over the past years about critical vulnerabilities being discovered in the (closed-source) software of multiple voting machine vendors.

The OS maker purposely released ElectionGuard as open-source in an attempt to convince voting machine vendors to adopt it instead of their older obsolete and insecure systems. The project, which is viewed with optimism by US election officials, moved lightning-fast, going from a simple idea to an actual US election pilot program in only nine months.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Richard Bejlich
Richard Bejlich , Principal Security Strategist
InfoSec Expert
February 19, 2020 2:28 pm

A push to modernise voting machines’ software is indeed a welcome improvement, but what is most essential to secure the election process is to integrate an encrypted, extensively tested software with a network security platform that creates an audit record of all the activity on the wire.

Ultimately, it isn’t necessary for threat actors to actually compromise the voting process: all that foreign nation-state actors need to do is instil doubt into the accuracy of the results. To prevent that from happening, there needs to be a neutral record of how the election network was used, not only for analysis at the time of the election, but as evidence to prove in the future that no tampering occurred.

Last edited 2 years ago by Richard Bejlich
1
0
Would love your thoughts, please comment.x
()
x