SSITH.png

Every once in a while, as a co-founder, and the Chief Technology Officer of the OSET Institute, something happens that I believe is so pivotal for our mission that its nearly worth my opening a rare bottle of wine or even popping a champagne cork. That happened, this past week.

On Thursday March 14th it was announced that the Defense Department Advanced Research Projects Agency (DARPA) System Security Integration Through Hardware and Firmware (SSITH) Program has selected Galois, a premier computer science company and a security engineering partner of the OSET Institute, to develop a public prototype voting system in order to demonstrate the Program’s advancements in hardware and system security.

SSITH is essential research work that has been underway towards future commodity hardware that can create a secure platform for many kinds of critical computing systems.

This news highlights several excellent decisions:

  1. Demonstration with a focus on key parts of a voting system to showcase the hardware and system security—because for public relevance, elections are the most timely and impactful subject matter of critical infrastructure and high assurance systems;

  2. Selection of SSITH program participant Galois to integrate the core technology with demonstrator voting software to be developed—because the company has well established expertise in these areas;

  3. Focusing on just a few vital components of a total voting system—the ones that voters come in direct or visible contact with;

  4. Selecting the DEFCON conference to showcase the security properties of the demonstrator systems by encouraging public pen-testing; and

  5. Making all the technology available at an early stage, without attempting to produce a commercial system.

This work will be of tremendous public value in aligning with The OSET Institute’s principle of making innovations that public can “see, touch, and try.” It’s one thing to brainstorm, discuss, and debate how something might function, and quite another to actually physically try it out.

But more importantly, the best decision is the approach of public technologyopen source firmware, hardware, and software.  DARPA’s endorsement of open systems is an important validator of the non-proprietary, “glass box” approach to critical system development that the OSET Institute has been pursuing since 2007.

Accordingly, this project also offers the opportunity to demonstrate the Institute’s second principle that “code causes change.” The existence of these innovations—readily applicable to developing next generation commercial systems—will catalyze solutions in a manner that no white paper, conference presentation, or other publication could ever enable.

Moreover, the DARPA-Galois project is just as important for transparent, trustworthy security in many kinds of next-generation critical systems: air traffic control, healthcare systems, industrial controllers, power grid systems, and others that—like election technology infrastructure—face nation-state threats that current commodity hardware cannot defend against.

The acceleration of securing next-generation commodity hardware also enables an acceleration of the OSET Institute’s work on the software layer of election administration technology, including the:

  • Full range of election management Apps and services;

  • Central (ballot) count systems;

  • Integration and tabulation of ballot counts, and

  • Results reporting and related analytics.  

There may even be application of new hardware security technology to OSET Institute work beyond voting systems, including voter records management using digital ledgers, and voter check-in systems.

Accordingly, we look forward to collaborating with Galois where appropriate and contributing to the work to be led by Galois in order to enable demonstrations that achieve closer approximation to full-scale election administration operations.

The DARPA-Galois announcement is a key, if not pivotal development in the work to achieve verifiable, accurate, secure, and transparent critical election technology infrastructure.  In particular, the engagement of DARPA validates seven key drivers of the OSET Institute work:

  1. Election infrastructure as critical infrastructure.

  2. Election security is a matter of national security.

  3. Responsible uses of public (open source) technology.

  4. Extension of public technology principles to firmware and hardware.

  5. Proving the potential and efficacy of public technology as the catalyst for desperately needed innovation.

  6. Appropriate government engagement in innovation research through agencies such as DARPA and/or the National Science Foundation (NSF).

What makes the DARPA-backed Galois initiative so important is that it fills an urgent research and development need that the industry has no commercial incentive to invest in, and it accelerates the work of the OSET Institute’s TrustTheVote Project.

Moreover, this approach achieves the goal of making publicly available fundamental technology for the commercial industry to adopt, adapt, and on which to deploy truly next generation systems in the same way that historically many aspects of today’s technology advances have benefited from the work of DARPA.

We cannot overstate the importance of this approachsowing seeds of innovation—rather than throwing good money after bad on machine replacement with the same fundamentally and inherently vulnerable hardware, firmware, and software technology currently available.

Certainly, tactically speaking, federal investment in assisting states to eliminate paperless systems and integrate post election audits is imperative. But the strategic imperative is best addressed in the manner exemplified by this DARPA-Galois announcement.

Equally important to emphasize is what this DARPA-Galois project is not: it is not, nor is it ever intended to be a finished public voting system produced by the Department of Defense.  It is simply an important recognition that this is vital technology necessary for defense of democracy and national security—the goals of any national defense complex.

So, for the forward thinking of DARPA, the hard work and leadership of Galois, the continuing work of the OSET Institute, and for increasing confidence in elections and their outcomes, this is a very good and important development.

 

[Gregory Miller & Eddie Perez contributed to this statement by John Sebes.]

Comment