On June 21st the House Administration Committee held a Markup Session for HR 2722 the SAFE Act. We monitor as much of these proceedings as we can. And this one in particular compelled our CTO John Sebes to not only produce a Paper clarifying or correcting several assertions made by a House Member during that proceeding, but also led to a 7-part “plain talk” series on election security posted on our TrustTheVote Project blog. In this post here, John explains why…
Viewing entries in
Commentary
With the report of comments pouring into the U.S. EAC on the next generation of the Voluntary Voting System Guidelines, and all of the coverage of the issue about the role of the Internet, we feel compelled to try to simplify and straighten some things out. Even recent EAC Hearings have left the issue a bit unsettled and unclear. So, below I try to clarify where things stand as of now in hopes of clarifying the conversation about what is or isn’t.
The primary short-term significance of the Microsoft announcement about ElectionGuard (similar to the recent DARPA SSITH open source trusted hardware project) is validation of a major point about election cyber-security that just wasn’t part of the national conversation a couple years ago: Major technology innovation is required to increase the verifiability, accuracy, and security of elections technology and (at least) U.S. elections. That’s probably just as important as the prospect that ElectionGuard might be included in future proprietary voting system products, or in open-source election technology offerings from OSET Institute’s TrustTheVote Project or others….
Ms. Voting Matters offers a summation of internal leadership discussion on the imperative topic of evolving election technology security; a longer article, but we think worth the read.
On an almost daily basis, there is mounting evidence that the scope of “election security” is wider than might appear at first blush. While much attention has been paid to “voting machines” and “voting systems” that capture and tabulate votes, there is growing awareness that other types of election-related software infrastructure are even more vulnerable by virtue of being network-connected: specifically, voter registration (VR) systems and Election Night Reporting (ENR) systems (which display results over the web, but which do not tabulate votes) have been found to be especially vulnerable. The question is how can cybersecurity testing and certification adapt?
On April 10, 2019, at the historic Peabody Hotel in Memphis, TN, Eddie Perez, our Director of Technology Development, had the privilege of presenting public testimony on behalf of the OSET Institute at a Public Hearing of the United States Election Assistance Commission (EAC). The topic was the latest version (still pending) of federal voting system standards: the Voluntary Voting System Guidelines (VVSG), Version 2.0. Here are Eddie Perez’s observations about themes that emerged from the Public Hearing:
On Thursday March 14th it was announced that the Defense Department Advanced Research Projects Agency (DARPA) System Security Integration Through Hardware and Firmware (SSITH) Program has selected Galois, a premier computer science company and a security engineering partner of the OSET Institute, to develop a public prototype voting system in order to demonstrate the Program’s advancements in hardware and system security. This is an enormously pivotal piece of news in the mission to innovate election technology infrastructure to be Verifiable, Accurate, Secure, and Transparent (the “VAST mandate'“)…
The OSET Institute closely follows all developments in election technology infrastructure, because it’s essential to the defense of democracy. Lately, one topic that has garnered more public attention is the process by which state and local jurisdictions assess, select, and procure voting technology. One in particular, Georgia, has garnered much attention, and rightly so. There are some very unusual cost justifications underway; and the math is not adding up. Not. Even. Close. The OSET Institute took a measured examination of what the costing should really look like. Something is not right in Georgia.
On the same day H.R.1 was introduced by Sarbanes, Rep. Sheila Jackson Lee (D-TX-18) introduced H.R.52 – SAFETI Act - the Security for the Administration of Federal Election from Terrorists Intervention Act of 2019. Unlike H.R.1, H.R.52 is short — just two pages …but what it calls for was enough to get our attention about an aspect not previously focused on…
Happy new year! It’s been quite a year in many ways, not the least of which was considerable progress on the mission of the OSET Institute and our TrustTheVote Project. We write on this last day to give you a first look at our 2018 Annual Review.
This is the first of a two-part article by our Associate General Counsel and Director for International Development, Joy London, that considers a local, state-based strategy for improving the nation’s election security rather than purely a top-down federal approach.
We’ve said it many times and it bears worth repeating: foreign interference in U.S. elections is a threat to our democracy. The security of critical election infrastructure is the focal point of the OSET Institute’s mission. So, OSET leadership was pleased to learn that on January 3, 2019, the opening day of the 116th session of Congress, the newly elected House Democratic majority, led by Speaker-designate Rep. Nancy Pelosi (D-CA-12), will have its first order of legislative business—House Resolution #1 (“H.R.1”), a comprehensive election reform bill. The question is will H.R.1 become law, and be the change-agent needed to better defend democracy?
We’re tracking election administration (process and platform) developments, innovations, and news around the world because critical election technology infrastructure has a central role in defending democracy. We’ve collected a group of stories and offer a summary of what’s happening in Asia, where — for better or worse — the Blockchain is becoming all the rage for voting. We’re convinced this is a bad idea on its own, but where blockchain technology is applied for other election administration purposes, there is great promise for improving integrity...
Among the many things we learned from our work with NBC Universal on the midterms this past November, was the reality that the Internet, like it or not is playing an ever-increasing role in the administration of elections. This means Web sites are going to have to go through a thorough review and in some cases overhaul to fortify them from unauthorized cyber-incursions…
Most experts believe that Russia through the GRU, the intelligence arm of Russia's armed forces, will continue to interfere in U.S. elections on some level(s). Others are raising concerns about China and even Iran. There are many prognostications, but before commenting on any one theory, let’s review the multiple paths a malicious actor could use to compromise the 2018 American Midterms and upcoming elections in Europe…..
The National Academies of Sciences, Engineering, and Medicine (NASEM) new Report on election security released last Thursday among other things, verifies a settled consensus: a shift to all-paper-ballot elections coupled with Risk Limiting Audits. While the report makes several sound proposals, it has a significant blind spot…..
It’s been a tough week for the incumbent commercial voting system vendors, with the leading vendor caught in some embarrassing admissions of using vulnerable antique remote-access software in their voting system product, after having previously denied exactly that. But before we hammer them too harshly, there are some reality checks to consider, suggests our CTO…
In my last article I highlighted the most important advancements in election security. This post examines the next logical steps: Is all this progress enough, and will our upcoming elections be more resistant to disruption than they were in 2016? The answer is: "Yes, but not as much as we had hoped…"
This afternoon a bipartisan group of authorities on election administration and cybersecurity presented a Congressional Briefing on current election security challenges facing federal and state policymakers. While it was a worthy discussion, I keep having this sinking feeling that we’re simply re-arranging furniture on the deck of a large cruise ship steaming toward an icebreaker in the dark…
The Copenhagen Democracy Summit was held a little over a week ago on June 22, launching a global alliance for democracy, while that very form of government is under siege in many nations. This is the first of several reflections, recaps, and reporting on this inaugural event. Our Director of International Development Joy London, and our Chief Operating Officer, Gregory Miller we’re both fortunate to have received invitations to attend and participate in an invitational group of 250 attendees. Mr. Miller was unable to attend due to logistical conflict, however, Ms. London did in fact attend, and this article utilizes portions of her reporting back….
Maryland State officials reported a computer glitch prevented the Board of Elections from updating voter registration data for as many as 80,000 voters. As a result, thousands of people may have had to cast provisional ballots if they wanted to vote in Maryland’s primary. Though accidental in nature, this is a good example of how adversaries can disrupt and discredit elections…