At the Aspen Security Forum, Microsoft is demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting.
The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security.
"ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia are needed more than ever to help defend democracy," Microsoft says.
In the past year, Microsoft says it has notified nearly 10,000 customers they’ve been targeted or compromised by nation-state attacks. About 84% of these attacks targeted our enterprise customers, and about 16% targeted consumer personal email accounts. While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives.
Microsoft says that the majority of nation-state activity in this period originated from actors in three countries – Iran, North Korea and Russia. The company has seen extensive activity from the actors they call Holmium and Mercury operating from Iran, Thallium operating from North Korea, and two actors operating from Russia we call Yttrium and Strontium.
Since the launch of Microsoft AccountGuard last August, Microsoft has been expanding AccountGuard, the company's threat notification service for political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs), to include 26 countries across four continents. While this service is relatively new, Microsoft says it has already made 781 notifications of nation-state attacks targeting organizations participating in AccountGuard.
Microsoft's ElectionGuard demo showcases three core features.
First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility.
Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. This tracking code is a key feature of the ElectionGuard technology. For the first time voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.
Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.
ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer.
The company is on the cusp of a pilot project with Columbia University to test its ElectionGuard system in the 2020 elections.