Microsoft wants to make voting machines safer from hackers. (The Daily Charge, 2/18/2020)
The Daily Charge
It's 2020 if you live in the US.
I've heard there's some sort of important election going on?
It's kind of a big deal.
Stick around for your Daily Charge.
Good morning and welcome to the Daily Charge.
It's Tuesday, February 17th, I'm Roger Chang.
And I'm Alfred Ang.
And here's today's main story.
Today Microsoft is testing out its election guard software in a real election in Fulton Wisconsin.
It counted up 500 registered voters.
Ever get a chance to see this election guard in person at Microsoft headquarters in Redmond.
What was it like?
How does it work?
So let's start off with and just say this is not a very flashy product or anything like that.
It's not like the surface Neo with like two screens or anything like that.
But it does have the potential to be the most important thing that Microsoft is releasing this year.
So election guard is not hardware.
It's not like some fancy machine.
It's actually open source software, that any V.oting machine maker can put it on their machines for free.
And the idea is that they're they're bringing in like verifiable voting so you can check you can vote and then you can check online to see if your vote counted and if it's been tampered booth, they would know.
That's the big thing here.
Microsoft is not promising a voting machine that can not be hacked.
Most expert will tell you that's impossible.
In any machine.
But they are saying that if it was hacked You would be able to tell very quickly because the votes are encrypted.
And if they replace the vote, like they can't replace that kind of encryption for it.
But there are still a lot of ways that this can go wrong, I mean it's technology in election, so Yeah, again if Microsoft is isn't really working to make sure these machines aren't hacked like what's what's the point of all this?
So yeah, chasing after making something like unhackable, like I said is impossible.
Like there's always going to be some technical issue with it that that a hacker will find an opening for but
By creating something that's verifiable and something that makes it like very noticeable that it's been hacked, that does give you a leg up right?
Like so if it has been hacked then now you're able to know, in elections in the past if it's been hacked, it's kind of like Well, how can you tell, right?
So the way they're doing this is something called homomorphic encryption, which is a lot.
And it's a very, kind of, abstract concept but it's easier to understand if you break it down this way.
Where, like, when something is encrypted, you can't really do anything with it until unless it's decrypted.
But you can't do that to a vote because you need to add the votes together.
So encryption like brings security to the vote but that makes the vote useless.
Unless it's encrypted and you can't-
And then decrypt it later on.
Yeah, and you can't decrypt it because then you know I voted for this person, or you voted for this person.
So homomorphic encryption is basically a type of encryption that allows you to add stuff up that's encrypted already.
So let's say encryption turns the number five into gibberish, right?
Homomorphic encryption would take that jibberish and still be able to say, Okay, well we can add this to something else without making it back to the number five.
So they add those and then once they get the tally together at the end, then you get like the full tally of like this many people voted for this person.
Then they only decrypt the the tablet edition at the end, they don't decrypt anything else.
So they don't know like you voted for this person who voted gotcha person.
And so this is this is happening in Wisconsin as a trial.
We have a much larger, more high profile election coming up later this year.
Is that is it actually going to be used for the presidential election?
There's a Really no way that Microsoft would just rush in on any major election with this.
I mean, I think we had seen from the Iowa caucuses and the Shadow app, where it's basically, yeah, we've got this app.
Let's try it on on something that's actually extremely important and see it completely melt down.
Microsoft does not want that-
So that's why they're testing out this election in Wisconsin where there's only about like 500 registered votes-
And it's for a judge and a school board like position there.
So fairly low stakes.
Yes, I mean, unless you live in that town, and you care about who's on the school board.
But, yeah, and that being said, it's also not the main decision.
That's not the main thing they're counting.
They're still using paper ballots, which Microsoft is saying, that is still the most secure thing that you can do.
But they're using the verifiable voting, ElectionGuard is kind of the backup to it.
So they're gonna count all the paper ballots And then they're gonna look at it, the system, later on, and see if it matches up.
So if paper ballots are still sort of the gold standard, in terms of security, why even incorporate any of this software stuff?
Yeah, I mean, the thing is, yeah, paper Paper ballots are very much the gold standard of security in a lot of places.
But you also have to consider that a lot of places don't have paper ballots.
That's why, lawmakers like Senator Ron Wyden are trying to pass legislation that says, no, you have to use paper ballots.
But yeah, like so there's a lot of places that aren't using it.
So this is a good way to do that.
Also, some places don't have like, elections where you can kind of go in and do stuff like they're like mail in ballots, which I guess is a form of paper ballot but in Washington I think it's Kings County in Washington.
They're trying to do like voting by apps, which is an entirely new can of worms.
A lot of security experts have said Yeah, do not do not do this.
[LAUGH] We should get those Shadow app guys to do this.
I mean, Shadow is not a voting app.
[UNKNOWN] True, yes.
But, I think that's the concern, though, right?
People are moving to adopt technologies anywway, so I think the idea with Microsoft and ElectionGuard is, well, if you're gonna this Here's the safest way that you can do it.
That is saying if everything goes right for it.
So you think this is like his idea that they're working on this to get this ready for like the 2024 election or even further down the line?
So the earliest that we would maybe see this in an election would be like by 2024.
They're like taking it very slowly right now and just testing it because, There's a lot of like issues that they found with it already, even before it debuted on a live election like that's debuting today.
Like small things right?
Like so it'd be like, when they demoed it in last July at a security conference, no last word.
You know people they're fairly familiar with technology.
The way that it works is like once you vote, once you cast your vote on the touchscreen, it prints out two sheets of paper one is the paper ballot that you put into the box to vote with.
That's the one they count.
And the other one is a piece of paper have like a QR code on and a tracking code that you can scan and say like
After the polls close and say this is my vote I want to see if a guy counter and forgot tampered with
But when it printed out there they were like, why do we have two sheets of paper what the hell and they were just like put both in or so it's that's the thing.
It's like the biggest concern that I've seen for this is not so much the technology more so Its user error, right?
So one of the things that they've been doing to address that has been, they're doing this in Wisconsin where the second sheet of paper that's the receipt now is printed in yellow.
I know that but it's all like user experience fix, but Yeah I think that's the idea [UNKNOWN] even if the technology is perfect, they have to account for human error.
Which is something that the entire tech industry has been dealing with for years not just the election security.
And other issue being that Only 6% of voters in a study at the University of Michigan actually reported errors.
That's the other thing too, right?
They're saying like, you can check your vote now but like how many people like to report errors?
So even if there were errors, they Didn't bother a check.
It's on you to check it.
And like how often do you do something like that?
Yeah, when you put it on people.
Yeah, so they did this study with like 241 voters at the University of Michigan where it was basically, every vote was rigged.
Like every vote had an arrow-
And they wanted to see how many people like actually looked at their phone and said, hey, there's something wrong with this.
This is not who I voted for.
Wow, so that's like another hurdle for them.
Yeah, that's not reassurring.
For the Daily Charge, I'm Roger Cheng.
I'm Alfred Ng.
Thanks for joining us.