It's time for another look at election security – through a technological lens

Getty Images

Featured eBooks
Space Tech
Read Now

CDM

Read Now

Digital Transformation

Read Now
By Bill Harrod,
Federal CTO, Ivanti

By Bill Harrod

|

Using a mobile device to cast a ballot – secretly, securely and verifiably – and having the ability to validate the accuracy of the voting process is certainly possible, and it's time to start taking that possibility more seriously.

What is being done now to help ensure that the next presidential election will be secure and can be relied on to deliver a valid and verifiable result?  Unfortunately, the answer to that question is anything but clear.  Discussions of election security these days pertain more to politics than to technology. Whereas in the run-up to the 2020 election, public and private sector experts alike paid serious attention to how the election could be interrupted by foreign actors, recently there's little talk of cyber disruptions. And of course, with tensions rising in Ukraine, voting infrastructure is not top of mind. It should be, however, as we still haven't solved some basic problems with securing elections. Eventually, we should be able to use a mobile app to cast a ballot.

Voting infrastructure is complicated, as its security and resilience vary greatly across the United States.  In addition to rules and regulations that differ from state to state, we've also departed from the long-held tradition of having one day for in-person voting. In the 21st century, many states have expanded the early voting process to allow anyone to vote ahead of election day, both in person and by mail, for any reason or no reason at all.  In addition, same day registration and varying types of electronic voting machines are permitted in some jurisdictions but not others. We are a long way from standardizing this process.

Yet there are certain principles that define the election process in the United States. Among them are the tenets of one person-one vote, a secret ballot, and the integrity of the election process so that every vote is counted accurately and verifiably. While some of these principles are under attack, they should not be. We should be able to agree on this much.

The question then becomes, what technologies can help fulfill these tenets? Could we one day vote in a national election via mobile app? The voting process depends upon being able to validate the identity of the voter, verify their registration as an authorized voter, ensure their vote is counted accurately and can be validated through some backup process, and maintain the secrecy of the ballot cast. 

In advance of the 2020 election, voting via an app on a mobile device was one of the possibilities floated. While not a mobile application, voters in the King County Conservation District in Washington state recently cast votes in a special election for a board supervisor position using a website-based system. The voter simply entered their name and date of birth to access the voting system, and then electronically signed their name. From there a ballot with the marked votes was printed and verified by elections officials. It's important to understand, however, that this is a much smaller scale than a national election, with only approximately 1.2 million voters eligible. And web voting has its own inherent risks, especially on a large scale. One does not have to look very hard to find successful attacks and vulnerabilities against websites including distributed denial of service (DDoS), cross-site scripting, and exploitable website code vulnerabilities.  

Using a mobile device to cast a ballot – secretly, securely and verifiably – and having the ability to validate the accuracy of the voting process is certainly possible.  However, it will require additional measures to ensure that votes are secured. These include:

  • Stronger universal identity proofing – User verification, confirming a user is who they say they are, will be critical to online/app-based voting. Whether that is based on biometrics or life events, identity proofing and verification will be necessary to ensure the integrity of any vote cast. 
  • Digital signing and encryption certificates, ease of use – Digital certificates are commonplace in today's connected world but will become even more important in a world of online/app-based voting to ensure the identity of the person casting the vote. Election officials will also need to ensure the technology is highly secure and yet also easy to use and understand. Otherwise, gaining trust will be difficult.
  • Adoption of standards and protocols for voting across a collection of states – Today's system of voting in the U.S. is highly fragmented and splintered across the more than 3,000 counties, boroughs, and parishes. In order for online/app-based voting to be fully realized, officials will need to agree on a higher level of standards that inspire confidence in the system. 

These additional measures for security, citizen identity validation and verification, and for accurate tabulation of cast ballots, must also be considered from the citizen's viewpoint to ensure individual privacy protections, secrecy of the vote cast (anonymity of the ballot), and the ability of the user to change, update, modify, or delete their identity and registration.  

Now is the time to be having these discussions, in the open, with full transparency. We need input and collaboration on the federal, state and local levels as well as with technology providers to develop and test a solution, well in advance of any election for which it might be used.  Let's stop kicking the election-security can down the road and start perfecting technologies that could actually work and inspire confidence in the system.

Bill Harrod is chief technology officer for public sector at Ivanti.

NEXT STORY: What federal data platform owners need to know about the zero trust mandate

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.