Building A Better Democracy
OR Secure Your Right…to Election Integrity
I was recently asked how to build a secure voting system. There are two schools of thought. 1. Find trustworthy people from all interested parties to both count the paper and oversee the process. 2. Find a secure technology to let freedom ring while keeping pesky hackers out. Unfortunately, from a security standpoint, you’ve left out the most important people…the voters!
This is NOT a political conversation. This is technical. Anyone in their right mind would want to ensure an election is fair and allows the voice of the people to come through unless they want to control it. What works in favor of one group today can just as easily be used against them in the next election or union vote. Let’s see what we can build!
Setup – A network allows multiple devices to communicate by linking them together by a physical or wireless connection. Think of a spider web. The spider (server) is the brain, and each crossing of the web is a connection (station). The server connects to each station on a secure fiber connection, and each station must authenticate itself with the server before it is allowed to join. In our case, individual stations do not talk to one another, only to the server. Each device has a security certificate encoded in the hardware, which means it can never change. Also, each unit has a built-in RSA secure token used to authenticate ON TOP OF the certificate. Think of having a lock box that requires two keys and two different people to open.
Trusted Platform Module (TPM) 2.0 – The Trusted Platform Module (TPM), in a nutshell, is a hardware device that validates the hardware components of the system on boot to ensure it has not been compromised. All new computers will have this standard as Microsoft announced Windows 11 would require TPM.
Encrypted Hard Drives – The hard drive is the only piece of hardware on the station that changes. The operating system, such as Windows or macOS, will live on an electronically changeable chip. Unless you have the keys to the physical case, a trusted certificate, and the RSA token key, you can’t even access it! The hard drive will be approved by the TPM with its own certificate and will allow the ballot information to be presented on the machine, and that’s it! No data will be stored on the local hard drive EXCEPT the number of voters, the times they voted, and their unique 128-bit hash.
Station – The station is a military-grade touch-screen computer with three connections: a single fiber connection to talk to the server, a slot for the solid-state hard drive (SSD), and a scanner for the voter’s identification. Two blind panels on either side will provide privacy but also house two cameras to capture the sides of the voter’s face. A single camera will be stationed on the top for direct voter view. The three pictures of the voter will be combined to confirm their identity based on the photo presented. The scanned image of the voter card will be cross-referenced with the pictures. THEN, the system, with a little help from the server, will cross-reference both the pictures with the ID provided by the issuing agency.
Secure Authentication Channel – Now the fun part. How do I build a secure computer that can communicate back to those central databases without a) exposing personal information, b) exposing voting information, and c) allowing interception/modification of the vote? First, no voting information is processed or passed across the line. Remember that 128-bit hash? Here’s where it comes from. Once the system confirms the user’s identity, it creates the hash based on their information, time of day, and a truly random number. This is a whole conversation by itself since most encryption uses pseudorandom numbers based on processor time. We won’t get into the weeds. Just know a 128-bit, a one-way hash is created and shared with the server along with an encrypted vote count. A watermarked printout is also produced when the polls close. This is for integrity when the systems reconcile later.
Voter Verification – Again, this isn’t a political discussion, but any secure system MUST authenticate the user. In a secure world, the voter could use one of four (4) items to confirm their identity: state-issued driver’s license, military ID, state-issued identification card, or US Passport. All four must have a unique number that can be queried to confirm the voter is really the voter. This also confirms the voter is voting in the right place and is registered to vote.
Is That Really You? – Facial recognition is accomplished with three cameras pointing at the front and sides of the face. Remember the three authentication options – something you have, something you know, something you are. Your face is something you are. Your driver’s license is something you have. You could go one step further and create a four or 6-digit pin, but that may be extreme for the average user.
Repeat Voters – Each person casts only one ballot. This is confirmed by the issuing agency AND the voting servers. If the person attempts to cast another ballot, the server will show they already tried and reject them.
A Vote That Counts – The voter is presented with the ballot specific to their county and district. This is delivered on the hard drive and is specific to the address of the polling location. The best part? No need to manually build and deliver. They are provided to the machine when they get online and register with the server. More fun? It’s delivered by the state servers. The county server is only there to confirm authentication of the poll stations, creating a two-device authentication. Once the voter finishes, they are provided a printout with a QR code. This is the 128-bit hash that they can use to securely see how they voted. I’ve been calling for personal voting records forever! When viewing the report, only the initials and timestamp indicate the voter. You could include an internal reference for the machine and polling location. The voter can see how they voted in every election the system was in use.
Paper Trail – What if I didn’t trust the system? What if I only wanted to use a paper ballot? No problem! On the screen, the user is offered this as a solution. For security, the paper is watermarked and tagged with a unique serial number. All mail-in ballots are also properly tagged, and upon printing, each voter is confirmed to receive only one ballot. The back-end state servers would know if someone were to vote twice and invalidate any second attempts.
What’s The Cost? – I believe secure systems like these could be built for as little as $100 per unit when produced in bulk. The difficult part is the ongoing semiconductor shortage. Now would be an excellent time for an American manufacturer to build something specifically for this application. A commitment from just a few states would drive the price down. The trick, though, to prevent additions of backdoors would be to create cooperation between governments, manufacturers, and individuals to leverage checks and balances. If it’s an open technology, it can be better validated and secured.
Human Protections – Remember those servers? They need to be protected by sworn officers at the county and state levels. Any person or persons that install, maintain, or operate the machinery must complete a thorough background check, give a sworn oath to uphold election integrity, and possibly hold a security clearance. No one will be willing to lose their clearance to fudge votes. Keep your volunteers at the polling stations. They won’t be able to affect an election from there anyway.
Yes, both schools of thought are required to ensure election integrity. Strong encryption with military-grade technology used with trustworthy people is the only way to make it work. But the real answer is for the people to silence the political nonsense flowing from parties and agree, in unison, to change the current system. Still, think this is a political discussion? Did you know over the last 20 years, hundreds of state and federal politicians, mostly Democrats, have called for the current systems to be removed due to hacking risks?