In short
- A former voting machine auditor says U.S. election methods nonetheless lack primary cryptographic safeguards to detect poll tampering or duplication.
- He proposes including end-to-end cryptographic proofs—with out blockchain—to safe future elections and restore public belief.
- Regardless of figuring out vulnerabilities as early as 2006, he says distributors received’t act with out authorized strain or up to date election legal guidelines.
In 2006, software program engineer Michal Pospieszalski uncovered harmful flaws in U.S. voting machines—flaws he says nonetheless threaten American elections right this moment.
Employed by the Election Science Institute, the place he served as Chief Know-how Officer, Pospieszalski was flown to the headquarters of election vendor Election Programs & Software program (ES&S) in Omaha, Nebraska. His activity was to research the corporate’s iVotronic voting system.
For over every week, Pospieszalski uncovered a variety of points, together with “dangerous code practices, backdoors, static passwords,” and most significantly, what he described as an entire lack of “end-to-end cryptographic proofs.”
“The most important factor that wasn’t there was end-to-end cryptographic proofs,” Pospieszalski informed Decrypt in an interview. “That means there’s no means the machine, even with excellent exterior safety, might know if a poll is respectable, or if it’s been counted twice, 3 times, 10 occasions, or 1,000 occasions.”
What’s lacking from right this moment’s voting machines
The CEO of blockchain safety and identification software program firm MatterFi, Pospieszalski, mentioned that vulnerability isn’t hypothetical; it’s simply exploitable by anybody with entry to voting machines and voter registration methods.
“You could possibly simply run the identical poll by means of 10 occasions—and that’s nonetheless true right this moment—and it’ll simply depend as 10 votes,” he defined. “And the scanner doesn’t know any higher, and neither does the tabulator. The tabulator within the central precinct is like, ‘Oh, it was 10 votes.’”
Pospieszalski mentioned the separation of poll and voter document methods typically makes reconciliation unimaginable with out referring to authentic paper data.
“There’s no nameless serialization of every poll that may permit the system to know that every serialized poll needs to be counted solely as soon as,” he mentioned.
The answer, in line with Pospieszalski, entails software program—not {hardware}—and builds on cryptographic strategies first developed within the Eighties by David Chaum, a cryptographer who pioneered digital money and launched blind signatures, permitting transactions to be verified with out revealing their contents.
Chaum later based DigiCash, an early digital foreign money, and proposed cryptographic voting methods that protect anonymity whereas enabling public verification. His work laid key foundations for each safe e-voting and fashionable cryptocurrencies like Bitcoin.
“What you need is the machine on the finish—the central depend tabulator or election administration system—will get a vote definition, and you’ve got a Chaumian-blinded serialization on each poll,” Pospieszalski mentioned. “So, like in LA County, that output poll that’s printed has a serial quantity. That serial quantity doesn’t establish the voter, nevertheless it tells the tabulator within the central precinct, ‘Hey, it is a distinctive poll.’”
“If I see two of them, then anyone cheated,” he added. “Particularly if I see 50 of them.”
In Pospieszalski’s proposed mannequin, there can be three counts: the paper ballots, the standard digital tally, and a 3rd cryptographic depend.
“The way in which you see dishonest is the digital depend says there are 100 votes, and the cryptographic depend says there ought to solely be 90,” Pospieszalski mentioned. “Now somebody injected 10 votes.”
Classes from Antrim County
In 2020, Pospieszalski was employed to conduct forensic evaluation in Antrim County, Michigan, after a short vote-counting error triggered widespread hypothesis.
“There was a vote flip in Antrim County by, like, roughly 2,000 votes, the place, like, in the future it was 2,000 for Biden, and the following day it was 2,000 for Trump,” he recalled. “What actually occurred is the poll definition was misconfigured in order that the system thought that the votes for Trump had been for Biden.”
He mentioned that when the ballots had been rescanned with the corrected definition file, “Every thing went again to regular.”
Pospieszalski emphasised that whereas the error was technical, the optics of the scenario fed public suspicion.
“There wasn’t an enormous, hostile assault. However as a voter being riled up by the media—notably right-wing media—persons are going to need solutions,” he mentioned, including that such confusion is strictly what end-to-end, off-chain cryptographic proofs are designed to forestall.
However whereas he discovered no proof of distant hacking or software program backdoors, Pospieszalski did say he encountered indicators of potential poll injection throughout his evaluation.
“If in case you have a poll with 42 selections, and within the evaluation you see 100 ballots with all 42 crammed out the very same means, you’re like: Um, most likely not actual,” he mentioned. “That’s the stuff I discovered some proof of in Antrim County.”
Requested why cryptographic poll serialization hasn’t been applied, Pospieszalski pointed to entrenched methods and company reluctance to make adjustments, including that proposals for safe voting typically failed to realize traction as a result of they had been too difficult.
“They’re suggesting all kinds of actually, actually difficult-to-use schemes… stuff that persons are identical to, if you happen to’re a voting machine producer, this isn’t going to make any sense,” he mentioned.
A number of applied sciences intention to enhance election safety and belief. In April, New York Assemblyman Clyde Vanel launched a invoice that may use blockchain know-how to safe voter data and election outcomes. Whereas blockchain has been promoted as an answer for safe voting, Pospieszalski argued that the core subject doesn’t require that stage of complexity.
“All you are making an attempt to do is resolve a easy drawback: get an correct depend of respectable votes,” he mentioned. “Further complexity is pointless. Lots of people push blockchain as a result of it is widespread, however you do not really need it.”
Against this, Pospieszalski says his resolution works with present machines.
“I’m simply saying: Look, make it a software program improve to the prevailing system and work with Dominion, work with ES&S, and you may simply flip it on or off,” he mentioned.
Requested how adoption would possibly occur, Pospieszalski prompt laws or mandates from jurisdictions that oversee elections.
“Voting producers and their prospects—counties—want large precincts to push for change,” he defined. “If a legislation mentioned that by 2028 or 2032, voting methods should embrace end-to-end crypto proofs, we’d be in enterprise.”
The benefit, in line with him, can be readability in future elections, particularly in heated contests the place belief is fragile.
Typically Clever Publication
A weekly AI journey narrated by Gen, a generative AI mannequin.