Rather than the usual paper ballots, voters made their selections on digital tablets, loaded them onto plastic cards outfitted with memory chips, and inserted them into a card reader that saved the votes to a computer and printed a paper copy of each ballot to be placed in a ballot box.
The election in Fulton was the first official test of ElectionGuard, a voting software developed by Microsoft as part of its “Defending Democracy” project. ElectionGuard uses a relatively new form of encryption to secure votes and tally them in minutes. It’s designed to make it harder for hackers to break into the system, but also to make it immediately obvious if the system is tampered with.
Fulton Township, located about a half hour drive from Madison, has a population of 3,300. Fewer than 400 people drove through the snow to Fulton Town Hall, the town’s singular polling place, to cast their ballots.
“I came in expecting the same old voting process with the little pencils and the forms with the little dots but it wasn’t like that at all,” said Barbara Pifer, a Fulton voter. But Pifer said she’s glad for the pilot: “It was refreshing to see that they’re trying to do something new and maybe start a process that’s going to be a bit more foolproof and secure.”
Microsoft planned to avoid such a debacle by trying out their solution in a much smaller election, and with a hand count of paper ballots as a backup.
The company doesn’t expect ElectionGuard to be used in the 2020 election. But after the technology proved successful in Fulton, Microsoft executives say they’re optimistic it will be widely adopted by the 2024 presidential election.
The company has made the software’s code free and publicly available.
“When we saw what happened in 2016, the efforts that were made by foreign adversaries to actually influence the voting process in the United States, we concluded we had a responsibility as a technology leader to see what Microsoft could contribute to improving the safety and security of our elections,” said Tom Burt, Microsoft’s corporate vice president for consumer security and trust.
Making hacking ‘pointless’
Most security experts agree that creating a truly unhackable system is impossible.
“There’s nothing that I can do — that anyone can do, for that matter — to ensure there’s no meddling,” said Josh Benaloh, the senior cryptographer at Microsoft who developed the mechanism underlying ElectionGuard.
For that reason, ElectionGuard is designed to be “tamper evident.”
Each vote is individually secured using a process called “homomorphic encryption.” Individually encrypting votes protects voter privacy and discourages meddling. If a bad actor wanted to preference a certain candidate, they would have to do the difficult work of decrypting each vote in order to even know which votes to change, Benaloh said.
After the polls close, homomorphic encryption makes it possible to tally the votes and decrypt the result without ever decrypting individual ballots. A verifier application also runs a mathematical equation at the end — if no votes have been tampered with, that equation will produce an expected answer. If the answer is different, it will indicate election officials should double check the election results using a back-up method.
The computer that does all that calculation is not connected to the internet.
In Fulton, a paper ballot was generated for each vote, and hand counted at the end to ensure the system’s accuracy. When the ElectionGuard and the paper count results matched up exactly, Microsoft executives, poll workers and the town’s election officials all cheered.
“It doesn’t assume that the devices can’t be hacked, because that’s a foolish assumption” Microsoft’s Burt said. “But what it does do is it says: Even if it does (get hacked), how can we make it pointless for them to do that?”
Restoring voter trust
Microsoft’s solution isn’t only about securing elections against bad actors, it’s also about restoring trust among voters. After casting their ballot, voters on Tuesday left the polling place with a code that would allow them to log into a portal the following day to confirm their vote had been counted.
The portal doesn’t detail whom each person voted for, due to privacy concerns, but because of ElectionGuard’s verifier application, it can confirm that votes were tallied accurately.
Voter confidence and the integrity of voting systems are actually closely linked, said Meagan Wolfe, administrator of the Wisconsin Elections Commission who worked with Microsoft to pilot ElectionGuard in Fulton.
“It doesn’t take an actual breach or an actual hack of a system, it just takes a rumor to undermine someone’s confidence,” Wolfe said.
“What we’ve heard from voters over the last few years is that they’re interested in understanding the mechanics of how and why their ballot was cast correctly, and how can they have confidence that nothing changed in that process.”
“We’re at a really important point in democracy where people are wondering if it works anymore,” said Jamie Winterton, director of strategy at Arizona State University’s Global Security Initiative. “Are these systems compromised to the point where I shouldn’t bother participating anymore? That’s a really dangerous place to be. If people can go somewhere to see their vote counted, that helps restore some trust.”
Securing elections with Big Tech?
Microsoft’s entry into election security comes at a time when big tech increasingly faces scrutiny for compromising democracy, rather than protecting it.
Some voters in Fulton on Tuesday expressed their skepticism about using technology to vote, too.
“I really don’t like this electronic stuff because it can be hacked. Where does the information go?” said James Abts, who has lived in Fulton for 41 years. “I’m just a little leery, that’s all.”
The bigger challenge is finding a way to secure the many parts of the election system. Different jurisdictions throughout the country, often down to the county level, can choose their own voting mechanism. On top of that, voter registration databases must be secured and election results must be securely communicated up through state and federal levels.
“The American democracy is messy,” said Richard Forno, assistant director of the Center for Cybersecurity at the University of Maryland, Baltimore.
Forno said it would be hard to devise a solution to securing all those pieces of the American election system without the help of big tech.
“Who else is going to do it? A technology company has the dollars and the people to do research and development and testing,” Forno said, adding other solutions may come from academics and tech startups.
For Microsoft, ElectionGuard is not meant to be a commercial endeavor.
“This is a step that we’re taking free of charge, we’re not going to make any revenue from this at all,” Burt said. “The whole point is what can we do as a company to help defend our democracy and protect the vote?”
Microsoft published the open source code for ElectionGuard, so local election officials could use it without necessarily getting the company involved. Microsoft said the software will work with any voting system — which can vary widely across the country — so long as there is some electronic element. In Fulton, the software was plugged into existing voting hardware made by the nonprofit VotingWorks.
After the pilot in Fulton proved successful, Burt said Microsoft plans to seek out other jurisdictions and voting hardware providers for additional and larger tests of ElectionGuard.
And while ElectionGuard itself won’t be a revenue driver for Microsoft, Burt said ensuring that people trust technology is key to the future of the company.
“It will improve the security of the global ecosystem,” Burt said. “How does that benefit our shareholders? Because if, in the long run, people feel safe and secure participating in a digital ecosystem, and if we have good products and the services to offer to that ecosystem, then we’re going to make money.”