Inspiring campaign rallies. Whistle-stop stump speeches. Intense debates. This year’s presidential elections have already exhibited a number of time-honored traditions in American democracy. Unfortunately, recent presidential elections have included a new ritual — questions and controversies over the accuracy of voting technologies Americans use to cast and count their ballots.
Enter A Center for Correct, Usable, Reliable, Auditable and Transparent Elections (ACCURATE), a team of computer scientists and other academic researchers from across the country who are working to help bring the latest research, insights and innovations from the lab to the voting booth.
Created in 2005 with a $7.5 million award from the National Science Foundation (NSF), ACCURATE is part of NSF’s Computer and Information Science and Engineering (CISE) directorate’s CyberTrust program, a multi-year initiative that seeks to make the nation’s underlying computer networks and infrastructures reliable even in the face of cyber attacks.
The project is headed by Avi Rubin, a professor of computer science at Johns Hopkins University. An expert in information security, Rubin was intrigued by the challenges associated with improving voting technologies. "There was a perceived need," Rubin says, "that these systems were not secure enough." Once they began examining the issue from a scientific perspective, Rubin and his colleagues discovered that a more holistic approach was needed to understand how the computers, touch screens and other technologies are interrelated in elections.
To meet this multi-faceted challenge, ACCURATE brings together experts from across the country and across academic disciplines to find areas that need further research and determine how to apply existing technology and research insights to voting systems. Some of the team’s research focuses on system-level issues that affect many aspects of an election. Other parts of ACCURATE’s research focuses on more specific issues such as identifying the role of cryptology in voting security, designing voter verification systems, relating election policies to new technologies and improving the usability and accessibility of the voting process.
The team has created several new tools using existing theories and approaches commonly used in computer science to test voting technologies and systems, which state and local elections officials can use to test their election plans and find possible vulnerabilities.
One such tool is AttackDog, a threat modeling system developed by David Dill, a co-primary investigator on the project with Rubin and a professor at Stanford University. Using algorithms developed by one of Dill’s undergraduate students, AttackDog looks at more than 9,000 potential ways a voting system can be attacked, including computer hacking, ballot tampering and voter impersonation. The program contains certain assumptions about each kind of potential attack and countermeasure, and then creates an attack tree, a way of conceptualizing potential faults that is commonly used in computer science and engineering. As new potential attack methods become apparent, the system can be adapted to consider the new threat.
AttackDog works by factoring in all the characteristics of an election system — the number of polling places, the type of voting machine used, the number of poll workers, and so forth. AttackDog will then look at each step in the elections process, from when the ballots are designed to the point that they are counted, and try to find possibilities for an attack at each stage. Planners enter in the details of their countermeasures for each potential vulnerability. AttackDog then takes that new information and tries to find new weaknesses in the election’s security precautions.
According to Dill, AttackDog is a good example of how the ACCURATE project uses computer science tools and techniques to help local officials improve the security of their elections. "It’s using computers to get a grip on problems that are too complex for the mind to understand unaided," Dill says.
Because the program is open source, elections officials across the country can use it to assess the threats to their own elections procedures. Ion Sancho, Supervisor of Elections in Leon County, Fla., says that before using AttackDog, his office had never used threat modeling to analyze the security of the county’s elections. He describes the program as "very useful," and says that it has already lead to at least a dozen changes in the way his office approaches election security. "I learned a great deal," Sancho says of his experience with AttackDog, "and I have a much higher awareness of security in everything involved in our elections."
Such partnerships with state and local elections officials are at the heart of ACCURATE’s mission. In fact, several secretaries and assistant secretaries of state from around the country are on ACCURATE’s advisory board.
Rubin’s team is currently working on building a voting technology system prototype whose security can be easily verified. The system will then be made available to election machine manufacturers, elections officials, and others to integrate into their own technologies.
Even the most sophisticated computer models can’t predict the outcome of this year’s elections, but thanks to this team of computer scientists and their partners in the public sector, communities across the country will be better prepared to prevent malicious attacks and mishaps at the ballot box.
[Dana W. Cruikshank @ National Science Foundation]