Recent News

Featured

The TrustTheVote Project supports EU privacy standards

TThe EU Flag snaps in the wind against a blue skyo prepare for the new General Data Protection Regulations (GDPR) for EU countries, the TrustTheVote Project web support team and OSET Institute Legal reviewed all of our data privacy and security policies to ensure that we meet (or exceed) the standards set by the GDPR. Data privacy and security is one of the foundational values of the TrustTheVote Project, and we want to be sure that we’re consistently applying best practices and principles.

We also believe it’s important to support and promote international norms for digital privacy. Although the OSET Institute is headquartered in California, our mission is global in nature, because verifiable, accurate, secure and transparent election technology is a mandate for all democracies, worldwide. Trust in elections depends on digital privacy and security. That’s why we support the principles of the GDPR, both all of our web properties, and in the software we build for safe and secure elections, ElectOS.

You can read our new Privacy Policy to see how GDPR compliance applies to this website. Please contact us if you have any questions about digital privacy, security, or how it applies to election technology.

More Information

Voter registration problems in Maryland signal larger vulnerabilities for upcoming elections

Binary data disappears in a dark hole

Voter registration data lost in Maryland

This Monday, state officials in Maryland acknowledged that problems with their “motor voter” systems are more significant than originally described:

[A]s many as 80,000 voters — nearly quadruple the original estimate — will have to file provisional ballots Tuesday because the state Motor Vehicle Administration failed to transmit updated voter information to the state Board of Elections.

— Up to 80,000 Maryland voters will have to file provisional ballots, state says (Washington Post. 6/25/18)

This announcement, made only hours before the polls opened for Maryland’s Tuesday primary, will mean more than just a minor inconvenience for the tens of thousands of voters affected. Sen. Joan Carter Conway (D-Baltimore City), chairwoman of the Senate Education, Health and Environment Committee, said that this situation will “confuse voters, suppress turnout, and disenfranchise thousands of Marylanders.”

Yet the significance of this programming error is broader still. Sen. Richard S. Madaleno Jr. (D-Montgomery), who is also running for governor of Maryland, called the incorrect registration of thousands of voters a “catastrophic failure.” In his statement, he continued, “The chaos being created by this failure subjects real harm to our most cherished democratic values,”

Is this election season hyperbole? Not at all, says John Sebes, Chief Technology Officer of the OSET Institute (the organization that runs the Trust The Vote project). In his recent article, Maryland Voter Registration Glitch: A Teachable Snafu, Mr. Sebes identifies the wide-ranging problems that will follow from these kind of disruptions at a larger scale:

If a foreign adversary can use cyber-operations to maliciously create a similar situation at large scale, then they can be sure of preventing many voters from casting a ballot.  With that disruption, the adversary can fuel information operations to discredit the election because of the large number of voters obstructed.

— John Sebes, OSET Institute

It is, in fact, the credibility of the entire election itself that is at stake. These kinds of technical problems don’t need to be the result of nefarious interference in the election process. Mr. Sebes continues,

The alleged system failure (hack, glitch, or whatever) doesn’t even need to be true!  If this accidental glitch had occurred a couple of days before the November election, and came on the heels of considerable conversation and media coverage about election hacking, rigging, or tampering then it would be an ideal opportunity for a claimed cyber-attack as the cause, with adversaries owning the disruptive effects and using information operations to the same effect as if it were an actual attack.

—  Maryland Voter Registration Glitch: A Teachable Snafu by John Sebes

Maryland is clearly vulnerable to this kind of attack on the credibility of their electoral process. Already, some are sounding the alarm that these voter registration problems weren’t identified quickly — plus, there’s no way to verify the process itself:

Damon Effingham, acting director of the Maryland chapter of Common Cause, said it was “preposterous” that it took MVA officials four days to figure out the extent of the problem and that there is no system to ensure that its system is working properly.

— Up to 80,000 Maryland voters will have to file provisional ballots, state says (Washington Post. 6/25/18)

What’s the solution?

John Sebes and the Trust The Vote project have spent years developing open source election software and systems to address these issues. But that alone isn’t sufficient. Mr. Sebes identifies the steps that election officials can take now to prevent the kind of problems that Maryland is experiencing this week:

  • “It’s partly a technology effort to re-engineer election systems to be less fragile from errors and less vulnerable to attack.”
  • “How to ensure the correctness and integrity of poll books[?] … that depends on emerging open data standards and the question of certification of poll books.”
  • “Given the great importance of public credibility … election officials must also plan for proactive public communication.”

Mr. Sebes concludes:

The Maryland glitch is not so much about failed integration of disparate data systems, but much more about unintentional catalyzing of opportunities to mount “credibility attacks” on elections and the need for a different kind of preparation.

Read the full article, Maryland Voter Registration Glitch: A Teachable Snafu by John Sebes, on the OSET Institute website.

The OSET Institute runs the TrustTheVote Project, a real alternative to nearly obsolete, proprietary voting technology. TrustTheVote is building an open, adaptable, flexible, full-featured and innovative elections operating system called ElectOS. It supports all aspects of elections administration and voting including creating, marking, casting, and counting ballots, as well as managing all back-office functions. Check out this overview of the TrustTheVote Project to learn more. If you’re involved in the election process, as an election official, or an academic or researcher, join the TrustTheVote Project as a stakeholder to help develop and deploy open, secure, reliable, and credible election technologies. If you’re concerned about the health of our election systems, you can donate or volunteer. If you have any questions about the TrustTheVote Project, contact us today.

Election Meddling Using Social Media Bots & its Brush with Election Technology

For those interested in how foreign adversaries are meddling in U.S. elections with social media, there is a recent must-read paper from the NDN Think Tank: A Primer on Social Media Bots And Their Malicious Use In U.S. Politics authored by Tim Chambers of the Dewey Square Group. This report is the definitive work about:

 

The transport layer of weaponized social media content used for political purposes.

The methods work for any kind of content, whether preaching to the choir, or intentional distortion of real political events, or outright lies. Probably the most illuminating aspect of the report is the explanation of how any single blob of content gets its reputation burnished. It’s not just disinformation campaigns where the goal is to get the content widely heard or seen. It’s that, plus getting the content normalized by the support of large numbers of people. And here is the really clever bit: the content is liked/re-tweeted/etc by large numbers of who turn out not to exist including some bot-people with an (invented) impressive following or reputation.

This approach is a key part of the new information operations, and the chilling thing for me is how these info-ops are already part of current politics and electioneering, just adjacent to the actual administration and operation of elections. Since our focus is on innovative technology for election administration and operations, I have to be concerned with how election technology can be damaged by the new info-ops.

I can see adversaries revving this engine to attack U.S. elections at the level of basic trust, in contrast to the operational attacks that are the current focus of election hacking FUD.  When I started in the cyber aspect of critical infrastructure protection in early 2001, we worried about “cyber-physical” attacks, where a cyber attack would magnify a physical attack on physical infrastructure.

At the Intersection of Social Hacking & Election Administration

Now we also need to address the much more insidious and diffuse threat of cyber-social attack, where a publicly visible cyber attack on election infrastructure is performed to provide the starter fluid for bot-based information operations intended to undermine belief in election outcomes and potentially de-legitimize an election. I’m talking about malevolent technology plus social media being a machine where cyber-ops are used to intentionally create a publicly visible mole-hill, which info ops then turn into a political mountain.

A scary thought.

For myself and our work it underlines the need for election infrastructure that is publicly, demonstrably, ground-up strong against cyber-ops. With the weak and architecturally flawed election technology we have today, any claim about an election technology hack, even a completely spurious one, is just too credible by default. The readiness of election technology to buttress or reject digital attack we are addressing, but the cyber-social threat to elections requires its own focused effort as well; to my understanding the work of projects like the Belfer Center’s Defending Digital Democracy is an important step in the right direction.  Reading Chamber‘s paper on social media bots should be an early step of that effort.

— EJS