Microsoft, Galois Partner On Election Security


Microsoft and Galois have partnered on a new election security solution called ElectionGuard. ElectionGuard has been released as a software development kit on GitHub and will be part of Microsoft’s Defending Democracy Program.

In a blog post, Microsoft outlined that ElectionGuard will enable end-to-end verification of elections, open results to third-party organizations for secure validation, and allow individual voters to confirm their votes were correctly counted. Microsoft has already partnered with election technology suppliers responsible for more than half of the voting machines sold in the U.S.

Microsoft envisions ElectionGuard as an add on to systems that use electronic voting, but won’t support internet voting. The system is also not designed to replace paper ballots, but is rather designed to add another layer of security to existing systems.

In terms of tracking, ElectionGuard provides each voter a tracker with a unique code that can be used to follow an encrypted version of the vote through the entire election process via a web portal provided by election authorities. During the process of vote-casting, voters have an optional step that allows them to confirm that their trackers and encrypted votes accurately reflect their selections. When the election is complete, the code can be used to confirm that an individual vote was counted as cast.

The SDK also supports the development of enhanced statistical auditing, which Microsoft said can help to ensure that independent third parties are able to verify the election result.

The code for ElectionGuard was built with Microsoft’s development partner, Galois. Galois recently received $10 million in funding from DARPA to build a demonstration voting system that will help researchers work on election security. The agency views ensuring the integrity and security of the election process as a critical national security concern and plans to implement the ElectionGuard SDK as part of their effort to enable an end-to-end verifiable component in future versions of their demonstration voting system.

The announcement of ElectionGuard comes on the heels of news that Microsoft intervened to remove six domains from the internet that were part of a Kremlin-backed election hacking project. The hacking was aimed at US candidates running in the midterm election cycle. The domains were created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28. The company will be engaged in similar monitoring efforts throughout the 2020 cycle.