Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia are needed more than ever to help defend democracy.
Let’s start with a quick look at the newest data available to us. In the past year, Microsoft has notified nearly 10,000 customers they’ve been targeted or compromised by nation-state attacks. About 84% of these attacks targeted our enterprise customers, and about 16% targeted consumer personal email accounts. While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives.
The majority of nation-state activity in this period originated from actors in three countries – Iran, North Korea and Russia. We have seen extensive activity from the actors we call Holmium and Mercury operating from Iran, Thallium operating from North Korea, and two actors operating from Russia we call Yttrium and Strontium. This data has been compiled by the Microsoft Threat Intelligence Center which works every day to track these global threats. We build this intelligence into our security products to protect customers and use it in support of our efforts to disrupt threat actor activities through direct legal action or in collaboration with law enforcement. But let’s be clear – cyberattacks continue to be a significant tool and weapon wielded in cyberspace. In some instances, those attacks appear to be related to ongoing efforts to attack the democratic process.
Since the launch of Microsoft AccountGuard last August, we have uncovered attacks specifically targeting organizations that are fundamental to democracy. We have steadily expanded AccountGuard, our threat notification service for political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs), to include 26 countries across four continents. While this service is relatively new, we’ve already made 781 notifications of nation-state attacks targeting organizations participating in AccountGuard. This data shows that democracy-focused organizations in the United States should be particularly concerned as 95% of these attacks have targeted U.S.-based organizations. By nature, these organizations are critical to society but have fewer resources to protect against cyberattacks than large enterprises.
Many of the democracy-focused attacks we’ve seen recently target NGOs and think tanks, and reflect a pattern that we also observed in the early stages of some previous elections. In this pattern, a spike in attacks on NGOs and think tanks that work closely with candidates and political parties, or work on issues central to their campaigns, serve as a precursor to direct attacks on campaigns and election systems themselves. We saw such attacks in the U.S. presidential election in 2016 and in the last French presidential election. In 2018 we announced attacks targeting, among others, leading U.S. senatorial candidates and think tanks associated with key issues at the time. Earlier this year we saw attacks targeting democracy-focused NGOs in Europe close to European elections. As we head into the 2020 elections, given both the broad reliance on cyberattacks by nation-states and the use of cyberattacks to specifically target democratic processes, we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns.
So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections. We are excited that attendees of the Aspen Security Forum will be able to try our ElectionGuard demo. While ElectionGuard can run on a range of new or existing voting systems using hardware from a variety of manufacturers, the demo we’re showing this week was built using a Microsoft Surface tablet in kiosk mode, an Xbox Adaptive Controller as an optional accessible input device, and a standard printer.
Our ElectionGuard demo will showcase three core features.
First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.
Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.
Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.
ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.
We will not distribute commercial voting systems like the one we’re demoing this week but instead are partnering with the community of election technology suppliers that already serve state and local governments. We previously announced that we have partnerships with suppliers that build and sell more than half of the voting systems used in the United States today. Today, we’re excited to announce that we’re also now partnering with Smartmatic and Clear Ballot, two of the leading voting technology vendors, and Dominion Voting Systems is actively exploring the inclusion of ElectionGuard in their offerings.
In the coming months, we will also announce new details about our partnership with Columbia University’s Columbia World Projects. Columbia professors in statistics, political science, computer science, and international and public affairs will be joining forces with Microsoft to bring ElectionGuard to life by piloting the technology in the 2020 elections.
No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.
At the same time, no single company can tackle these issues, and the need to protect democracy is more important than corporate competition. We applaud similar contributions from companies like Twitter, Facebook and Google; it’s also why Microsoft’s Defending Democracy program is supporting efforts from those like the Harvard Kennedy School of Government’s Belfer Center, Columbia World Projects at Columbia University, research underway by Princeton University, and the Oxford Internet Institute’s Computational Propaganda Project.
At the Aspen Security Forum and in the months to come we need to have an honest conversation about threats, but more importantly a conversation about all the emerging tools available to stop them. Microsoft and our Defending Democracy program are committed to our responsibility to the United States and other world democracies to provide tools and technology to combat these threats. As you read this post and participate in the Aspen Security Forum discussions in person or over social media, I hope you’ll give equal thought both to the problems and to the solutions.