Election security threats loom as presidential campaigns begin Microsoft: 94% of Trickbot's infrastructure disabled

Voting fraud technology could play role in momentous election

Vendors, academics and data scientists are developing technologies to detect irregularities in voting patterns. The turbulent U.S. election could provide fertile turf for the tools.

Technology to detect or prevent voting fraud could play a role in untangling results of one of the bitterest elections in U.S. history, and tech tools such as election forensics and open source election software offer the promise of more secure and trusted elections in the future.

As the contest between President Donald Trump and his Democratic challenger, former Vice President Joe Biden, unfolds amid the coronavirus pandemic, the election has been roiled by cybersecurity threats, disinformation spread via social media, and concerns about mail-in ballot counting, including Trump's unsubstantiated warnings of mail-in voting fraud.

"I have guarded optimism about what's to come," said Gregory Miller, co-founder and chief operating officer of OSET Institute, a nonprofit open source election technology group that evolved out of the Mozilla Foundation.

"But I don't think that any of us that work in cybersecurity or technology or election administration can, with intellectual honesty, say it's going to be fine and go swimmingly, because we already know it's not," Miller said.

Open source elections

OSET is the most prominent of several projects to develop open source election software that, coupled with more trustworthy hardware than is used in many voting precincts now, will give the public and election officials full visibility into election problems, and the ability to fix them, proponents said.

Miller noted that the election -- which has been in progress for weeks with waves of early mail-in voting due to the COVID-19 pandemic -- features unprecedented numbers of absentee and mail ballots.

I don't think that any of us that work in cybersecurity or technology or election administration can, with intellectual honesty, say it's going to be fine and go swimmingly, because we already know it's not.
Gregory MillerCo-founder and chief operating officer, OSET Institute

So while Nov. 3 is technically and historically the date of the quadrennial presidential election , this year it really will only be a midpoint in a process that started well before that date and will continue for days, if not weeks or months, after.

"November 3 is the first day of the [craziness] to ensue, but it's really the last day of ballot casting, and then begins the arduous counting," Miller said.

Most states do not have extensive experience with counting large numbers of vote-by-mail ballots. Only five states -- Colorado, Hawaii, Oregon, Utah and Washington -- have regularly conducted elections primarily by mail.

"We know historically that those states that have the most experience will get to the results the quickest, and those with the least amount of experience will get to the results the latest," Miller said.

Much of the counting will be done by machines, and by hand. Both approaches contain opportunities for error, but elections have gone well for years in the five mail-in voting states.

Tech to prevent and detect election fraud

Meanwhile, various forms of election fraud and interference is a well-documented issue, from campaigns that resort to dirty politics to foreign actors and others working to undermine American democracy with disinformation.

2020 U.S. election security threats
Voter fraud is one of numerous threats to the 2020 U.S. presidential election.

Most political experts agree that mail-in ballots are a secure approach to voting.

Other approaches are more fraught with opportunities for tampering. Political academics and commercial vendors are developing technology to uncover fraudulent activities.

The FBI and Department of Homeland Security have released warnings about fake election websites.

A recent report from McAfee found that only 16.4% of U.S. county election websites use U.S. government .GOV validation and HTTPS encryption -- both considered critical security features to reduce cybersecurity risks and prevent misinformation from spreading ahead of the election.

Walter Mebane, professor of political science and statistics at the University of Michigan, and other U.S. election experts within the Election Verification Network professional organization dedicate their time to ensuring that elections are sound.

Mebane's EFToolkit on GitHub applies statistical election forensics techniques and technologies, including machine learning to detect fraudulent patterns. The tool uses pattern recognition to flag suspicious voting activity, similar to what's used in the financial industry to identify credit fraud.

The tools analyze numerical electoral data and detect where patterns deviate from those that should occur, based on mathematical principles. Numbers that humans have manipulated present patterns that aren't likely to occur naturally in democratic elections.

"What we get [as part of election forensics] is actual counts of votes by precinct and counts of registered voters, or down to the level of votes per voting machines or images from ballot machines," Mebane said. "You apply statistics to that data, and the historical data from past elections."

He added that though the tools work, they can also produce false positives. Eyewitness testimony to fraud remains an important part of uncovering election tampering.

Mebane said having the tool be open source, and completely transparent, is critical for trustworthiness.

"There is no such thing as a secret method that has any credibility," he said.

In a similar vein, Microsoft is working to get a free, open source tool called ElectionGuard into voting machines. The tool enables voters and third-party organizations to verify election results and confirm that votes were counted correctly.

Microsoft has been working with election system manufacturers and vendors to integrate it into their infrastructure, but it won't be widely deployed for some time and certainly not by the November election. The first pilot was successfully used in an election in Fulton, Wis.

The company cited a need due to evidence that digital election infrastructure is an attack target.

The tool augments risk-limiting audits by providing a more comprehensive -- and public -- audit for end-to-end verifiability, according to Microsoft. It is free, and as an open source tool, anyone can use it.

Through the system, each vote is encrypted and given a unique identifier. Voters receive tracking codes to later use to check that their vote is unchanged.

What we get [as part of election forensics] is actual counts of votes by precinct and counts of registered voters, or down to the level of votes per voting machines or images from ballot machines.
Walter MebaneProfessor of political science and statistics, University of Michigan

ElectionGuard uses homomorphic encryption to secure votes. The tracking code does not provide info about the actual vote, only that a vote wasn't changed, according to the company.

Paper ballots can be scanned and voting machines used as they are now, and voters will see a unique tracking code after they have voted," Microsoft said in its blog.

"Spot checks and administrative audits can be carried out by the members of the existing canvassing boards who currently decide on whether ballots are eligible or spoiled, with built-in safeguards to make sure no individual can either disrupt or influence the verification process," according to the blog post.

Anyone with the right programming, or even citizen data science skills, can create an election verification tool.

DIY election verification

Rajat Gupta, a data scientist in Delhi, India, used Microsoft Excel and Benford's Law (also called Newcomb-Benford Law) to try to detect election anomalies.

Benford's Law states that for every set of numbers chosen in a particular category, the distribution of first digits of those numbers in the set will obey the principle that if the digits were spread uniformly they would each occur about 11.1% of the time.

"The only time they won't follow the law is when the data is fabricated," Gupta explained in an article he posted on the blog forum KDnuggets.

Benford's Law is used by income tax experts to detect accounting fraud and can also be used to detect pricing irregularities in commercial transactions, as well as other applications.

"If I can do this, anyone can," Gupta said in an interview.

Gupta used the DIY tool to look at general elections in India in 2019 and 2014 and state-level returns in the 2018 elections in the U.S. He said it was safe to determine that all three election rounds were fair.

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
Sustainability and ESG
Close