Naked Security - Sophos
The US election might be different in 2020 thanks to a project by DARPA (Defense Advanced Research Projects Agency), the US Department of Defense research division, aiming at bullet-proofing voting machines by moving away from proprietary software that can’t be properly evaluated for bugs, writes Motherboard.
$10 million is invested in creating an unhackable, fully open source voting system with a touch screen that will allow voters to ensure their votes are accurately recorded. In partnership with Galois, a company from Oregon that has long been developing projects for the US government, DARPA is developing an open source voting system by “making hardware part of the solution to security,” explained Linton Salmon, program manager in DARPA’s Microsystems Technology Office.
“Our goal is to make this so that the hardware is blocked against all of these various types of attack from the external world. If this is successful, and if the software put on top is equally successful, then it means people can’t hack in and … alter votes. It would also mean that the person who votes would get some verification that they did vote and all of that would be done in a manner that hackers couldn’t change,” Salmon said.
Because it’s open source and the software will be made available online, the technology will be transparent and verifiable by developers. Pen-testing sessions on prototypes will take place at Def Con Voting Village to gain more visibility, but, according to Salmon, universities will probably provide more technical feedback over the next year.
“We will not have a voting system that we can deploy. That’s not what we do,” said Salmon. “We will show a methodology that could be used by others to build a voting system that is completely secure.”
This sounds like a good development:
...a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.
The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don't have to blindly trust that the machines and election officials delivered correct results.
But DARPA and Galois won't be asking people to blindly trust that their voting systems are secure -- as voting machine vendors currently do. Instead they'll be publishing source code for the software online and bring prototypes of the systems to the Def Con Voting Village this summer and next, so that hackers and researchers will be able to freely examine the systems themselves and conduct penetration tests to gauge their security. They'll also be working with a number of university teams over the next year to have them examine the systems in formal test environments.