Hacker-Proof and Economical Elections
The Solution is in Your Hand
Honest, transparent, fair and open elections are under threat by outside forces that want to alter election results and undermined our democracy. This is not fake news, or a hoax. The evidence for this statement comes from a recently released report by US Senate Select committee on Intelligence. Their bipartisan report on Russian Active Measures, Campaigns and Interference, details attempts to influence the results of the 2016 presidential election. You can read the full, but heavily redacted report(1) here.
Prior to and during the US 2016 presidential election, Russian Intelligence agents and agencies targeted elections systems in all 50 states. This Intelligence was developed and presented to the Select Committee by Michael Daniel, former assistant to the President and Cyber security Coordinator, National Security Council, August 31, 2017.(1)
Russia is not the only risk to our elections. Voter registration and vote manipulation are becoming accepted cyber warfare targets-of-opportunity by many outside adversarial interest and in some instances, domestic actors.
Currently our elections are conducted on outdated, insecure technologies that are controlled by a few companies. When they were designed, most of them over 20 years ago, voter fraud was statistically insignificant. It remains that way today. The risk to valid, appropriately cast votes being changed, misdirected or deleted has grown exponentially in the last 20 years, but its not from voter fraud. It is now evident that nation states are attempting to manipulate the outcome of our elections to benefit candidates they believe advantage their own political agendas, goals and policies.
Voting Machine companies are attempting to protect their business interest by intensely lobbying congress and state governments to award voter machine contracts and protect them from outside competition. Security vulnerabilities of even the most current machines are being exposed by recent and ongoing attacks. On Monday, July 29, 2019, the state of Georgia authorized $150 million to purchase 30,000 new voting machines from Dominion Voting systems.(2) There is of course a bitter partisan debate over awarding this company the contract. The state of Georgia, or any state including the federal government could obtain a safe, secure voting experience for a small fraction of the cost of these proprietary voting machines.
The election breaches identified over the last four years underscore the critical need for improved election security. There is no doubt many threats and intrusions have been never publicly disclosed. We need to protect our voting systems against hacking from any person, group or government, regardless of their location, affiliation or motivation. This is now a national security issue that threatens the core of our democracy.
Described in the following document is a secure, transparent and economical process. The hardware required to accomplish these obvious and simple changes are either already owned by the voter or off-the-shelf and inexpensive. The proposal advocates this process be run by a new nonprofit. Federal and state oversight should be by bipartisan committees, not a State / Federal Elections Commission. The FECs current problems have been detailed in several articles describing the weaknesses and vulnerabilities produced when one political party controls who and when new commissioners get appointed. We can refer to this new nonprofit as “Your Vote Guaranteed.”
That does not mean that the financial and political interest this easy fix threatens will allow it to be implemented in time to safeguard our next presidential election in November 2020. To ensure that outcome we all need to demand changes like the secure voting system described below, now.
How Many US Citizens Actually Vote?
By November 2020 the population of the United States will be 334 million individuals.(3) More than 80 million of this total will be ineligible to vote because they will be under the age of 18.(4) That puts the total voting population that could register to vote in 2020 at approximately 254 million.
Far fewer individuals register to vote than are eligible to vote. Far fewer individuals actually vote than are registered to vote. In 2018 there were 153.07 million individuals registered to vote.(5) An estimated 113 million people participated in the 2018 midterm elections, making this the first midterm in history to exceed over 100 million votes, with 49 percent of eligible voters participating in the election.(6)
Smart Phones are the Solution
A new Pew Research Center analysis finds 66% of Americans own at least two digital devices — smartphone, desktop or laptop computer, or tablet — and 36% own all three.(7) Currently there are 272 million smart phones in the US,(8) and 190 million smart tablets including iPad and PC tablets.(9)
By comparing the number of voters participating in recent national elections and the number of smart devices, it becomes obvious that the vast majority of todays voters also own a smart, handheld device.
How Would this Process Work and Why Would it be More Secure?
1) A free smart phone application, the Secure Voting Application (SV App) would be developed and distributed by Your Vote Guaranteed. This application would be available for free to any individual in the US with a smart phone or tablet. This SV App could easily be loaded with any city, county, state or Federal digital ballots. You would open the app and fill out the ballot at your leisure once the ballots are released to be downloaded to the public.
2) Authorized changes to the ballot could easily be made anytime up until the polls open. Although the ballots would be loaded over the internet, no vote selections or any other information would be received or transmitted over the internet to or from the phone.
3) You would register to vote in the same manner that your state and local authorities have always required.
4) You would go to your designated voting locations just as you have always done in the past.
5) Once there, the voter volunteers would assist you in finding and confirming that you are both registered and in the correct voting location.
6) Once your registration is located you would be allowed to scan a QR code(10) next to your name, address and registration utilizing the SV App. Scanning that code would check to ensure that your device contained: 1) a valid ballot; 2) the most current version of the ballot; and finally; 3) your ballot would be activated on your smart phone or tablet.
7) The ability of the voter to open and activate that phone, either by facial recognition, fingerprint recognition or pin code, helps guarantee that the phone and the voter are owner and authorized user.
Here is the most important element of security. The phone must be within line-of-sight proximity of the QR code in order for it to activate the ballot. This cannot be done in any online or internet connected process. A form of two-factor authorization would be incorporated at this point to increase the security of the voter-ballot connection.
8) A comparison between the security code of the SV App and the corresponding security code embedded within the registration QR code would be accomplished by comparing the two during this scanning “hand shake.”
9) The voter would then swipe through the activated ballot one last time to confirm all choices are correct and press a “VOTE,” conformation button. This button would not be active unless the IP address, the GPS data and the location specific QR code all confirmed this individual was indeed physically in the correctly designated voting location. This would produce your final voting record, which would be retained on your phone within the SV App for all time.
10) The SV App would then generate its own QR code that would contain all the vote choices for each candidate and ballot measure. The QR code would also contain the security code of the SV App as well as location specific information at the time the vote was cast.
11) The QR code on this smart device would then be scanned by a host computer at this voting location. Again, the phone, the SV App and the host computer are not connected by any online or internet connection. The host computer would then print out a hard copy of the voters QR code and present it to the voter. This hard copy can always be re-scanned to confirm it is identical to the QR code generated by you SV App from your own phone.
12) The computers scanning the votes / QR App generated codes, at each voting location would also not be connected to the internet. The security on these computers would be produced by the software package designed to scan the QR codes and save that data to external drives. The “host,” computer could be any commonly available PC or Mac laptop or computer. The need for any type of specialized “Voting Machine,” is completely eliminated. This would be a software dependent process, not a hardware dependent system.
13) All votes would be locally stored from each voting location to three separate storage devices. The host computer that scans the QR codes and two separate external transportable hard drives. These drives will act both as air gap security, verification and back up.
14) At the close of polls, one hard drive would be connected to a dedicated computer/modem to transmit the data to each states vote counting headquarters. This “Transmission,” computer would not contain any voter registration information or software code to execute host programs. It would basically be a dumb terminal, capable of secure and encrypted data transfers. The modem connecting the sites with the voter counting center would be capable of transmitting data only one way (outgoing). It would be incapable of receiving any incoming data or instructions. It would be incapable of transmitting data to any other location except one specific pre-identified number belonging to the vote counting headquarters.
15) Keep in mind there are now 7 independent copies of each individual voting record. 1-The original ballot on the SV App. 2-The QR code generated by that app. 3-The hard copy printout of the QR Code. 4-The scanned version of the QR code by the host computer at the voter site. 5-The transmitted copy to the Voter Counting Center and 6 & 7- the archived copies on thumb or external hard drives. The thumb drives should be encrypted utilizing an advanced multi-phase, 24 bit cryptography key.
Within 48 hours of the closing of the polls one thumb drive would be delivered to the secure voter counting location and the data then compared to the data transmitted. Securely transporting these hard drive to the central vote counting location will normally only take a couple of hours.
The second thumb drive would be held under lock and key and would not be released without a court order.
Anyone showing up at a polling place that does not own or possess a smart phone or tablet can utilize a device provided by the polling place. New tablets can be purchased for less than $300. This individual would not leave with an electronic copy of their votes, but would receive a printed hard copy of their own individually generated QR code.
This fairly detailed description of the voting process including all security protocols makes the voting process sound difficult. It would actually be simpler and friendlier than the process it would replace.
1) Download the SV App and make your VOTE SELECTIONS, in the comfort of your own home.
No difficulty reading the materials. Time to Discuss your votes with trusted family and friends. Research any information or facts about candidates, issues or ballot measures you wish. No time constraints, pressure or lines. Record you votes as you work through each ballot measure.
2) Go to your polling place and scan a QR code with your SV App.
3) Confirm your votes and have the QR code generated by your own vote selections scanned by the volunteers at your voting location.
4) Go home with a complete copy of both your ballot and your QR code!
Security is the Primary Concern
Any internet connected digital data stream produces multiple opportunities to gain access and alter the data within the stream, i.e., hack it. The easiest way to eliminate or at least minimize those opportunities is to remove the online component of the process. It is important to include the voter registration databases and records in this exclusion. By incorporating the physical scanning of the QR codes we effectively air-gap(11) the process. By generating a redundant, confirming data process, we have both instantaneous election results and secure conformation of the integrity of these results within 48 hours. In reality this conformation process should only take a couple of hours. In the worst-case scenario, if all these redundant systems failed, everyone would need to have their SV App or hardcopy QR codes scanned again. Not convenient, but an important stopgap guarantee that our elections can be verified at any time, for any reason, by any authorized third party after any election.
Not familiar with QR codes. This is what they look like, and they can contain any information or data you might want to encode within them. Want to see what one would look like with your own personal information contained within it go here.(12) Many specialized types of QR codes have been developed and iQR would facilitate the type of data transmission this process describes.
I am a retired biotech consultant and computer programmer. I have developed iPhone applications with a team of programmers. I am not a security expert. There are no doubt improvements that can be made to the process described here. It is my hope that individuals with in-depth knowledge of voting systems and internet security systems can improve and move this suggestion forward.
This process removes any and all voting machine manufacturer as well as any possibility that undue influence could be introduced into the process by any company that could alter the impartiality of the devices collecting our votes. A quick internet search on problems with voting machine controversies will provide you with the dark history of this industry. Here is just one example: “DIEBOLD UNLOADS BELEAGUERED VOTING MACHINE DIVISION.”
If you don’t find the content of this article relevant or important then I would again suggest you read the most recent United States Senate, Select Committee on Intelligence report on Russian Active Measures, Campaigns and Interference in the 2016 US Election.
References:
(1) Report on Russian Active Measures, Campaigns and Interference in the 2016 US Election
(2) Georgia awards contract for new voting machines
https://thehill.com/policy/cybersecurity/455211-georgia-awards-contract-for-new-voting-machines
(3) Total US Population at time of 2020 Presidential Election: 334.5 million.
https://www.statista.com/statistics/183481/united-states-population-projection/
(4) Total US Population below the age of 18: 80,305,545.
https://en.wikipedia.org/wiki/Demography_of_the_United_States
(5) Number of Registered Voters for the 2018 Midterm Elections
https://www.statista.com/statistics/273743/number-of-registered-voters-in-the-united-states/
(6) Record Voter Turnout for 2018 Midterm Elections
https://www.cbsnews.com/news/record-voter-turnout-in-2018-midterm-elections/
(7) Smartphone, computer or tablet? 36% of Americans own all three
https://www.pewresearch.org/fact-tank/2015/11/25/device-ownership/
(8) Smart Phones utilized in US at time of 2020 Presidential Election: 272.6 million.
https://www.statista.com/statistics/201182/forecast-of-smartphone-users-in-the-us/
(9) 350 Million iPads have been sold in the US.
https://www.statista.com/statistics/269915/global-apple-ipad-sales-since-q3-2010/
(10) Tablets in the U.S. — Statistics & Facts
https://www.statista.com/topics/2927/tablets-in-the-us/
(11) Hacker Lexicon: What is an Air Gap?
https://www.wired.com/2014/12/hacker-lexicon-air-gap/
(12) Quick Response Code or QR code
https://en.wikipedia.org/wiki/QR_code
QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed in 1994 for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. In practice, QR codes often contain data for a locator, identifier, or tracker that points to a website or application. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to store data efficiently; extensions may also be used.[1]
The Quick Response system became popular outside the automotive industry due to its fast readability and greater storage capacity compared to standard UPC barcodes. Applications include product tracking, item identification, time tracking, document management, and general marketing.[2]
A QR code consists of black squares arranged in a square grid on a white background, which can be read by an imaging device such as a camera, and processed using Reed–Solomon error correction until the image can be appropriately interpreted. The required data is then extracted from patterns that are present in both horizontal and vertical components of the image.[2] Source: https://en.wikipedia.org/wiki/QR_code
Free Google Text converter to QR code: https://www.the-qrcode-generator.com
