In 2006, machine engineer Michal Pospieszalski uncovered harmful flaws in U.S. balloting machines—flaws he says mute threaten American elections at the present time.
Employed by the Election Science Institute, the set aside he served as Chief Skills Officer, Pospieszalski turn into as soon as flown to the headquarters of election vendor Election Systems & Instrument (ES&S) in Omaha, Nebraska. His project turn into as soon as to review the firm’s iVotronic balloting machine.
For over per week, Pospieszalski uncovered a mountainous assortment of points, including “unhealthy code practices, backdoors, static passwords,” and most importantly, what he described as a total lack of “live-to-live cryptographic proofs.”
“The supreme element that wasn’t there turn into as soon as live-to-live cryptographic proofs,” Pospieszalski suggested Decrypt in an interview. “Which implies there’s no procedure the machine, even with ideally suited exterior safety, would possibly perhaps know if a pollis legitimate, or if it’s been counted twice, three times, 10 times, or 1,000 times.”
What’s missing from at the present time’s balloting machines
The CEO of blockchain safety and identification machine firm MatterFi, Pospieszalski, mentioned that vulnerability isn’t hypothetical; it’s easily exploitable by anyone with entry to balloting machines and voter registration programs.
“You might possibly appropriate scoot the same pollvia 10 times—and that’s mute stunning at the present time—and it’ll appropriate count as 10 votes,” he explained. “And the scanner doesn’t know any higher, and neither does the tabulator. The tabulator within the central precinct is like, ‘Oh, it turn into as soon as 10 votes.’”
Pospieszalski mentioned the separation of polland voter file programs in general makes reconciliation no longer doable without relating to customary paper records.
“There’s no nameless serialization of each pollthat would possibly possibly allow the machine to take dangle of that every serialized pollhas to be counted finest as soon as,” he mentioned.
The solution, in accordance to Pospieszalski, entails machine—no longer hardware—and builds on cryptographic solutions first developed within the Eighties by David Chaum, a cryptographer who pioneered digital money and launched blind signatures, allowing transactions to be verified without revealing their contents.
Chaum later based DigiCash, an early digital forex, and proposed cryptographic balloting programs that withhold anonymity while enabling public verification. His work laid key foundations for both catch e-balloting and trendy cryptocurrencies like Bitcoin.
“What you’d like is the machine at the live—the central count tabulator or election administration machine—will get a vote definition, and likewise you accept a Chaumian-blinded serialization on every ballot,” Pospieszalski mentioned. “So, like in LA County, that output pollthat’s printed has a serial amount. That serial amount doesn’t name the voter, but it absolutely tells the tabulator within the central precinct, ‘Howdy, right here is a diversified ballot.’”
“If I stare two of them, then somebody cheated,” he added. “In particular if I stare 50 of them.”
In Pospieszalski’s proposed mannequin, there would possibly perhaps be three counts: the paper ballots, the faded digital tally, and a third cryptographic count.
“The procedure you stare dishonest is the digital count says there are 100 votes, and the cryptographic count says there should always mute finest be 90,” Pospieszalski mentioned. “Now you know somebody injected 10 votes.”
Lessons from Antrim County
In 2020, Pospieszalski turn into as soon as hired to conduct forensic diagnosis in Antrim County, Michigan, after a immediate vote-counting error precipitated standard speculation.
“There turn into as soon as a vote flip in Antrim County by, like, roughly 2,000 votes, the set aside, like, one day it turn into as soon as 2,000 for Biden, and day after nowadays it turn into as soon as 2,000 for Trump,” he recalled. “What genuinely came about is the polldefinition turn into as soon as misconfigured in advise that the machine thought that the votes for Trump had been for Biden.”
He mentioned that as soon as the ballots had been rescanned with the corrected definition file, “All the pieces went abet to customary.”
Pospieszalski emphasized that while the error turn into as soon as technical, the optics of the predicament fed public suspicion.
“There wasn’t a huge, hostile assault. But as a voter being riled up by the media—seriously merely-wing media—folks are going to need answers,” he mentioned, including that such confusion is strictly what live-to-live, off-chain cryptographic proofs are designed to entire.
But while he stumbled on no proof of remote hacking or machine backdoors, Pospieszalski did mumble he encountered signs of imaginable pollinjection one day of his diagnosis.
“If you happen to accept a pollwith 42 selections, and within the diagnosis you stare 100 ballots with all 42 crammed out the steady same procedure, you’re like: Um, doubtlessly no longer trusty,” he mentioned. “That’s the stuff I stumbled on some proof of in Antrim County.”
Requested why cryptographic pollserialization hasn’t been applied, Pospieszalski pointed to entrenched programs and company reluctance to model modifications, including that proposals for catch balloting in general didn’t construct traction ensuing from they had been too complex.
“They’re suggesting all sorts of genuinely, genuinely subtle-to-spend schemes… stuff that folk are appropriate like, in case you’re a balloting machine manufacturer, this isn’t going to model any sense,” he mentioned.
Several applied sciences unbiased to enhance election safety and belief. In April, Current York Assemblyman Clyde Vanel launched a invoice that would possibly possibly spend blockchain technology to catch voter records and election results. Whereas blockchain has been promoted as an answer for catch balloting, Pospieszalski argued that the core challenge doesn’t require that level of complexity.
“All you’re attempting to attain is resolve a straightforward arena: catch an correct count of legitimate votes,” he mentioned. “Extra complexity is needless. Fairly just a few folks push blockchain ensuing from it’s in fashion, but you manufacture no longer genuinely prefer it.”
By difference, Pospieszalski says his solution works with present machines.
“I’m appropriate asserting: Sight, model it a machine upgrade to the current machine and work with Dominion, work with ES&S, and likewise you will also appropriate flip it on or off,” he mentioned.
Requested how adoption would possibly happen, Pospieszalski suggested legislation or mandates from jurisdictions that oversee elections.
“Vote casting manufacturers and their customers—counties—need mountainous precincts to push for alternate,” he explained. “If a law mentioned that by 2028 or 2032, balloting programs must embrace live-to-live crypto proofs, we’d be in industry.”
The advantage, in accordance to him, would possibly perhaps be clarity in future elections, seriously in heated contests the set aside belief is fragile.
