Americas, Content, Vertical markets

U.S. 2020 Election Security: Auditing Tool Coming Soon

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said it is working with a non-partisan, non-profit group to customize an open source, post-election auditing tool to verify votes in the upcoming 2020 elections.

The tool is known as Arlo. VotingWorks, an organization focused on developing secure election technology, is CISA’s partner. Arlo is used to conduct risk-limited audits (RLA), which VotingWorks calls the “best safeguard we have against hacked or otherwise faulty voting systems.” In an RLA, Arlo determines how many ballots to count, selects which ballots to inspect and compares audited votes to tabulated votes. Election officials in Pennsylvania, Michigan, Virginia, Ohio and Georgia are currently piloting the software and others are expected to join. Colorado became the first state to implement RLAs when in 2017 it audited one race in each of 50 of its 64 counties.

“Heading into 2020, we’re exploring all possible ways that we can support state and local election officials while also ensuring that Americans across the country can confidently cast their votes,” said CISA Director Christopher Krebs. “At a time when we know foreign actors are attempting to interfere and cast doubt on our democratic processes, it’s incredibly important elections are secure, resilient, and transparent.”

U.S. Election Security: Arlo Auditing Tool Details

Arlo is provided free of charge to state and local election officials and private organizations. VotingWorks also sells a hosted, cloud-based version of Arlo to states and local jurisdictions. Annual fees are based on the number of registered voters, ranging from $17,500 to $45,000 for up to 10 million people and more for a higher number of voters.

“We’re very excited to partner with CISA to develop Arlo, a critical tool supporting the implementation of more efficient and effective post-election audits,” said Ben Adida, VotingWorks executive director. “Because Arlo is open-source, anyone can take it and use it and anyone can verify that it implements audits correctly,”

Calls for more effective election ballot auditing from Congress and outside security organizations have grown louder. Last July, the House of Representatives passed the Securing America’s Federal Elections Act (SAFE) mandating the use of individual, durable, voter-verified paper ballots and post-election audits. The measure has yet to gain a floor vote in the Senate.

U.S. Election Security: White Hat Hackers Expose Risks

Recently, a group of white-hat security experts participating in the Def Con Voting Village event operating on orders to expose voting system weaknesses that could be exploited by those trying to muddy U.S. elections demonstrated that machines used in more than half of U.S. states in 2018 were vulnerable to hacking.

“Right now and for the foreseeable future there are no computerized voting devices that effectively resist known, practical forms of malicious tampering, the ethical hackers said in a subsequent report. However, “certain classes of voting equipment can still be used to conduct high-integrity elections, in spite of their vulnerabilities, by conducting statistically rigorous post-election audits.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.