The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation
Following alleged Russian interference in the 2016 U.S. elections, voting-machine vendors face increasing public pressure for more open innovation of its products to enhance security.
Alleged Russian interference in the 2016 U.S. elections challenged the integrity of election systems. In the aftermath, vendors of voting machine systems faced unprecedented public scrutiny. This relatively small industry, with estimated $300 million in annual sales, suddenly needed to respond to public demand for more secure products.[i] One large voting-machine vendor, Election Systems & Software (ES&S), faced public pressure for open innovation of its products. Yet ES&S has resisted true open innovation, instead selectively expanding its partnerships to manage security risks. ES&S’s more “controlled open innovation” approach reflects the constraints that private companies face when working with the government on national critical infrastructure.
Public demand for ES&S to provide more transparency has resulted in unsanctioned open innovation of voting machines. In 2017, the world’s largest hacker convention Defcon added a new event “Voting Village” that gave hackers access to voting systems, including ES&S machines.[ii] Event organizers acquired these machines through third-party re-sellers without ES&S approval.[iii] Voting Village organizers believe this collaborative environment will help companies like ES&S gain important insights into security vulnerabilities. As one organizer explained, “This is about education, this is about letting more people have facts and experience.”[iv]
ES&S is understandably wary of this open innovation. Voting Village opens ES&S existing products to greater security risk, as potential cyber attackers could use the event to plan future attacks on voting machines. More importantly, the event is bad for ES&S business in the short-term by reducing customer confidence in the security of its products. Prior to this year’s event, ES&S informed its customers that the company did not approve of Voting Village.[v] ES&S’s primary customers, state governments, share these security concerns. The National Association of Secretaries of State (NASS) recently released a statement criticizing Voting Village.[vi]
Despite its reluctance, ES&S is addressing open innovation. In the short term, the voting-machine vendor has taken a “learning from a distance” approach. Two ES&S employees attended the 2018 Voting Village in early August to “learn about any ideas for enhancements to voting security.”[vii] Several weeks later, ES&S announced the installation of new advanced threat monitoring systems and a new partnership with DHS to audit ES&S products.[viii] These new security efforts suggest the general presence of open innovation has influenced ES&S product development.
In the medium term, ES&S appears to be moving towards a “controlled open innovation” approach to product development. ES&S recently announced new partnerships with several federal government agencies and non-profit organizations, including the FBI and DHS. As ES&S President and CEO Tom Burt explains, “This multi-layer, comprehensive approach enables ES&S, together with state and local election officials and the federal government, to bring a new level of protection to U.S. elections.”[ix] The voting-machine vendor therefore appears to be controlling its open innovation with a select group of organizations.
Given the annual Voting Village event will likely continue in future years, ES&S should try to collaborate with event organizers in exchange for greater event security. This collaboration would require buy-in from NASS as well to gain state government approval. As the executive director of NASS noted at the 2018 Voting Village event, “Anybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time.”[x] Rather than criticize the current Voting Village event, ES&S and NASS should try to control this open innovation by increasing event security and simulating more realistic election threat scenarios.
ES&S also could be doing more to selectively partner with organizations that offer additional talent and resources to better innovate and secure election systems infrastructure. Proactive partnerships with for-profit cybersecurity companies like Crowdstrike could provide ES&S with endpoint security and threat intelligence from cyber experts. Collaborative “war game” exercises with state election officials could help ES&S simulate potential cyber threats to improve cyber response plans for Election Day.[xi] The voting-machine vendor should further expand its controlled open innovation to additional organizations.
The general belief that “more open innovation is better” does not apply to companies like ES&S. Events like Voting Village could expose voting machines to more sophisticated cyberattacks by malicious actors. Even if ES&S wanted to embrace fully open innovation, the company could face regulatory restrictions from state and federal government. ES&S therefore appears to be taking important steps towards open innovation within the constraints of its public-private partnerships.
ES&S offers an example of the role open innovation should play in industries working directly with the government on national critical infrastructure. Given limited demand for new innovative products, the voting-machine industry has minimal sales growth, and thus funding, to devote to new product development. Yet where many private companies would turn to open innovation under these circumstances, ES&S cannot given the national security risk.
(780 words)
Sources
[i] Kim Zetter, “The Crisis of Election Security,” The New York Times, September 26, 2018, sec. Magazine, https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html.
[ii] Lily Hay Newman, “To Fix Voting Machines, Hackers Tear Them Apart,” Wired, August 1, 2017, https://www.wired.com/story/voting-machine-hacks-defcon/.
[iii] Kim Zetter, “In Advance of the @VotingVillageDC Tomorrow, ES&S Sent a Message to Customers Today with Their Comments about the Hacking Village and the Security of Their Machines. I’ve Pasted Their Memo below, with Some Annotation from Me.Pic.Twitter.Com/6eQUYuuGJA,” Tweet, @KimZetter (blog), August 9, 2018, https://twitter.com/KimZetter/status/1027725965282050048.
[iv] Newman, “To Fix Voting Machines, Hackers Tear Them Apart.”
[v] Robert McMillan and Dustin Volz, “Tensions Flare as Hackers Root Out Flaws in Voting Machines,” Wall Street Journal, August 12, 2018, sec. Tech, https://www.wsj.com/articles/tensions-flare-as-hackers-root-out-flaws-in-voting-machines-1534078801.
[vi] “Analysis | The Cybersecurity 202: State Officials Bristle as Researchers — and Kids — at Def Con Simulate Election Hacks,” Washington Post, accessed November 12, 2018, https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/08/13/the-cybersecurity-202-state-officials-bristle-as-researchers-and-kids-at-def-con-simulate-election-hacks/5b704ff11b326b02079560ae/.
[vii] McMillan and Volz, “Tensions Flare as Hackers Root Out Flaws in Voting Machines.”
[viii] “ES&S Establishes Top-Level Partnerships and Albert Installation to Further Security | Election Systems & Software,” accessed November 12, 2018, https://www.essvote.com/blog/127/.
[ix] “ES&S Bolsters Security for 2018 Mid-Term Elections | Election Systems & Software,” accessed November 12, 2018, https://www.essvote.com/blog/135/.
[x] McMillan and Volz, “Tensions Flare as Hackers Root Out Flaws in Voting Machines.”
[xi] Benjamin Wofford, “The Hacking Threat to the Midterms Is Huge. And Technology Won’t Protect Us.,” Vox, October 25, 2018, https://www.vox.com/2018/10/25/18001684/2018-midterms-hacked-russia-election-security-voting.
Prepare for comments about blockchain! This is a really interesting (and well written!) piece on voting machines. Open innovation traditionally relies on a public dataset or public collaboration on a product, and I am inspired by your summary of the field to think that this is an opportunity for both. As ES&S gradually accepts the inevitability of hacking attacks, their role becomes less ‘product manufacturer’ and more one of providing a trusted system – I could foresee a world 10 years from now where they have given up on making their margins on selling hardware, and instead have spend deep and meaningful time with a community of committed hackers building a robust and well-modeled software tool that focuses on issues of voter accessibility just as much as it does on cryptography. In my view, playing with the hardware is just the beginning – hopefully, this will open the door to talking about how America’s electoral system is structured, how to generate trust, and how to provide a reliable and accessible mechanism for civic engagement.
Do you think ES&S provides a good model for companies that fulfill government contracts for national critical infrastructure?
I don’t think they are doing enough to fix vulnerabilities within their existing equipment. The information about their products’ flaws is already on the market. By ignoring opportunities to upgrade based on exploits that already exist, they are doing a disservice to the American public. For future technologies, I think their hybrid approach to innovation would be appropriate.
ES&S’s refusal to engage in more aggressive product improvement at a time when multiple stakeholders demand creates significant questions around their ability to compete in the market for voting technology in the long run. With such attention fixed on the question of election security following the 2016 presidential election, many are endeavoring to “build a better mousetrap.” As this post appropriately notes, the stringent security requirements for voting technology will slow the adoption of any new technologies. But unless ES&S (1) is covertly working on significant improvements to its technology covertly or (2) plans to change course on its willingness to collaborate with voting technology innovators, it is risking its own long-term viability.
Appreciate the perspective, and completely agree that given the upside-downside asymmetry, malicious agents have an inherent advantage in the battle for voting security. While new tech brings its own vulnerabilities, perhaps machine learning can better combat the threat than open innovation… to your point, Voting Village is an open-book that exposes ES&S to more sophisticated attacks and breaches, while ML has the potential to anticipate and preemptively neutralize maneuvers that humans haven’t even yet thought of (see: AlphaGo). Is this instead a problem that should be outsourced to cyber-attack specialists and artificial intelligence experts as opposed to a hardware manufacturer?
Thanks for sharing! I completely agree that open innovation is not necessarily good for ES&S in this case. However, I do think that the growing conversation around election integrity will back them into a corner on this issue in the near-term. We simply cannot afford to be behind the curve on voting security. To that end, I think machine learning could offer interesting solutions from a data security perspective. I would hope that an company as important as ES&S will not have to sacrifice innovation for control in the long-term.
Very interesting (and relevant) read! Although I see the concern about open innovation not necessarily being a good thing in the case of ES&S, the fact of the matter is that the machines are already available via third-party sources. As the executive director of NASS noted, “anybody can break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time.” I may be being pessimistic, but if people are not trying to break into the voting machines in Voter Village, they will be doing so in the privacy of their own homes as a challenge. I think that ES&S should capitalize on this opportunity to learn about the shortcomings of their product and innovate.innovate.innovate.
Thanks for the article – this phenomenon has changed the lives of everyone who lives in this country for at least 4 years.
However, I disagree that open innovation does not apply to ES&S. History shows that the more “proprietary” a system is – the more it is open for hacking & manipulation. Most ATMs in the world, for example, still run Windows XP – an operating system has stopped receiving security updates in 2014: https://hackernoon.com/do-atms-running-windows-xp-pose-a-security-risk-you-can-bank-on-it-1b7817902d61. IoT is another example of a platform that is widely hackable – there’s a funny IoT dishwasher example: https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit.
When a vendor opposes penetration testing of its system, everyone should be concerned. The best (and cost-effective way) to find vulnerabilities is to welcome hackers. This is what all the big tech companies are doing today with their bug bounty programs, and what ES&S should do. You make a compelling case for open innovation in security, and I think that applies to everyone.
Thanks for writing this informative and interesting article. Your ending question here about if voting machines should be developed by for-profit companies is a compelling one, particularly given the mid-term elections last week. I wonder if we will see increased calls for voting infrastructure to be developed exclusively by the federal government to try and limit access to the technology by outsiders. Given the ongoing recount in Florida, I wonder if there will be any increased calls for changing voting machines back to the old analog model. How does this intersect with the desire to increase access to voting, decrease waiting times, and improve reliability of voting counts. In my opinion this is a challenging area where technology can enhance voting access but potentially put reliability at risk.
Matt, this is super interesting, thank you for sharing! I think there are still benefits to open innovation, but for a slightly different purpose. For example, the Pentagon hosts Hack the Pentagon open events that are hosted in a controlled environment to identify potential loop holes and risks in the critical infrastructure. While you must be able to control the public perception when risks are identified (ie you don’t want to lose voter confidence in the system when loops are discovered) this can still provide serious benefit in a controlled setting.