Are Open Source Elections More Secure? (Part 1)

The 2024 elections are coming, and jurisdictions want to make sure their election administration and voting technique know-how stays ahead of the most current cyber threats and mis- and disinformation. But they also need to have to make sure people have effortless, accessible voting experiences. Some researchers and election officials believe open resource instruments are the alternative.

Federal safety officials identified that the final election was protected, but cyber threats keep on to evolve and election doubters have seized on even uncomplicated tools glitches and operational hiccups — like a printer mishap — to problem benefits.

Open up resource application projects publish their source code under licenses that permit anybody to assessment and use it. Typically, volunteers build and suggest code modifications, like bug fixes and new characteristics, to be regarded as for incorporation into the program.

This transparency into the code could dispel rumors, by exhibiting doubters just how the procedures operate, in accordance to Greg Miller, co-founder and chief running officer of OSET Institute, an open up source election know-how investigation and progress nonprofit.

“Generally, in an open up resource job, much more persons have entry to watch the code, which can direct to the discovery of vulnerabilities in the code faster,” San Francisco stated in a 2018 evaluation on the feasibility of the town creating its personal open source voting technique.

But destructive actors can check out the code just like anyone else, and these assignments ought to be ready.

Based on how the open up source projects control bug reporting, sick-intentioned parties may perhaps be capable to discover about difficulties right before mitigations are totally applied, wrote DARPA Details Innovation Business method supervisor Dr. Sergey Bratus. Malicious actors also could request to infiltrate the group close to the jobs or sabotage the code.

Scientists, nonprofits, quite a few counties and other folks have explored open up source election options about the previous many years. They’ve viewed this as a way to introduce new concepts and capabilities not currently obtainable from commercial methods, increase transparency and possibly decrease governments’ expenses.

Uptake has been limited, however. For case in point, Travis County, Texas, concluded structure of its STAR-Vote job in 2017 but was not able to get a seller to deliver it. Primary III — a university professor-formulated available voting method launched as open resource in 2015 — is currently only applied in a single county, despite effective performances in numerous jurisdictions.

Proprietary application nonetheless dominates the market, even though some open resource tasks keep on to push ahead.

As they do, they’ll need to deal with queries more than the greatest strategy to safely launching and preserving the assignments and whether this sort of choices can gain traction.

Portion a person of this two-aspect collection looks at the security worries and procedures at enjoy in open up resource election jobs, when component two examines what it may well choose for government and sellers to undertake the choices.

THE Protection Debate

Is open up source much more — or much less — protected?

That is a dilemma the U.S. navy investigation branch, DARPA, is at this time trying to solution.

Its SocialCyber software aims to study threats to open up supply jobs, which may be cyber or social in nature. Bad actors could possibly attempt to insert back doors into the computer software, use affect campaigns to manipulate the communities that retain the tasks or even consider about leadership of those communities, for each MIT Review. And open up resource projects that depend on only a handful of contributors could theoretically collapse if just one or two fall out.

“The DoD’s [Department of Defense’s] use of OSS [open source software] will save price, will increase maintainability and appeals to developer expertise, but also creates an unparalleled assault floor, in which lots of trusted program areas and paths are uncovered to hostile manipulation,” wrote DARPA’s Bratus.

Distinct governance structures control unique open supply communities, and selecting the suitable one can tamp down on threats of contributor defection or would-be saboteurs.

Lots of open source election application projects look to prevent relying totally on the strength and curiosity of volunteers and emphasize cautiously vetting their work.

The Metropolis and County of San Francisco

San Francisco has been exploring replacing its digital voting devices with an open up source answer. Its 2018 feasibility evaluation weighs a variety of methods and indicates the metropolis and hired contractors establish the original code. The city would only afterwards glimpse to the open up source group for new characteristic contributions, just after a “workable offering will get off the ground” and after the metropolis has fostered a community around the project that has “been tested to be engaged and trusted.”

The city could associate with an current open source voting group and must hire an open up resource system manager to “focus on evangelism to develop the local community, communication with the group and neighborhood structure and functions,” the evaluation proposed. A independent qualified could target on considering and incorporating group contributions and making documentation.

OSET Institute

OSET, much too, has paid gurus overseeing its jobs, to hold them on monitor and maintained. The corporation also follows a danger management framework centered on NIST criteria for vetting equally contributed code and code getting publicly released.

And its operate is not solely in the community eye: about a third of the institute’s get the job done is publicly available on GitHub, in which any one can post contributions for thing to consider. The rest of the work, even so, will take spot in a personal, “far much more controlled” developer setting, Miller told Governing administration Technology.

Would-be contributors will have to go a vetting procedure that contains an FBI qualifications check out prior to they can get involved in any of the projects that could be made use of for election administration. Instruments for pursuits like checking one’s voting registration status, meanwhile, have to have considerably less clearance.

That substantial barrier to entry is strange for the open up supply local community, but important if govt is to have faith in the choices, Miller explained. The organization has encountered threats in the past.

“On extra than a person situation, we have had a developer who was building terrific contributions to the code base transform out to be someone that the FBI knowledgeable us was not an individual that we should really be doing work with,” he said. In just one situation, a participant was found to be “shuttling information overseas.” In an additional, the FBI identified that a paid out engineer had misrepresented their place and was accepting payments in a sanctioned region.

“I was brought in to the FBI. And I was shown who the person really is,” Miller reported. “It was jolting.”

Los Angeles County

Los Angeles County designed its voting program employing open up source codebases and is trying to find approval to release the method as open up supply, County Registrar Dean Logan explained to GovTech.

Should Los Angeles County publish its code, it intends to continue to keep tabs on who engages. Those in search of to see or propose alterations to the code would need to have to submit a “simple on the web application” sort listing facts like the particular person or entity’s name and rationale for accessing the code, for every the most new “Preliminary Conditional Implementation Strategy.” A team would assessment the requests, validate the person and make a report of their application info.

A different protective evaluate towards malicious actors: California’s protection and certification framework for voting programs “require[s] us, prior to any election, to escrow our code and also to certify a hash edition of the software that we are applying in the election with the Secretary of Point out, so they can match it against the code that is in escrow.” Logan mentioned. “There is documentation and transparency to exhibit that there hasn’t been just about anything malicious introduced into the code since it was accredited and analyzed. And that, while persons could have entry to check out the codebase alone, they don’t have obtain to get in and make modifications to the code — at least not to the edition of the code that’s currently being employed in the active elections.”


DARPA’s Bratus warned that projects’ polices all-around how bugs are claimed could present more hazards.

“For OSS projects that take the stance of not publicly distinguishing between exploitable bugs and functional bugs, adversaries may possibly glean significant details before mitigations are concluded, and interfere with the mitigations,” Bratus wrote.

Microsoft-sponsored open up resource computer software growth kit (SDK) ElectionGuard addresses this sort of concerns. The venture web site asks the neighborhood to report only “performance or element bugs” in general public GitHub feedback and to abide by individual limitations for reporting found stability vulnerabilities.


Election denialism flourishes when the community does not know what is going on, reported OSET’s Miller. Open source provides transparency to counter these fears.

“The goal of the voting program is not to influence the winner that they have gained. The goal of a voting program is to persuade the loser and their supporters that they have misplaced fair and square,” Miller explained. Switching from proprietary program to open source is trading “a black box” for “a glass box.”

“As extensive as you have opacity or obsolescence, you give gasoline — you give oxygen — to the deniers to make the argument that the process can’t be trusted,” Miller explained.

But open up supply tasks should however be completely ready in case rumors pop up. For case in point, they should be prepared to communicate in scenario a bug discovery will get blown out of proportion, explained L.A. County’s Logan.

Lousy actors may perhaps attempt to “create a perception of vulnerability, or a notion of a stability threat, that might or may not exist,” Logan mentioned. “But once anyone places that out there, it puts us in a defensive stance, which could generate troubles of public have faith in and self esteem in the voting method.”

Dana DeBeauvoir is a member of OSET Institute’s board of directors and formerly led the creation of STAR-Vote in her previous purpose as Travis County Clerk.

Politicians and the common public at periods cast doubt even on third-social gathering audits of election systems. But producing a program both open source and auditable can alter that dynamic by putting so lots of eyes on the process that its results are harder to dispute, DeBeauvoir stated.

“If it was not your auditor, your good friend, doing the audit, then nobody thought you,” DeBeauvoir explained. But with open up supply, “if 1,000 eyes are all observing the very same point, then it really is a minor tough to say that there is certainly a thing mistaken with it, or that it is really hiding some Trojan issue or that it is inadequate, or incompetent in some way … a realistic individual could not concern it.”

INNOVATING Stability Capabilities

Miller thinks nonprofit open resource jobs like his OSET Institute are properly-positioned to introduce new methods that reflect up-to-date thinking on cybersecurity and bodily protection.

For instance, his business is planning to pilot a voting registration databases stability program. The method tracks variations to voter rolls in a distributed ledger, to give an immutable file that can be checked from claims of complications, these kinds of as duplicate votes and votes by useless folks.

Miller stated open up supply teams have bigger flexibility to devote in checking out new election administration tips than do professional distributors, since the latter are too constrained by the will need to speedily reveal returns on investment and meet up with other professional pressures.

“Innovation thrives unbridled, in the absence of restrictive professional mandates,” Miller reported.

Even now, economic fears are inescapable, in particular for open resource tasks that avoid full reliance on volunteers. OSET Institute, for case in point, wants to raise hundreds of thousands of dollars to enable finishing and certifying its in-the-is effective open up supply application framework in time for the 2026 elections, Miller explained.

And coming up with a secure presenting is only one piece of the puzzle. Acquiring it employed is a total other query.

Jurisdictions require to be ready to download and use the open source offerings or suppliers have to have to take up the open resource code and offer it to jurisdictions in a ready-to-go way.

Dr. Juan Gilbert is chair of the College of Florida’s Personal computer and Details Science and Engineering Office and very first produced Primary III in 2003, ahead of releasing it as open supply in 2015.

But Gilbert explained that the protection discussion all over open resource is “irrelevant. You don’t even get to that conversation,” he told GovTech.

In his expertise, even if the computer software will work perfectly, distributors have not been eager to embrace it and, much too typically, other variables have discouraged jurisdictions straight applying the open resource offerings.

What challenges can keep back again jurisdictions from engaging with open up resource projects, what are the likelihood vendors will pick up these choices and can open source tech even now improve the election landscape, even if they never get made?

Keep tuned for Aspect 2.