Microsoft announced that it would give away software designed to improve the security of US voting machines, even as said to have tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle.
The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election.
The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post.
The announcement came at an annual conference of current and former intelligence, defense and homeland security officials.
Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.
Perez said that about 30 percent of America’s registered voters currently live in counties with voting systems that have no auditable paper trail, a situation that he and other election experts say poses an unacceptable risk. An election security bill that could help counties install more security systems by providing $600 million to the states has passed the House but has been held up in the Senate by Republican leader Mitch McConnell.
Microsoft said it has notified almost 10,000 customers in the past year that they’ve been targeted or compromised by nation-state cyberattacks. About 84 percent of the attacks targeted enterprise customers — generally at organizations — and about 16 percent targeted consumer personal email accounts, the company said.
“While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives,” the firm said.
The majority of the suspected nation-state attacks came from Iran, North Korea and Russia, Microsoft said.
Last August, Microsoft rolled out a service it calls AccountGuard, now in use in 26 countries on four continents. The company provides it free to current candidates for federal, state and local offices in the United States and their campaigns, the campaign organizations of all sitting members of Congress, national and state party committees, technology vendors who primarily serve campaigns and committees, and certain nonprofit organizations and nongovernmental organizations. Since then, the company said it has made 781 notifications of nation-state attacks targeting organizations participating in AccountGuard — 95 percent of which targeted U.S.-based organizations.
Echoing the warnings of U.S. intelligence officials, the company said it anticipates “that we will see attacks targeting U.S. election systems, political campaigns, or NGOs that work closely with campaigns.”
A recent report by Stanford University’s Cyber Policy Center summed up the current state of vulnerability. “A number of independent research efforts have demonstrated the ease with which individual electronic voting stations can be compromised by simply using the paltry resources available to university research teams,” the report said. “Hostile foreign governments would be able to deploy orders of magnitude more resources to this task.”