Revelations that Russian hackers tried to break into Dallas County’s web servers, likely with the intention of accessing voter registration files, in the lead up to last November’s election renewed concerns about Texas election security. Both Wednesday night’s news out of Dallas and a Bloomberg report on Monday—which said that the Russian hacking attempts affected 39 states—are forcing states to look inward and re-examine the security of their local and state-level electoral technologies.
The particular targets of Russian hackers were the accounts of elections officials and voter registration rolls, which are connected to the internet and are unlike the voting systems that actually do the recording and vote tallying. But a possible security breach of one area of electoral technologies has the potential to ripple out and affect the integrity of other ones. “The reason why this whole Russian hacking thing is a wake-up call is because we’ve been caught not paying as much attention as we should have in an area that all of us didn’t think was that vulnerable,” Dana DeBeauvoir, the Travis County clerk since 1987, says. “And yet it has turned out to be extremely vulnerable in ways we did not expect.”
DeBeauvoir’s office, however, is on the cusp of a new approach that could reinvent electoral technology security within Texas and across the United States. DeBeauvoir is one of the key figures that has been working on STAR-Vote (Secure, Transparent, Auditable, and Reliable), an end-to-end encrypted electronic voting system. The Travis County Clerk’s office, the Texas elections office, Rice University professors Dan S. Wallach and Michael D. Byrne, and other academics came together to create the system, which encrypts votes cast and stores them in a database. This anonymized database is then made available to third parties, such as local governments, journalists, non-profits, and even the voters themselves and allows them to audit and verify votes. As DeBeauvoir puts it, STAR-Vote ensures that “the voter’s vote is cast as intended and counted as cast.”
DeBeauvoir’s work with the technology dates back almost twelve years. Along with similar initiatives such as Los Angeles County’s Voting Systems Assessment Project, San Francisco’s efforts to create an open source voting project, and the Colorado Risk-Limiting Audit Project, STAR-Vote could mean that the problems with electoral security are close to being answered.
But while Travis County makes advances in voting machine technology, the low level of sophistication that allowed for even close calls in Russian hacking attempts reveals just how painfully under-protected voter rolls are. Wallach, a professor at Rice University in the computer science department, echoes that these vulnerabilities have been a concern for cybersecurity professionals for years now, adding that though federal officials are beginning to take it seriously, it is now the responsibility of individual states to take action. “It’s very difficult for me to predict how and when which state agencies and which states are going to step up and recognize that their existing voting machines and voter registration systems are vulnerable to this class of attack,” Wallach says. “I mean, just last week James Comey said that this wasn’t a one-shot deal, they might be coming back. And that to me is a huge warning.”
Joe Kiniry, CEO of Free & Fair—a group out of Portland that makes election systems—has been following STAR-Vote since its inception, and has noticed a glaring gap in the voter registration technologies. Currently, the only major project taking steps to encrypt voter registration rolls is the Electronic Registration Information Center, which operates across 20 states and Washington, D.C. “Voter registration systems are becoming a target like anything else,” Kiniry says. “And if you don’t have legitimate people with proper credentials building and supporting the systems in an open and transparent way, we’re going to be screwed in two or three ways instead of just one.”
Many are seeing promise in STAR-Vote for the future of secure electoral technologies. When the Travis County Clerk’s office called for proposals for the technology in October 2016, Kiniry says that Free & Fair put in a bid. They are expected to hear whether or not they’ve received the project in the near future. “I think it’s really important because risk-limiting audits, which we will see in Texas by virtue of STAR-Vote, are sort of the most critical component nationwide because you can run those audits on any election using any crappy software or processes so long as there’s a paper ballot trail,” Kiniry says. “And that’s a thing that we can do that would improve elections in America more than anything else. STAR-Vote really gives Travis County and eventually Texas and eventually the U.S.A the one-two punch that we really need to not have 2016 again.”