 Hello, everybody. Welcome to the Voting Village 2019 speaker track. I'm going to be starting off by introducing, I'm Maggie McAlpine. I'm one of the co-founders of the village. I'm going to be introducing my other co-founders, Professor Matt Blaise and Harry Hurstie to give us the opening remarks. Good morning, everyone. Matt? Come up. All right, so this is the third year when we have the Voting Village. Every single year is a little bit different, different focus. This year we have a lot of new stuff, both in as a voting machine and as a technology. But first of all, let's talk about a little bit how we got started with this. For us, this was, the first year was all about buying from eBay, using the secret powers of eBay, to buy voting machines. The second year, we got a little bit more technology, both from government surplus websites and eBay. We started to introduce another ideas. For example, the cyber range to train election officials, how to defend, to do a red team, blue team exercises, and do a little bit of helping the election officials to pair with the hackers to get help in solving their security problems. This year we are looking to expand that with the Unhacked initiative where we are pairing with the speed dating between hackers and election officials so that you can talk with someone who might be in your neighborhood and can help you to understand the challenges and technologies. So we are evolving and we are here to educate and help. And most importantly, DEF CON is not about proving, or the Voting Village is not about proving that voting machines can be hacked. They all can be hacked. And voting machines, 20 years from now, those can be hacked too. So it's all about making sure that we understand the race. The U.S. elections cannot be run without voting machines. It's too complex. You have to introduce auditability, you have to introduce paper ballots, you have to introduce mechanisms which make sure that the right people win. Thanks. So I'm Matt Blaze. I'm one of the co-founders along with Hari and Maggie and Jake who you'll be hearing from virtually in a few minutes. I just want to talk for a few minutes about what we're doing here, why we're doing this and what we hope to accomplish and how we got here. Almost everything in the Voting Village and almost all the interest in voting can be traced back to the 2000 presidential election. And you may remember that the 2000 presidential election was very contentious. I mean not like today, the country was very divided and it was very stark. And there was a disagreement about who the winner of the election was. So in addition to being a kind of division in the country between ideological aspects of what the best policy should be, there was also a disagreement about the objective question of who won the election. And that was partly due to the mechanism of voting used in a few counties in one state. And the particular mechanism in use involved voting machines that used electricity exclusively for the light in the voting booth. There was no actual computation in the voting booth. The voter would simply fill out a little punch card ballot by pressing a stylus through a card corresponding to their winner. But that technology, in spite of the fact that it didn't actually have any computers involved, had a buffer overflow in it. And the buffer overflow was that the little pieces of cardboard in the punch card would build up behind the ballot and make it more difficult to vote for winning candidates as the day went on. And so by the end of the day, many of the senior citizens in this Florida county physically had difficulty punching all the way through for their candidates and didn't actually make a good hole in the card. The tabulators then had difficulty figuring out what their intention was. This was the issue that united the country. We didn't agree on who the president should be, but everyone agreed that this old-fashioned voting technology needed to be replaced. And what Congress did was they allocated a giant pile of money in the Help America Vote Act, which very quickly passed with overwhelming bipartisan support to update the voting technology used in the states and provide funding for state and local officials to buy new machines. Unfortunately, we didn't know at the time how to build the better machines that the Help America Vote Act mandated. And so there was a funding for buying new machines and a deadline to buy them by, but no actual strong engineering foundation for how to build a better voting machine. And the voting machine industry kind of stepped up and did, you know, you can argue about whether it was the best that they could do, but certainly they didn't understand as much at the time as we do now about how to build voting machines. And almost everything produced to comply with the Help America Vote Act has had terrible vulnerabilities associated with it that can lead us potentially to a situation not merely as bad as what happened in the 2000 election, but potentially worse, where we simply don't know who won the election. And that's partly because we are dependent. We've taken these systems that weren't dependent on software before and made them dependent on software. And as everybody in Las Vegas right now can tell you, software is utterly terrible. And so we essentially took a problem that was hard and we added software to it. And that essentially made the problem worse. Unfortunately, we just didn't know how to do better then. In 2007, Hari and I, along with many other people, led studies sponsored by states like California and Ohio to examine the voting technology that they were using. We were given privileged access to the voting machines. We were allowed to do something that everyone else wasn't allowed to do. And we examined these systems and we discovered, oh my god, these are not merely as bad as we feared but far worse. Every system examined had vulnerabilities that would allow you to either change the outcome of an election or create uncertainty about who the winner was. What do we do? Well, an unsatisfying thing to do would be to make a list of bugs and then fix them. But the problem is that list of bugs that need to be fixed is never going to be complete. Fortunately, over the last ten years, we've actually been able to do better than that. Ron Rivest, who is one of the founders of public key photography and incredibly prolific and important computer scientists, came up with a deceptively simple design requirement for voting systems called software independence. And the idea of software independence is very simple. It says that a voting system should be designed in a way that the outcome of the election doesn't depend on software. And if there's an undetected software failure, you can still determine who the correct winner of the election is. And that sounds like it says don't use software, but it's actually a design requirement that allows you to use software as long as you use it in a way that allows you to recover from a software failure. The good news from that is coupled with a technique to do primarily to Philip Stark, who you'll be hearing from later in our speaking track, a statistician from University of California Berkeley called risk limiting audits. There are actually ways to use computerized, certain types of computerized voting systems in ways that meet the software independence requirement. In particular, optical scan paper ballots with optical scan readers coupled with a rigorous system of auditing the ballots by hand after the election using some sampling techniques can achieve this. We didn't know any of this back when the Health America Vote Act was passed. But these systems exist. They exist today. And they are in fact in use in many counties throughout the United States. Risk limiting audits are just starting to get some attention and are starting to be used in different places along with the equipment that can take advantage of them, which exists. It can be purchased today. So what are we doing here? One of the problems is that back in 2007, when Hari and I were given privileged access to voting systems, almost nobody outside of the voting vendor community knew how voting systems worked. And one of the things that we've been able to achieve here, in no small part due to an exemption from the Digital Millennium Copyright Act, is open up the details of voting systems to everyone. Anyone who wants to come here can come into our room and look at the voting machines and play with them and attack them and bang on them. And in fact, our rule is feel free to break anything. Just do it in an interesting way. We've got plenty of equipment in there and we want you to take it apart and we want you to really understand how it works. Because in some sense, we're examining voting systems, but what we're really trying to do here is produce many, many more experts on this problem. And so I want to thank everybody for coming because I think this is one of the most pressing problems in our democracy. Voting technology is a critical part of the integrity of elections and will be going forward far more than it is today. And we need people who understand how this works who aren't simply trying to sell us of the voting system that they designed. We're going to be hearing a number of really exciting things throughout the weekend. DARPA is the Defense Research Projects Agency is introducing here for the first time in public a secure architecture that may be helpful in voting systems along with some demonstration applications of voting systems built on top of it that you'll be seeing in the room, as well as older systems. We'll be hearing from election officials about the problems that they have in actually running election systems. We'll be hearing from journalists about the difficulty of reporting on a really complex set of problems that have very important impact to our society. All of these pieces interact with each other. And one of the things that we're very proud of and very excited about is that we're bringing together not just technologists, but the users of the technology and the people who are depending on its outcome. So thank you everybody for coming. Please stick around, please break things. And let me give it back to Harry for a few moments and then we'll hear from Jake. Oh, I thought that let's have a Jake do it. Okay, if you don't want to talk to him. No, no, I will talk off to Jake. So Village Co-Founder Jake Braun cannot be here today, but he sends you his best via recorded video from the coming from the Iowa State Fair. The 2020 election will be gassed in just four to four months, which I think should bring new urgency to what you all are doing. But thanks to all of you, I certainly feel like the 2020 election will at the very least be more secure than the 2016 election. And again, that's doing large parts of a lot of the great work all of you have done. And I think that the fact that this is only four months away should hopefully encourage all of you to work even harder this DEF CON to identify more vulnerabilities and potential solutions that policymakers can implement to make the 2020 election more secure than the 2016 election was. I also want to thank the dark tangent for having us here again at the voting village. Obviously, I want to deeply thank my co-founders, Matt Blaise, Harry Hurstie, and Maggie McAlpine, and then all the volunteers and staff who made this possible and worked for months and hours and months and months on this, including Mary Hanley, Phil Stupak, Morgan Ryan, Annalise Wagner, Caroline Imel, and a host of others. I know I forgot dozens of you, but anyway, thanks so much to all of you. And so I guess, what are we thanking everybody for here? Well, I think we've accomplished a lot in two years. As many of you know, we were asked for, and believe it's the first time that DEF CON hackers were asked to come to the capital and release their findings on election security issues that we identified. Those things included things like the fact of remote hacking is possible, of not just things like websites, but also databases and even some voting machines. We found that despite people saying that no one would ever notice somebody hacking or that we would definitely know if somebody was hacking a machine, we figured out that somebody could hack a voting machine in two minutes, despite the fact that it takes the average person six minutes to vote. We found out that unfortunately, even vulnerabilities that are identified to the responsible parties can go unfixed sometimes over a decade. We found vulnerabilities last year that were disclosed a decade ago and had yet to be fixed. We also found out from the Mueller report, reinforced a lot of what we identified last year, which was that you can hack a website with a SQL injection and get into a voter registration database, which is exactly what Mueller said the Russians did last year or in 2016 and frankly didn't even go far as what we were saying was possible last year. So with all that, I think the one thing that continues to stick out in my mind was something that Hari kind of quote unquote found, which was he opened up the first machine, opened up the back of the first machine and realized what we all would assume was true, but nobody had known until we did this publicly, which was that most, if not all, the parts are made in other countries, many of whom are unfriendly to democracy itself. And so, you know, that and these other findings had never been known before, but because this is the first and only public third party assessment, although math isn't like that word, tinkering with machines that is done in the world, this is the, no one would know any of these things if it wasn't for us doing this here at DEF CON. So that's kind of what we have done. So what are we going to do? Well, we've got a lot of great stuff coming up this year. DARPA's here, which we're really excited about. We love the fact that folks, especially as reputable as DARPA, are coming to have their technology tinkered with and kind of beat on over the weekend by our guys and gals here. We also are excited to have, what we believe is the first ever attempt to kind of match up folks, hackers and security folks with election officials directly so that hackers can try and provide free of charge their services to help election officials secure their elections. If there's one thing that we all know is true is that there's not enough people in the cybersecurity world to fill all the jobs and nowhere else is that more true than in the election industry. And so we really appreciate the brave election officials who came out here despite not knowing how the media and others may react to sit there and talk to hackers about how the folks at this conference can provide free help on how to secure their systems and networks. So thank you to all the election officials who came out and I'll thank in advance all the very civic-minded hackers and other researchers here who I'm sure will be offering up their services to help secure these networks. Third, we're partnering with the AI Village again. We're really, or not again, we're for the first time partnering with the AI Village to talk about or to better understand deep fakes and things like that and how they can affect our elections. We're partnering again with roots to help get kids more involved in elections and cybersecurity issues. So we're super excited about all the kids that are going to be involved in thinking about election security this year. We've got way more machines than we have in the past so we're really excited to look for new vulnerabilities and let folks go about so that they can be fixed. Oh, and then we've also got three days of speakers this year. Way more election officials, federal officials, and especially members of Congress who really want to thank Senator Wyden and the other members of Congress who are coming here to speak. You guys and gals have to go back and do the hard work of passing legislation to address all the vulnerabilities that we find here and so we thank you all for taking care of us seriously and more importantly taking election security so seriously. So thank all of you election officials for coming up this year. I guess my final thing I want to say is I want to shamelessly plug my book which is for the first time on sale here today at DEF CON and it's the story of kind of us it's the story of all of you and a little bit of my early life in the campaign world and so on but then later goes into how DEF CON voting village started all kind of some of the behind the scenes drama that went on and getting the machines and all the pushback we got from various players and then also I at least try and really kind of celebrate what you all did and how amazing it was that the folks that have been from the beginning you know found so many vulnerabilities they go I tell a long story about Hari that's deeply interesting and I think you all would find quite entertaining as well and then ends I hope on a positive note to talk about how you know maybe all this while stressful and not great may lead us to a better future where elections are more secure for democracies all over the world because of what we've gone through for the past couple years and so hopefully you guys will buy it and hopefully you'll buy one for a friend and it'll make a great stocking stuff or holiday gift at the end of the year and so thanks everybody have a great DEF CON please buy my book and go secure our elections Thank you one thing I want to talk about is what DEF CON is and what voting village is as who we are and how this came to be I think Matt will absolutely agree with me that for my feeling when I come to DEF CON it's not to come to conference this is a meeting of extended family dysfunctional family sometimes but family nevertheless we don't agree on almost anything but we understand what is important and we work towards common goals to secure things which are important whether it's a infrastructure well infrastructure elections medical equipment airplanes, cars, all kind of things this is all a community effort voting village doesn't have corporate sponsors we are non-profit that's how we literally Matt is big help we have verified voting who is big help we have election integrity foundation which is big help but this is a non-profit operation everything you see as in a village has been purchased with pennies we don't have big funding but this is important this is not a issue of partisanship and this is not even issue about United States we have a global community of democratic countries and all the countries have right now facing similar threats to their democracy the threats come from various of different angles if we look what has been published about 2016 election one thing which is interesting is that even when we have published a lot of vulnerabilities in voting machine it seems to be that the attacks were targeting the back end systems and back end networks very old fashioned very traditional attacks nothing new, nothing fancy actually I would argue that when you look at the phishing attack done by allegedly by hackers working for southern foreign state it was a reused malware repurposed malware, recycled it was very low tech and yet effective we have a lot of work to do in various of areas in order to secure the elections also while voting machine hacking village is considering voting machine we have to understand the election technology is really wide you have in United States you have voter registration systems which feed in the electric poll book systems then you have the tabulation of the votes and in the end you have the reporting of the votes each part of this link if it's compromised will cause a havoc with undermined trust to the system we have had our threat model wrong for various reasons when Matt and I started at that time the threat model which everybody was thinking was a dishonest candidate trying to win nobody was paying attention into attackers with other motivations like nation states nation state necessarily doesn't care who wins they might have someone who they prefer but they are not ever supporting something for the kindness of their heart if you look at a nation state attackers who are not democratic countries themselves this is an ideological warfare this is a psyops and the end game is undermined the trust of the people to the system the people are living in so this is all about also rebuilding the trust into the process and maintaining the trust the democratic system is the way to self-govern a population again this comes back to the community when we look at the hacker community we have different day jobs we have different places where we do our influence and when we look at the large population there's a lot of people who are looking for how they can help and the apathy is as dangerous to the democracy as an attack to democracy one key element here is we are improving this no matter what you see and what you look that should never discourage you to vote because democracy is all about participation in society and participation in the community if you really care become a poll worker help that way we have in all the democratic countries the similar problem that the average age of poll worker seems to be going up about one year every year unfortunately having people who have a security background and a poll worker helping people to vote seeing that everything goes smoothly if you see something say something very important the problems we are facing in the United States are not unique to the United States if you look the news in England in France, in Germany in Austria you see a fragments of the same problem manifesting a little bit different way but across the western hemisphere and democratic countries and also to mention we had a there was a significant amount of turmoil in Indonesia with their election and dispute about the winners so these problems needs to be solved and there's no easy way of solving them these are hard problems and I would like to also say something about where we are in technology I said we both believe in paper ballots we are far from neutralized because we are hackers we really, really love technology but there are a lot of proposals out there which are seemingly having a technological solution problem where we don't have a technology for it for example I would like to say simply blockchain is not a solution for this area it cannot be used there's actually a lot of papers which explain why blockchain cannot be used in secret ballot public elections there are a lot of other proposals how an irresponsible way of technology could solve the problems a lot of the western countries for example of Germany have a law which requires that how the votes are cast and tallied has to be understandable for a common person with no special skills or tools software when it's designed the right way is something you can explain I don't remember who exactly was who's quoted is that there's two ways of writing software which doesn't have obvious flaws another one is a simple, clear and it obviously doesn't have flaws other one it is extremely complex and officiated and you cannot find obvious flaws obviously another one of these is a better idea but anyway that's what I want to say is to make everybody to understand we are in this situation together regardless which democratic country you come from we need to try to figure out from all the areas where how to solve that problem area how to make the confidence to say to people to understand this is the way we want to self-govern and make sure that whatever we can do we do that together as a community thanks Harry so I just want to end on two notes one is how hard this problem is in the United States in particular we have arguably the most complex ballots in the world we vote on more things we have more different ballots that different people get elections are extraordinarily complicated the authority to run elections is quite decentralized the federal government has a very limited role and elections are broadly set by states elections are run in almost every state by individual counties who are responsible for buying and managing the election equipment as well as running the very complex logistics of elections and often the funding for elections is competing with things like road repairs and fire departments and things like that and counties that are strapped for budgets don't have unlimited budgets without significant external funding to fund their elections and they often lack the very specialized expertise to protect that infrastructure particularly as we understand state actors as being the threat not just dishonest politicians so it's one thing to think is the US national security agency a worthy adversary for the Russian GRU but ask if your local county registrar of voters is able to defend against the Russian or Chinese military intelligence service it's a fundamentally unfair fight so it's an extraordinarily difficult problem and it's a difficult problem that adds to that all of the political ranker that US elections have associated with them even in the best of times but I want to end though on a note saying that I've been working in this area for about two decades and over the last few years I've actually been more optimistic that we are in a position to make progress than I ever have then I am optimistic that this is a problem that is within our grasp to solve there is finally the background to make voting and engineering discipline what the requirements are for robust voting systems we didn't used to know that but also we're in a position where although we disagree on the next step for making progress quite often and you know there's all sorts of deadlock there is in fact bipartisan agreement that at least in principle this is an important problem and that's actually fairly new after the first I testified in the house in 2017 on the results of the voting system we were invited by at that time the majority the Republican party Will Hurd invited me to testify that would have been unheard of a few years ago voting security was regarded as a partisan issue it's much less so now than it has been so we have this combination of the technology background as well as a kind of social consensus that this is worth solving like we never have before so what I want to say is this is a great time to be interested in this you get to be part of the success you get to be part of fixing this because I'm actually confident that within our lifetimes unless I'm struck down as I fall off the stage this is a problem that we are going to be solved and I want to echo what Hari said one of the things you can do when you leave here is call your local elections office and sign up to volunteer as a poll worker in the next election you'll learn an enormous amount and you'll make incredibly valuable relationships so thank you everyone and with that let me turn it back to Hari who's going to keep talking just a few minutes I make the joke saying that election environment has changed so quickly that a lot of people think there's election office which have an IT department but really it should be IT department which happens to run elections the village is open we will have a short introductory of all the machines in the village slightly after 11 we will have in the village scribes who are documenting every finding we are going to do so we are going to publish as every other year a short presentation of all the findings and report what we had what happened in the village during these days Matt and I are going to be all times there just come whatever you if you have questions don't hesitate to approach and ask us anything and we will be all time until Sunday in the village so come and join us thank you very much for coming