 All right, thank you everyone for joining us for the next talk So I have an alert here that I'm supposed to remind you that our Twitter feed is at voting village DC. That's all one word That's also where the speaker track list is it's a pin tweet at the top and also if you're gonna be tweeting about us We'd appreciate it if use the hashtag voting village 2019 also one word and with that further ado I'm going to be introducing Mary Ann Schneider and her presentation if the voting machines are insecure Let's just vote on our phones, which I think is sarcasm. It's a good reason to believe Mary Ann Schneider is the president of verified voting a role to which he brings a strong grounding in legal and constitutional elements Governing voting rights and elections as well as experience an election administration at the state level Immediately before becoming president of verified voting Mary Ann served as special advisor to Pennsylvania governor Tom Wolf on election policy Previously governor wolf appointed her as the deputy secretary for elections and Administration in the Pennsylvania Department of State where she served from February 2015 until May 2017 Throughout her legal career Mary Ann has focused on the intersection of civil rights and election law formally She was a senior attorney with advanced With advancement projects voter protection program and was trial counsel in apple white versus commonwealth Successfully challenging Pennsylvania's restrictive photo ID law on behalf of voters as unconstitutional infringement on the fundamental right to vote Mary Ann received her JD from George George Washington University where she was a member of law review and earned her BA degree cum laude from University of Pennsylvania Thank you very much Thank you. Thank you for that kind introduction and Thank you to the organizers for allowing me to speak today As you said my name is Mary Ann Schneider. I'm the president of verified voting. We're a nonprofit Dedicated to promoting secure and verifiable elections and the responsible use of technology in elections And what a wonderful turnout at the voting village this is such an important topic and I want to commend all of you for your efforts in Demonstrating that voting systems have vulnerabilities that we must be able to detect and to recover from And because as if you heard senator wide in stock The fabric of our democracy is at risk and it's under attack and we must stand shoulder to shoulder to defeat it So the title of this talk is if the voting machines are insecure Let's just vote on our phones and it is tongue-in-cheek, but in fact, that's what's happening And I want to talk to you Because as policymakers the press and the security community and the public pay more attention to the security of elections There is this growing trend to allow voting on mobile devices So I'm going to talk about the policy issues that this seeks to address and the current landscape of internet voting And what some of the solutions might be to address these policy issues? But as we know computer and database security is front and center. How many of you use a capital one card? Yeah, they just had a data breach of a hundred million records and the economic impact and increase in exploited vulnerabilities are rising fast Security magazine reported that such exploits increased 92% in 2019 over the previous year So because we count 99% of our votes on computers in the United States And because each state maintains a statewide database of voter registration records, our election infrastructure Is has a known set of vulnerabilities and that this thought village has demonstrated exist and are exploitable So we know that the risks are here and their risks not certain deeds, but they're not hypothetical They're real and pervasive the 2016 presidential election demonstrated this The United States electoral system was attacked by a nation-state with virtually unlimited resources And we know We know that voter registration databases not only were scanned, but they were penetrated and they were accessed And we know that local election official sites were attacked and there were some phishing attacks that were successful And at least one third-party vendor was penetrated And in fact just yesterday tech reporters Kim Zetter whom you may have heard from earlier today Reported on research by cyber security experts and they found that the election management software, which is the brains? behind Electronic voting systems were indeed connected to the internet and 35 jurisdictions All by it behind a firewall But the firewall is not impenetrable impenetrable The capital one breach that I just mentioned Occurred because of a misconfigured firewall So the finding is appalling Because it comes after election officials have adamantly stated that their systems are not connected to the internet and the reason for allowing this connection Was so that jurisdictions could receive election results faster on election night, but you know if you heard the other panel today You got the whole low down But and there's plenty of people here who can talk to you about the tech behind it but the fact of the matter is those systems were left online for years or months and This is what they discovered about systems that are not supposed to be connected to the internet How many flaws and misconfigurations might be presence in systems that are supposed to be Connected to the internet like for example some of the internet voting that's going on right now So in this whole atmosphere of risk that we've been talking about When state and local jurisdictions are actually doing some work and they're trying very hard to mitigate the risk to their networks To mitigate their risk to their internet-facing applications to protect their voter registration databases We are seeing worldwide a Proliferation of voting via mobile app and the new twist on this internet voting is that voted ballots delivered Via the mobile application are stored in the blockchain on the back end and that makes everything okay So let's think about this So how many of you left your personal cell phone at home and bought a burger phone to bring here? Or maybe you backed up your personal phone and then wiped it and now when you leave you're going to wipe it again and Of course you turned off your Bluetooth and your Wi-Fi settings, right? I mean because we know there's a risk and of course we are at a hacker convention I get that and we're taking extra precautions But the risks we are protecting ourselves from here are prevalent everywhere And meddling in an election to affect the outcome is a pretty big motivator So it's not unrealistic To believe or to be concerned that vulnerabilities in the mobile voting world would be exploited to interfere with an election outcome Especially in a high-stakes election like a presidential or gubernatorial election But let I want to acknowledge some things up front voter participation and civic participation rates in this country are abysmally low And in a former life I've been in the trenches fighting voter suppression. So believe me of anyone I understand that there is a worthy desire to increase voter participation and remove barriers to voting But we also recognize we recognize our military and our overseas voters face enormous challenges in voting while away from home and deployed in difficult circumstances and We support better ways finding better ways to make it easier for our military and overseas voters to vote but voting by mobile app is not the way to do it and Opening the door. We're opening the door of county and state networks and and their servers to attack and Undermine all the work that's happening to protect those servers and that infrastructure So I want to review again the security challenges with voting It's very important to remember that the voting transaction is unlike any Transaction that we currently do online. There are three important concepts associated with the voting one The voter must be authenticated We care about the identity of the voter because we want eligible Registered voters to cast a ballot and we only want one person to have one vote So first we have to have a secure and trustworthy way of validating the voters identity Second once the voter is authenticated the voters identity is stripped from the ballot We anonymize the ballot in an effort to preserve ballot secrecy and Third jurisdictions need to have a way to conduct an audit to make sure the software that counts the votes did so correctly At the same time we don't want voters to be able to identify their ballots because we want to prevent voter coercion and vote buying and selling Except we really can't preserve secrecy online because the jurisdiction can always track back to the voter the especially if the voted materials are sent over email with an attachment and Mobile apps being piloted now have actually boasted in the press that they're being they're able to send the voted ballot back To the voter so they can check and make sure that it was right, but they don't indicate how officials or the app creators are prevented from seeing this so these this Lack of preservation of ballot secrecy violates the constitutional right to a secret ballot and this is so different from e-commerce If my son takes my credit card and he buys something on Amazon or steam They don't care if it's him or it's me as the car holder. I didn't if I didn't authorize the transaction I'll see a record of it and I can dispute it, but that's not how voting works And that's what makes it such a difficult security problem The transmission of voted materials over the internet is not new and here's my one slide. This is the map of where The internet voting is occurring. So the light colored states do not allow it But so the darker the dark the dark colored states that allow internet portal voting the Next shade down is email and fax and the next shade down is email only and then fax only but the The big piece it looks like mostly in the northern part of the nation They don't allow any transmission of voted materials over the internet This So that's 31 states and the District of Columbia permits some form of internet voting usually via email or fax But some states allow it through it through an internet portal and several jurisdictions Require voters who use their internet voting systems to explicitly wave their constitutional right to a secret ballot Because the voters privacy is not protected when they use the internet system And this has occurred over over a decade And this has been going on and some of verified voter verified voting's coalition partners like the National Election Defense Coalition Common Cause the Technology Policy Committee of the US ACM They reiterated this in a report published last year that this has occurred Despite multiple agencies credible Credible agencies advice that internet voting is not secure You have the Department of Defense research this and concluded that internet voting is too risky NIST studied this and concluded that internet voting is too risky Congress repealed its directive to develop a plan for internet voting for the military in September of 2018 The National Academies of Science Engineering and Medicine issued their report on securing the vote and they concluded that internet voting was too risky and Just the other last month the US Senate Intelligence Committee's report said You know that was on Russian interference and it said states should resist pushes to move their elections online Because in their words no system of online voting has yet established itself as secure So despite this apparent consensus we are now seeing a push for voting over mobile app on phones for military overseas voting and Here the recent examples are West Virginia is deploying a mobile app for mobile for military and overseas voters after conducting a pilot last year The city of Denver piloted a mobile app in 2019 municipal elections and Utah County, Utah Announced plans to offer the mobile app to its both voters this fall And that doesn't even include what's happening on the worldwide stage The new twist on internet voting with mobile app is that it does several things differently than voting by email facts or online portal The first of all the voter has to go through several steps including taking a picture of the voters photo ID and uploading it and then taking a video selfie and then the app uses facial recognition software to match the person's face with the photo they just uploaded and There are documented issues with facial recognition software regard about its reliability for voters of color and So it may not be a very good use Use case for that technology That underscores the point that when a technology is deployed we have to think through How it's going to impact all voters that may use it These mobile apps also allow the voter to track their ballot and their privacy is not Preserved and then finally the app stores ballots in the blockchain But only after the ballots have traversed the internet to get through a numerous servers Maybe to the county server to finally be recorded in the blockchain and in my own understanding Which I am not technologists, but the blockchain serves as an encrypted ballot box But putting aside whether the authentication privacy and security issues could be adequately Adequately addressed a huge problem is the lack of a software independent record that could serve it as the basis for trustworthy audit And if you heard Philip Starks talk he defined what software independence is that an undetected change in the software will not result in an Undetectable change in the outcome and we have no way of checking when a purely internet voting system is used But there's a lot we don't know about mobile apps and earlier this year several computer scientists some of whom are here at DEF CON Catalogged all the questions that we don't know about how these mobile apps work So verified voting board member David Jefferson advisory board member Joe Canary were co-authors along with Josh Greenbaum Duncan Buell and Kevin Skoglan and they they can give you they can give you a deep dive on the technology Behind this, but I'm just going to give you some of the high-level takeaways We don't know a lot of things about these mobile apps Exactly how does the machine learning in the facial recognition software work and how robust was the training? What protections are in place to protect the PII data that the app collects? What protects access that the access the back-end has to the voter registration database? If voters are allowed to receive a copy of their voted ballots after the fact what prefer what preserves ballot secrecy? And what prevents vote-buying and selling and coercion and what protections are in place to secure the transmission of ballots to mitigate the Risk that the voters phone has malware and our best practices and cryptography being practiced Josh Benelos sitting right here and some have called him the crypto god and he can answer all your questions about that He I didn't it was an oppressor for it That's right, you believe everything you read in the press right and then finally it's in the case of many internet voting systems officials on The receiving end print out the ballots and remake them so that they can be scanned this lessens the trustworthiness of the ballot for several reasons The voter on the front end never sees what got printed out on the back end There may be errors in the process of remaking the ballot and the record from the computer Even if it is reduced to paper does not create an artifact that can be truly audited so I think that They there's been a lot of reports that these apps are successful that they've increased turnout But I think what we need to know is how Trustworthy are those is the are these turnout numbers where they's really trustworthy voters who actually use the app so The other the app creators have also conceded The risks of hacking and that they cannot guarantee that they won't be hacked they state that they'll be able to detect the hacking Okay, that's a good thing, but then how do you recover from it? Are these systems resilient? Will you be able to tell which are the true ballots and which are the fraudulent ballots? so if Because it's impossible to know that and because we we can see that these are risks and we can never get the risk down to zero Which is why we have to have a way to check that the software has great behave properly if you're a candidate And you can't guarantee that every tenth vote that should be for you goes to your opponent How does that give you comfort in that kind of an application? So let's focus on the policy issues. It's all about military and overseas voters So and this comes up every every year every year the Commonwealth of Virginia has a bill introduced to do internet voting for military and overseas voters every year But what we need to do is look at the data. What does the data show? That this state is not that easy to come by but states should have it and they should look at their military and overseas ballots They send out and they should get answers to these questions Our voters not getting ballots that the issue we're trying to solve our voters getting the ballots But they're not able to return them or our voters getting the ballots and they are returning them But they're returning them too late Because if you answer if you look at the data you can see what is the policy issue you are trying to solve and then decide What is the solution that makes sense for that policy issue? So some of these problems have been ameliorated by the move act which gets military and overseas voters are ballots 45 days in advance in some cases 70 days in advance and The third ballot the third bullet about if they're getting them in late you can extend the deadline The second one is a little bit more difficult, but it requires Working together with military organizations with veterans organizations, which we're trying to do in Virginia to figure out How do we solve this policy issue? Because you know you've got to tell you sometimes when people are deployed they may not have an internet connection anyway Not only don't they have mail they may not have an internet or facts So we have to think about how can we make it easier for them to get the ballots back if that is the policy question We're trying to solve so Finally, I just wanted to because I'm running out of time here But I just want to talk about We have to think whenever we think of a technology solution for what we were doing especially when it comes to voting We have to deploy the technology in a responsible way So we agree that in general technology brings benefits But and we for example we can use technology to get info to voters We can use it to engage them and excite them and get them to participate We can use technology to enhance the non anonymous transactions that we do in our voting space We can leverage technology to count ballots quickly and to have unofficial results immediately Because speed is a value that somebody said is a value where maybe you know accuracy would be better But I mean that there are ways we can use processes in the polling place to encourage voter verification of ballots that are created by computers and Then we can conduct post-election audits to check that the software and the technology that we're using operated properly Fine, so what can you do and then I'll be wrapping up We can there's several things that we can do first of all we need to call on our legislators our elected officials we need to make sure that they understand the Technology in challenges that they face for those of you in the tech field You need to talk to people who may not be as tech savvy as you are and explain Why this might not be a good idea and why the security problems with voting are different than every other security problem we face And then and finally we should call on manufacturers to be transparent be we this is what we were talking about with Kim Zetter's article and What senator Wyden was talking about be transparent about your processes so that we can all rely and trust on the computers that count our vote Thank you again for the opportunity to address the DEF CON voting village 27