DARPA to develop an unhackable open-source voting system

The US Defense Department’s Defense Advanced Research Projects Agency (DARPA) has granted a $10 million contract to design and build an open-source secure voting system, reports Motherboard. This system will not only be invulnerable to certain kinds of hacking, but it will allow voters to ensure that their votes are properly recorded.

Linton Salmon, program manager in DARPA’s Microsystems Technology Office explained that DARPA is developing this open-source voting system in partnership with Oregon based cybersecurity firm Galois, to strengthen existing voting machine vendors’ security.

“Our goal is to make this so that the hardware is blocked against all of these various types of attack from the external world. If this is successful, and if the software put on top is equally successful, then it means people can’t hack in and … alter votes. It would also mean that the person who votes would get some verification that they did vote and all of that would be done in a manner that hackers couldn’t change,” Salmon said.

The system will use open-source hardware made from DARPA’s own secure designs and techniques developed over the last year. DARPA promises the system to be transparent and fully verifiable by developers and external researchers. Since the software is open-source, it will allow developers to also check for bugs or vulnerabilities.

DARPA and Galois will be publishing source code for the software online and bring pen-testing sessions on prototypes to the 2019 Def Con Voting Village in August this year. They also plan to invite ethical hackers and researchers to conduct penetration tests on the prototypes to gauge their security.

However, according to Salmon, universities will perhaps provide more technical feedback on the systems they examine in formal test environments over the next year.

“Def Con is great, but [hackers there] will not give us as much technical details as we want [about problems they find in the systems],” said Salmon. “Universities will give us more information. But we won’t have as many people or as high visibility when we do it with universities.”

Further, the systems Galois designs won’t be available for sale but the prototypes will be available.

“The systems Galois designs won’t be available for sale. But the prototypes it creates will be available for existing voting machine vendors or others to freely adopt and customize without costly licensing fees or the millions of dollars it would take to research and develop a secure system from scratch,” added Salmon.

“We will not have a voting system that we can deploy. That’s not what we do. We will show a methodology that could be used by others to build a voting system that is completely secure.”

Source: Motherboard