Inside Cybersecurity

June 22, 2024

Daily News

Election security depends on addressing software issues, says Black Hat keynoter Matt Blaze

By Charlie Mitchell / August 6, 2020

Cyber researcher Matt Blaze, in an opening keynote at the all-virtual Black Hat USA 2020, framed election security as largely a software issue and said solutions are available between the extremes of completely eliminating computers from the process or going all-in with a blockchain approach.

“As a practical matter, we can’t really live without software but we don’t want to depend on it,” Blaze said Wednesday. He cited grounds for optimism about a secure election outcome in 2020 and urged the online audience to get involved. “Our expertise is central to many of the problems here,” he said to the audience of computer scientists, researchers and security pros. “This community is precisely the one whose help will be needed by election officials – call them.”

Blaze delivered an opening keynote on “stress-testing democracy” at Black Hat 2020, a virtual event this year that concludes today. The event has included 80 online training sessions and will total 90 briefings, according to Black Hat. Today’s keynote on disinformation will be delivered by Renee DiResta.

Matt Blaze

Matt Blaze, Chair, Department of Computer Science, Georgetown University

Blaze is a renowned cybersecurity researcher and the McDevitt Chair in Computer Science and Law at Georgetown University, who has focused on issues including election security.

He cited the range of threats targeting election-system software including denial of service attacks, forgery of results, and deletion of records, and noted how “compromising one component can compromise every other component in a counties’ election system.”

Auditing software may be simple in theory but the attack surface is much larger than a line of code related to results, he said.

“Every current voting system that’s been examined is terrible,” Blaze asserted, adding that finding this out is better than not finding it out. He noted a legal exemption remains in effect for researchers to search for vulnerabilities in election systems and said this work will be discussed in greater detail at the virtual Def Con Voting Village beginning later this week.

He said two principles should be not to “depend on software for outcomes in ways you can’t detect,” and to implement “risk-limiting audits.”

The COVID-19 pandemic deepened the challenges around election security this year, Blaze said, and jurisdictions still need help with resources to both print mail-in ballots and be ready to handle in-person voting. – Charlie Mitchell (