Reimagining Cyber - real world perspectives on cybersecurity
Explore the critical intersection of cybersecurity and business impact while gaining insights into CISO priorities with "Reimagining Cyber." Stay informed on the latest cybersecurity news, trends, and solutions tailored for today's CISOs and CIOs. Episodes cover a range of topics, including the role of AI in cyber security, technology, preventive measures to stop cyber attacks, response strategies for cyber attack victims, cybersecurity challenges in healthcare, the future landscape of cyber security, computer security essentials, managing cybersecurity budgets, and the implications of SEC rulings.
Engage with industry experts and CISOs who share their perspectives on what matters most in the cybersecurity landscape. Hosted by Rob Aragao a seasoned security strategist with CyberRes, this podcast is your go-to resource for staying updated on cybersecurity developments and addressing common challenges in the rapidly evolving digital landscape.
Reimagining Cyber - real world perspectives on cybersecurity
Secure the Vote: Inside Election Defenses Ep. 93
"For nation states today their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security."
Stan Wisseman and Rob Aragao delve into the critical realm of election security with Dr. Ben Adida, the co-founder and executive director of VotingWorks, renowned for his expertise in safeguarding our voting processes. Dr. Adida shares insights from his two-decade journey at the forefront of election security, offering a deep dive into the complexities of ensuring the integrity of our democratic process.
From the challenges of balancing ballot secrecy with verifiability to the evolving landscape of election security concerns, the conversation navigates through the intricate web of issues surrounding voting systems.
Dr. Adida sheds light on the pivotal role of voter-verifiable paper ballots and post-election audits in bolstering trust and transparency, emphasizing the need for modernizing voting technology to align with current security standards.
As the discussion unfolds, topics ranging from external influences on elections to the role of federal guidelines versus state autonomy are explored, providing a comprehensive overview of the multifaceted efforts to fortify election integrity. Dr. Adida's vision for the perfect voting system, grounded in openness, transparency, and layered defense mechanisms, offers a compelling roadmap for safeguarding democracy in the digital age.
https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com
[00:00:00] Ben Adida: So, Stan, who do we have joining us for this
[00:00:02] Sam Wisseman: episode? Rob, today we have the pleasure of welcoming Dr. Ben Adida to our show. And Ben is a co founder and executive director of VotingWorks, and his insights on election security are sought after worldwide. With a PhD from MIT, where he dove deep into cryptography and the nitty gritty of keeping our votes safe.
[00:00:22] Ben has been at the forefront of election security for over two decades, and is a leading voice in the conversation of how we can vote safely and securely. Ben, before we dive into the election system security issue, can you expand on your background and your journey and, and share anything you think our listeners might be
[00:00:40] Ben Adida: interested in?
[00:00:41] Well, you, you heaped enough praise on me. Thank you. That's very kind. It's great to be here. I would say, If you one thing that maybe helps understand where I come from is I've always been an optimist about technology in cryptography being forces for personal control, autonomy, freedom and democracy.
[00:01:06] And so that's really what drives a lot of my work. Even when I wasn't always working on voting I, I feel like the technology that we're building in the security space can, can do a lot of good. And in this case, specifically for democracy. Reminds me of
[00:01:19] Sam Wisseman: some of the, I think the, the theme or.
[00:01:22] Perspective of the old PGP security. Yeah.
[00:01:26] Ben Adida: Yeah, I have a lot. I, I feel I was I was younger then, but I feel a lot of kinship to that to that mindset. Yes. Right.
[00:01:33] Sam Wisseman: So, so Ben discussions about legend security are certainly dominating the press and, it covers a wide range of issues, right from misinformation and campaigns, safeguarding you know, the polls themselves, you know, as far as physical security.
[00:01:48] And each. Voting cycle seemingly amplifies these concerns every time, right? So, but, but today we're going to zero in specifically on the aspect of security of voting machines. And so to kick things off, can you sort of guide us through the efforts being made to sort of fortify elections against those concerns around the systems?
[00:02:09] And and what are the critical steps and safeguards currently in place? To address those concerns, how, how, how, how do they interlock and help ensure that the process runs smoothly and
[00:02:20] Ben Adida: securely? Yeah, absolutely. I think what's really important to understand when you're thinking about election security or elections in general, and how trustworthy they are is it's that it's a particularly complicated problem.
[00:02:36] And not to not to poo poo the complexity of of banking or health record security. But in my opinion, this is much more complicated. And it's not obviously. So if you haven't thought about election security, that statement might sound surprising. You know, why, why is it so complicated? We're just counting numbers.
[00:02:53] 1, 2, How hard can it be? Right? The central issue around election security is the secrecy of the ballot. The ballot has to be secret in such a way that no one else, not the government, not your friends, not your relatives, not your school, not your employer, should know how you voted. And yet, As a group, we need to have confidence that all the votes were tabulated correctly.
[00:03:18] How do you, how do you resolve that? How do you resolve this secrecy but verifiability combination? That's the crux that makes the complexity and really, frankly, to me, how that makes the whole field so fascinating to, to try to resolve those issues. So how do we do that? How do we, how do we do that?
[00:03:34] When you think about the act of voting. With a secret ballot, you should think about that moment. Where. You're dropping your ballot in the ballot box. Just think about that moment right up until that moment. You probably checked in, identified yourself. My name is Benedetta. You were handed a blank ballot, and then you went off to fill it out.
[00:04:02] And then at the moment that you drop it in the box is the moment that your ballot and your identity are dissociated. We remove the identity from your ballot. And then we keep that data secure, but because we've removed the identity. Of the voter at that point. Now you need to maintain this very strong chain of custody on that ballot box, because if anything happens to it.
[00:04:26] Extra ballots are stuffed in ballots are removed ballot box, you know, explodes on fire. Like, what do you do? There's no recovery from that, right? Like, there's no like, oh, well, we can figure out who it was that. No, we can't figure out who it was that voted. We, we restrict the identity from those ballots. So you have to think of that pivot point and what comes next.
[00:04:47] Before and what comes after what comes before is identifying voters, making sure that everybody only gets to vote once, making sure that you're maintaining the voter list properly. And all of that, what comes after is chain of custody of the identified ballot. So there's that handoff. And it's really helpful to think of those, those, the before and the after and, the other aspect that's really important, and this is I'm talking right now. It's important to note that there's the reality of election security and then and the perception of election security. And I'm going to focus the same way you suggested on the voting machine. The, the perception of how secure the voting technology is and the reality of how secure it is and particularly.
[00:05:29] With voting. Both of those matter a lot. If you have a system that is in reality very secure, I can give you the mathematical proofs why, you know, everything was done super well, but it is not perceived to be secure by the public. You have a serious problem. Democracy, if they don't trust. If they don't, if the public doesn't trust the results, right?
[00:05:50] Yeah. And this is, this is the really, really important concept, which is you, you need both to build something secure and then you need to build it in a way that people understand it, that there's enough transparency that they can build trust in it and all of that. And so when it comes to the reality of security, the two foundational concepts of election security today are one, a voter verifiable paper ballot.
[00:06:17] And 2 post election audits of how those ballots are
[00:06:22] Sam Wisseman: counted and we've made a transition to paper ballots, you know, seemingly right. I mean, back, we, we sort of strayed from it, but we're sort of coming back to it. That's
[00:06:31] Ben Adida: exactly right. So there are many ways in which we've strayed from it. As a country over the last 100 years, 120 years.
[00:06:39] It's it. We've had machines to count votes in the U. S. For a very long time. We had lever machines going back as early as the early 19 hundreds where there wasn't a paper ballot. There were just levers and counters and whatnot. And by the way, a little quick tangent. The reason we have these machines in the U.
[00:06:56] S. Much more so than other democracies have is because our ballots are so long and complicated. It's as simple as that. Many other democracies, they just vote on one, maybe two things at a time. We like to vote on, yeah, we like to vote on 47 things. And we also like to vote on different things depending on which side of the street you live on.
[00:07:16] Right. So you're depending on which water district you're in or congressional district or whatnot. So it's not just that we're voting on 47 different things. It's that you and your next door neighbor might be voting on 45 things in common, but two things differently. Right. And the complexity. Just the combinatorics of tabulating that is Completely unfathomable to do by hand.
[00:07:36] That's why we have machines. Right? So the little little tangent, because right now, this is turning out to be an issue. There are people who are advocating to go back to hand count back to hand counting. Although we have not been hand counting for a while in this country. And I understand why, you know, it's, I understand why people feel like it feels more trustworthy, people counting ballots and whatnot.
[00:07:55] It's completely not doable in, in this country. So that's why we have equipment and that's why we have the complexity of how we secure this equipment. Right. And the way we secure it is by saying, we're going to have paper ballots and you're absolutely right. Stan, we, we strayed from that for a little bit, especially in the early 2000s, we went to fully electronic.
[00:08:15] Voting machines where you have a touchscreen and you'd make your selections and then you'd get in. Congratulations, you voted. And we have the,
[00:08:21] Sam Wisseman: The controversy with gore and
[00:08:23] Ben Adida: Yes. Before Yeah. Punch cards. Yeah. You could make the claim that punch cards, you know, punch cards are paper ballots. They're a little harder for the voter to verify that they, that they voted properly, but at least there's sort of a fixed physical representation of the ballot that can't be modified by a software bug.
[00:08:39] Right. All of us remember
[00:08:40] Sam Wisseman: the hanging Chad. Right. The hanging the hanging,
[00:08:42] Ben Adida: Chad. That's right. That's right. And so you've got so you're right. We strayed from the paper ballots. We're now mostly back to paper ballots everywhere. Not not everywhere, but you know, 90 95%. There's also more vote by mail now than there used to be, which is, you know, voting on paper.
[00:08:58] And that's that's a good thing. And what does the paper ballot give you? The paper ballot gives you the voter the ability to directly see how your vote was recorded, right? There's nothing mediating that. There's no computer telling you what's in its memory. It's just you looking at the ballot.
[00:09:14] Parenthetical statement. If you Have a visual disability gets complicated, right? And that's something that it's important to consider. But for the sake of this narrative, for now, most voters are able to look at their ballot and verify. Yes, I marked it correctly. Or if I was aided by a computer to market the computer market correctly, it is a paper ballot.
[00:09:35] I can see it. That's what's really important. I can see it. I can cast it and then we can maintain a chain of custody on those physical paper ballots. And then we scan them, tabulate them. And we go, why do we trust the scanner? It's just another computer. I'm sure it's really fast and accurate most of the time.
[00:09:55] But what if it was hacked? Or what if it was misconfigured? And that's why we run post election audits, which is roughly a sample of the ballots to make sure that the scanner did its job correctly. So the two fundamental pillars voting system security today are voter verifiable paper ballots and post election audits.
[00:10:13] On the scan paper ballots.
[00:10:15] Sam Wisseman: Very interesting. So, so
[00:10:18] Rob Aragao: let's go a little bit deeper now on the concerns, right? Ben. So, there's, there's a lot of concerns around, obviously, security, the trustworthiness. We've been talking about that. Yeah, but specifically also the outside influences those from Russia, other nation states, right?
[00:10:32] There's there's serious concerns, right? Public is very much concerned about what influences they have in the outcome of the election. So, when you look at those kind of elements. Do you have maybe any examples of kind of what you see in that particular area that can help, you know, kind of maybe offset some of the concerns from
[00:10:49] Ben Adida: the public?
[00:10:51] So I don't have any, I'm not running around with my hair on fire worried about if Russia is going to hack voting equipment. In the next couple of years, I don't think that is their most effective way to mess with our democracy. I think that this information route, the confusion route is has been much more effective, but where it touches on voting systems where I think it's really interesting is where, when that this information causes confusion in the public's mind as to how voting works.
[00:11:25] And. That confusion can lead to lower trust. And I was talking just earlier about the perception of trust. It can hit that. So my sense is nation States today. Their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security and partly because attacking the reality of voting system security is hard.
[00:11:47] We don't have the same voting system for everybody in the U. S. So it's a pretty it's it's It's not a a monoculture of voting systems that we have. Right. So you'd have and then with paper ballots, you'd have to do a lot of retail attacks locally at precincts and whatnot. So it's not impossible.
[00:12:03] But it's harder. So the easier route for these attacks are on the perception of it. There's also some concerns that there may be real attacks, not just disinformation tax on voter registration systems. That's one of the concerns that's been raised recently, because and then that would probably look mostly like a denial of service attack, right?
[00:12:23] Where you're removing people from the polls or whatnot, if it were to happen. We know that in 2016 and 2020. There were attempts to attack voter registration systems. We don't know. We're pretty certain that they didn't go too far, but they were certainly attempts to do that. So, when I think about the concerns about nation state attackers in the short term, I think about this information and.
[00:12:46] Attacks on the perception of how voting systems. Are secure, I think a little bit about attacks on voter registration systems. That's what I think about in the short term. I'm not. Deathly worried. But I do think we're reaching a point where, because we're talking about voting systems all the time, just as you mentioned at the, at the beginning of this, you have to keep in mind, we were not talking about voting systems 15, 16 years ago, right?
[00:13:11] It was not a story on the news, right? And so what you had at the time is you had mostly election technology was very niche. Very small group of people working on it, dedicated people working on it. The need for public transparency was basically zero because the public wasn't interested, right? It was, there was, there wasn't a lot of public scrutiny.
[00:13:31] We're in a completely different world in 2024. So, so, to that,
[00:13:36] Sam Wisseman: to that, to that point, I mean, as far as the, the role the federal government plays, I mean, it, it sounds like previously there was no, need for the federal government to step in to, to help set the bar for voting system security, right? They, you had all these it wasn't, it wasn't a visible topic, right?
[00:13:54] I mean, it wasn't something that was a big concern. So could you go through the backstory a bit about how those standards have evolved over time? And, and I'd love to hear your thoughts on the balance between the federal guidelines and state control in this area where historically that's where it's been.
[00:14:09] You know, has resided, you know, what's that, where's that dynamic heading?
[00:14:13] Ben Adida: So the most important thing to keep in mind about US elections is that the federal government mostly doesn't get to tell states how to run their elections. There are some exceptions to that the Voting Rights Act, notably but in terms of election technology, the federal government doesn't get to tell states a whole lot about what to do.
[00:14:31] So it's very much state controlled. However, in the aftermath of the hanging chads in 2000, The federal government did decide to do more, and that was with the Help America Vote Act of 2004 or 3 or 4. I forget 2003 or 4. In any case, it was a moment where what had been somewhat informal standards on voting systems became a lot more formal with the establishment of the Election Assistance Commission, a new federal agency, the EAC, that established the Voluntary Voting Systems Guidelines, version 1.
[00:15:05] 0, In 2005, they're called voluntary because the federal government can't impose them on states, but the states can voluntarily opt in and over time. Most states have opted in not exactly in the same way. And some states have decided to their own thing, but. Insofar as we are a divided country, we're actually fairly united around the voluntary voting systems guideline for the most part, right?
[00:15:33] Most states are abiding by it. And so the VVSG, as we call it, the VVSG version 1 is a 2005 standard, and there's a version 2. Of the standard that came out in 2020, which is obviously significantly more up to date on security. A lot has changed from
[00:15:53] Sam Wisseman: 2005 to 2020 21. Yes,
[00:15:57] Ben Adida: exactly. Exactly. Now the one thing that, you know, initially we were talking about what of my concerns, I don't have like a concern for 2024, but I do have a concern for the medium term of election, of, of voting systems that.
[00:16:10] Every voting system on the market today is tested to the 2005 standard.
[00:16:15] They're
[00:16:15] Sam Wisseman: still tested against that old
[00:16:16] Ben Adida: standard. They're still tested against that old. Wow. Yeah, that's right. And there is some newer equipment in 2005. It's not like it's all dates from then, but it has been tested to the standard from 2005.
[00:16:29] But
[00:16:29] Rob Aragao: is there a mandate though, Ben, on timing for them to actually get up to the latest
[00:16:34] Ben Adida: standard? So that is a state by state decision, right? The EAC has moved recently. I think they've done a good job. Of closing the door on new systems certified to VVSG1 and allowing only security updates for systems under VVSG1, thus.
[00:16:52] Causing a movement towards VVSG2 but I think it needs. To happen A little bit faster and somebody needs
[00:17:00] Sam Wisseman: to put the hammer down and say, it is time to make that transition.
[00:17:03] Ben Adida: It's time to make that transition. And again, it's going to be a state by state decision and you have to keep in mind that the changes are pretty extensive in terms of security practices, accessibility.
[00:17:13] There are stricter accessibility standards and VVSG to stricter security practices in the software itself, right? Because one thing to keep in mind is. The paper ballot and the audits that I mentioned at the beginning, they're the pillars of election security, but they're the last line of defense, right?
[00:17:31] They're the safety net in case everything falls apart. You still have that paper ballot. You still have those audits. You don't want to rely only on the last line of defense, right? In practical security, you build layers of defense, right? And so VVSG2 does a much better job of than VVSG1 did of laying out those layers of defense.
[00:17:48] Systems have to use secure boot. They have to digitally sign assets when they come in and out of the voting system. They have to be not connected to the internet. There's a whole bunch of things that create layers of defense in the technology, even though there's always that paper last line of defense.
[00:18:03] So would you say
[00:18:04] Rob Aragao: that Ben, that those are literally the, you know, again, the new standard is now they are available for them to take advantage of. There's the timeline for them to get to that point. We all agree that it should be faster. But are those kind of some of the key defense mechanisms that you're calling out that, you know, really are looking to make a difference and relieving some of that concern on electronic security
[00:18:21] Ben Adida: specifically?
[00:18:23] I think so, but I think that abiding by modern security standards, doing penetration testing, doing vault scans, which it was not. A part of VVSG one, right? It's 2005 is two years before the first iPhone, right? Like I don't blame them for. There's also lots more to the standard than security. There's functionality.
[00:18:41] There's accessibility. There's all these other features that have to go into a voting system, so I don't blame. I'm not. I don't feel bad about the 2005 standard. I just think it's high time that we move systems to the latest version of the standard. Yeah. And and I do think it will address some of the issues that I think will start coming up in the next few years if we don't defend sufficiently against them.
[00:19:04] If
[00:19:04] Rob Aragao: you paint the picture of kind of what the perfect or as close to perfect would say right, election kind of security, the voting system in essence would be,
[00:19:15] Ben Adida: what's that look like for you? I think the perfect voting system for me, and others will disagree, for me is one where All the technology involved is built using modern practices with layers of defense, with secure boot, with digitally signed assets in and out, with penetration testing and involved scans.
[00:19:39] And basically ways to have high confidence that the software running on the machine is the correct software. We know. That it's impossible to guarantee it right now. This is you can't guarantee that software running on a machine is exactly what you want to have high assurance that
[00:19:54] Sam Wisseman: you can have higher sharing the way you expect it to run.
[00:19:56] Exactly. The software
[00:19:57] Ben Adida: here. Exactly. And and that's and I think VVS YouTube makes some really good progress in that direction. And then at a higher level, I think a great voting system is 1 where a voter has the choice to mark of a ballot, Yep. A paper ballot by hand or with the aid of a computer for whatever reason they may choose because they have arthritis and they don't want to fill 40 bubbles with one hand because they have visual impairments, whatever it is.
[00:20:20] You have that choice as long as it's a paper ballot and and that ballot gets scanned and tabulated with feedback to the voters so that they can decide, you know, oh, did you mean to. Overvote in this contest. No, I did not. Okay, you get a chance to go ahead and fix it, right? I think election results should be reported really quickly, and I think there's more progress to be made and how election results are reported today.
[00:20:44] That's another point where there could be attacks on the system that ultimately are chaos attacks. Right? So think about hacking websites of election results. It's going to be discovered. Like, we'll know. Oh, that's not the result. We'll fix it. But the chaos created if you claim one winner the night of elections and a different one the next day, right?
[00:21:03] That's that's a problem, right? So, yeah, I think, you know, Oh, and let me add one thing that is very close to my heart. I think we need dramatically more transparency around all the technology throughout the technology stack. I was saying earlier, 15 years ago, 20 years ago, most people didn't care. Most people didn't know anything about election systems or election security.
[00:21:27] And so the technology that was built was built not in secret, but just like by default, secretively, like secretly, like it's, it's not. It just wasn't a common practice to do this in the open. Right. And as a result, we're left with systems that are ultimately pretty black box in terms of how they function, right?
[00:21:48] We have these audits and we have paper ballots and that's really good, but how do these systems actually work? You know, should I be worried about the fact that this the bubble is filled in partially and maybe there's bleed through and all these things that come up in the press, like, how does, how does, how does the decide,
[00:22:07] Sam Wisseman: you know, but how does, and I totally get, What you're where you're coming from as far as the need for more transparency it definitely makes sense to me.
[00:22:13] But when we, when we talk about opening up voting system platforms, right? Like, like making them open source and, and I mean, is there a worry about certain risks? And how do you, how do you balance those concerns? I mean, what's your take on mitigating the potential pitfalls of, of such transparency and openness to those that argue against it?
[00:22:35] Ben Adida: Absolutely. So. I think it's a completely valid concern to raise, right? Like if you reveal the plans, you know, like if you tell me, give me the blueprint to Fort Knox, like, Oh my God. Right. That is not how secure systems function and it's, it's unintuitive, but it goes back a long time, right? To Kirchhoff's principle in lockmaking and lock picking from more than a hundred years ago, which is the idea that the amount you keep secret in the system should be very, very, very small.
[00:23:06] And the rest, the design of how you secure the system should be transparent so that it can be peer reviewed and it can be debugged and all of that, because if you only have two or three people who know how a system is secured, those people make mistakes. And then eventually, other folks figure out the weaknesses in the system, right?
[00:23:24] And, and that's been a principle of security for a long time which is, In cryptography, right? I mean, In cryptography, exactly. It's the same approach, right? Exactly. The algorithms are public, and they were not always so. The algorithms were secret in the 80s, right, and then in the 90s, and now the algorithms are public.
[00:23:41] And The keys, of course, are kept secret. So that's the general argument for transparency and security, which I think absolutely applies to voting systems. But there's one more when it comes to super high security systems like voting systems, which is, if you think the nation state attackers don't have a source code to the voting systems, you're fooling yourself, right?
[00:24:00] You could make that, you know, in other systems that are maybe less high stakes, maybe the attackers don't have the source code. Maybe there was no insider attack, no leak or anything like that. But in voting systems, you know, there's a leak, you know, you know, somebody's got access to the source code. So you might as well get have the good folks also have access to the source code.
[00:24:19] So they can, they can try to find weaknesses in it. And, you know, there's a couple of other aspects to transparency and specifically open source that really apply here. 1, I like to compare it to Okay. Open kitchens and restaurants, right? You walk into a restaurant and there's an open kitchen and you can see exactly how they're making the food, you know, if the knives are clean, if they're washing their hands, you know, like that kind of stuff, it raises the bar for how all the chefs behave, right?
[00:24:51] There aren't there, you know, we're humans. We take shortcuts. It's okay. We're not evil. They're on.
[00:24:56] Sam Wisseman: They're on display and they know it, but they're on display. It's the Hawthorne effect, right? Everybody, if you know you're being watched, you're going
[00:25:02] Ben Adida: to. Exactly. Exactly. And as a result, every, you know, in our system at VotingWorks, every line, everything's open source.
[00:25:10] Every pull request is public. Every discussion is public. There's it. We know. Oh, we, if we take the shortcut right here, which is super tempting, someone's going to see it. And so let's not do that. Let's not take the shortcut. So when you think about that, Software, not just as an end product, but the process to make the software doing it in the open, the open kitchen model raises the bar significantly.
[00:25:33] And that's that's really important. The second part is public trust right now. We go to small towns, town hall meetings, and people are asking about source code of voting machines, right? It's like an outcome of the 2020 election. And suddenly people are worried about where is this? What's in the source code?
[00:25:51] How does it work? Etcetera. It's on the website. Literally,
[00:25:55] Sam Wisseman: as opposed to having an answer of it's a black box, I'm not going to share that with these proprietary. I'm sorry. That's how we do our business. I don't want to, you know, you have an answer that can address that concern transparency to your
[00:26:05] Ben Adida: point.
[00:26:06] Exactly. I want, I want people to know, like, if they're like, how do you decide if a bubble is filled on a, on a bubble ballot that somebody fills in? Well, I can tell you, you know, we look at the timing marks, we draw the lines, we find the intersection, we find the bubble, we count the pixels, and then you can go look at the code.
[00:26:20] Now, most people won't. Okay. Be able to look at the code and read it, but they can find their preferred expert. They've got a cousin or a colleague or somebody they trust and like, can you look, is this true? And I think that goes a really long way to building the trust part and the perception part. That is critical to election integrity.
[00:26:40] Well,
[00:26:40] Rob Aragao: those are very valid points on. Your view on transparency, and obviously the approach that you're taking. I wanted to call out one other thing that I think is great work that I guess recently was announced, Ben, that you're doing some great work with DARPA as it relates to helping the military community and voting.
[00:26:59] So maybe you can kind of explain to the audience some of the work that's happening there and the benefits that that's
[00:27:03] Ben Adida: leading to. Yeah, so we are very lucky to be working on a research project with DARPA specifically to help active deployed military voters successfully cast the ballot because when you look at the data on deployed military voters.
[00:27:19] Their ability to cast successfully get their ballot and cast a ballot is significantly reduced compared to age controlled populations in the U. S. Right. Sometimes people say, well, most soldiers are 20 years old. 20 year olds don't vote much. Anyways, it's not that. But if you even control for that, even if you control for those things, participation is much lower and intend to participate.
[00:27:44] Is not lower. Just the outcome of participation is significantly lower. Interesting. And it's not terribly hard to understand why. And to be clear, lots of folks have tried to do lots of things to help, right? We have the federal voting assistance program, FVAP, which does a lot to make it easier to vote.
[00:28:00] And they have been making progress over the last few years, where you see the voting rates for military voters go up every time. However, there's still a pretty big gap. And the fundamental problem is that. It takes a while to get the ballot out to folks in the field, and it takes a while for the ballots to come back.
[00:28:18] And of course, people immediately jump to, well, let's just give them internet voting. Let's just let them vote from their cell phones, wherever they are. And that's got a slew of security issues that make that not a great solution to just jump to. What we're trying to research is whether there's a combination of electronic transfer and paper ballots That can give us the reliability of paper ballots, but the speed of electronics at the same time.
[00:28:44] Now, we still a research project. But fundamentally, the goal is, can we enfranchise deployed military voters? And then hopefully, because we're enfranchising voters that are in extreme conditions and doing the research to push the security properties of that. Hopefully that will work. be research that can eventually be applied to other settings to continue to secure the ballot in other settings.
[00:29:07] But that's very, very far
[00:29:09] Sam Wisseman: into the future. Well, Ben it sounds like you're doing some great work, you know, specifically with the military in this case, right, but also generally on helping ensure that our election security is truly secure. But what's your, what are your thoughts about this current election cycle that we're in?
[00:29:25] I mean, what, where do you, where do you thinking about as far as the, um, where we're going to go and are we going to be able to have it seems like to some degree there's, again, going back to your point of trying to undermine trust. It's not a nation state, it's perhaps a, a, a, a group within the country that's trying to undermine that trust, and it may not specifically be around the systems themselves this time, the defamation suits that occurred with Dominion, et cetera.
[00:29:52] I think maybe. may have, you know, reduced that level of rhetoric by some. But where do you think we're going?
[00:30:00] Ben Adida: So I think I should start by saying that folks who deny the outcome of the last election are factually incorrect. We have the facts, we have the data, the evidence is overwhelming. And the court
[00:30:16] Sam Wisseman: cases, over 60 court cases, right?
[00:30:19] Ben Adida: Absolutely. You know, judges and juries can be wrong. But when I look at the data, when we look at the data that we're getting It seems very clear that the election was decided properly, and there were no irregularities of any significance. However, when I talk to folks on the ground in town hall meetings, which I do pretty often well, not town hall meetings, but, like, I talk to people very often.
[00:30:44] Sometimes I do town hall meetings. What I can tell you is the folks who are concerned about how the last election was run and who are continuing to. Say things about it for the next election. They believe it. They mean it. They're not, you know, some of them may be malicious. Maybe some of the folks are using this as an issue to divide Americans.
[00:31:08] But there's a lot of folks on the ground who are convinced. Can you
[00:31:12] Sam Wisseman: persuade him by facts? I
[00:31:14] Ben Adida: mean, so it's a really, it's a really great question, right? And the pessimist will say people are not rational. They're tribal. And so, They've lost trust. They're not going to regain trust. And I think that is probably true before I even get there.
[00:31:32] I just want to say, like, these are folks. These are our fellow citizens who have lost trust in our elections. That's tragic, right? It's really it's tragic. And it's something that could be extremely detrimental to our democracy. And I don't want to be a doomer here, but like, it could be bad. What do we do about it?
[00:31:53] I think what we do about what we do about it is, you know, to keep harping on the point that matters to me more and more transparency and engagement and education and explanation and so that we can convince as many people as possible, and it won't be 100%. It never is going to be 100%. But hopefully it can be more.
[00:32:13] And I have been in conversations. Well, honestly, there are folks who are just convinced and you're not going to you're not going to change their minds. But there's a swath of people who are just hungry for more information. I want to questions. I hear like, look, I'm not here to say all technology is bad.
[00:32:29] I just want to know what's the error rate. On an optical scan precinct scanner. Can somebody just tell me that? That's literally a question. I heard at a town hall meeting. Can somebody tell me what is the error rate? So I hear questions like that. And they, they just, if you give him an answer, they go. Okay.
[00:32:45] Okay. So this is a much lower error rate than hand counting ballots. Okay. Good to know that they're hungry for that. And for any, there's no evil player in this space. Dominion didn't decide they were going to be secret and flip ballots and whatnot. They just got caught in the wrong place at the wrong time.
[00:33:04] But the approach we've had in the election technology space that has worked. Okay. So far. Is no longer good enough for the challenges we face as a democracy. We need a completely different approach that starts with education and transparency and openness and engages with the messiness that is voting, right?
[00:33:26] There's like any real world system. There's some messiness. Yes. Occasionally there's a voter. That's, you know, somebody who's not on the rolls who like somehow gets to vote. It's super rare. It doesn't affect the outcome, but it does happen. Let's talk about it. Let's talk about why these human processes work that way.
[00:33:44] So I, I, I am. I remain an optimist, but not a blind optimist. I think we have to do the work as a community in the elections technology space to, to educate folks to help folks understand and we won't convince everybody, but hopefully we'll convince enough people that we can get back to a world where we're having, you know, Okay.
[00:34:06] Conversations like if I can add you at one anecdote we've been doing a lot of work in New Hampshire recently and. New Hampshire held a, what we call the bake off of voting systems in August. It was our word. It was not their word. We thought it was a fun word. It was last August 2023 in Concord, New Hampshire.
[00:34:24] And we went there, it was hundreds of people that showed up for the public, election administrators, et cetera, and we, we showed off our system and other vendors showed off their system. And as we walked in, there were protesters, and the protesters had. You know, cardboard placards, et cetera, that said, like, I want my ballot hand counted.
[00:34:39] I don't want any machines counting my ballot. So I stopped and chatted with them along with my head of product. And we're supposed to tell us more about what you, what you're thinking. And then, well, you know, machines can be hacked. I don't want my vote to be counted by a machine that can be hacked. And then within a couple of minutes, they said, wait, are you, are you the open source voting people?
[00:34:59] And I said, yeah, yes, we are voting works. We are the open source voting people. And they said, well, you know, look, We'd rather not have voting machines, but if we have to have voting machines, it should be an open source voting source. Yeah. Yeah. And You know, we're not the only ones at voting works that can make open source voting machines.
[00:35:17] Every other vendor can do it, too. It's not the you know, it's it's not a it's not a proprietary technology like it's an open method, right? But more and more, I see some data that shows that it's not like open source voting machines are going to Be this magical moment where suddenly everybody agrees and everything is peaceful.
[00:35:35] But maybe we can have a more rational conversation, just like I had with those protesters, right? We're like, well, you know, I still, you know, I can, I can live with your open source voting machine. Great. Let's use that as a foundation to kind of rebuild. Well, Ben, I mean,
[00:35:49] Rob Aragao: you coming on and sharing the aspects of election security helps as an element of education.
[00:35:56] I hope so. Having those conversations, as you just said, right, walking down the line as you're going into the bake off example. And having a conversation and then they're realizing as you were calling out, you know, you very, very much focused on the level of transparency as a key element of building that trustworthiness.
[00:36:14] So, those are all kind of elements of understanding what's really going on behind the scenes to get the kind of, again, the trust back from individuals that have kind of been questioning. So, I think, you know, this hopefully serves as a platform to also get the message out for us. I'll say this. It's a great topic.
[00:36:30] One. Obviously, we have not covered in the past one. That's very relevant, especially in the time that we're in this election year. So we're really happy to have had you on. We really appreciate
[00:36:38] Ben Adida: it. I appreciate the time. And as you can tell, I could probably talk for hours about this. So I appreciate you.
[00:36:43] You guiding me on this path to so thank you.
[00:36:46] Sam Wisseman: Hey, Ben. Thank you so much. It was very enlightening