What strikes me as interesting that there was no mention of former CEO Steve Ballmer’s USAFacts website, that is one of his first post-MS initiatives.
Today, in Washington, D.C., Microsoft was pleased to participate in an event hosted by the Business Software Alliance, focused on Data Innovation Policy: Enabling Access and Promoting Use. We were honored to have U.S. Rep. Derek Kilmer (D-WA) provide introductory remarks. Rep. Kilmer is a strong advocate for open data, having served as sponsor of the OPEN Government Data Act, which was signed into law in January 2019. As Rep. Kilmer noted, Congress and the administration have recognized that the availability of useful government data is essential for the U.S. to lead a digital economy powered by AI and data analytics. The OPEN Government Data Act’s mandate – to encourage every federal agency to publish information as open data – is fundamental to achieving this goal. This mandate is ambitious and presents a range of policy, structural and technical challenges. Multiple agencies need to develop and implement effective approaches to identify, maintain and publish relevant data inventories, in a standardized, machine-readable format. Important progress has been made toward these ambitions.
And yet, there is more that can be done to achieve this vision. One idea I mentioned at the event is the idea of creating a Federal Chief Data Officer role to help spearhead the goals of the OPEN Government Data Act. The creation of such a role would help agencies coordinate and prioritize the work to unlock high value government data.
At the event today, we heard about many compelling examples where open government data has been used to advance research in important areas. For example, our speaker from the Fred Hutchinson Cancer Research Center spoke about how government data was being used by a scientist to help look at new ways to identify and treat endometriosis. We also heard from Rep. Kilmer about how environmental data was being used to help forecast weather and transportation trends.
Microsoft has been known to go against the grain when it sees fit to do so. Actually, I’m kind of glad they are here. Easier said than done when you are a distant 2nd in the cloud space, but I still admire their stance on this, though part of me wouldn’t want to deal with anything this administration does.
What I find coincidental about this posting on the same day history-making news was announced surrounding national political events. The announcement of impeachment inquiries has in part been a result of insecure voting. As the great national security philosopher, Malcolm Nance, once stated: Coincidences take a lot of planning.
In May, Microsoft CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard is accessible by design and will make voting more secure, verifiable and efficient anywhere it’s used in the United States or in democratic nations around the world. Today we’re announcing that ElectionGuard is now available on GitHub so that major election technology suppliers can begin integrating ElectionGuard into their voting systems.
The ElectionGuard resources available on GitHub today extend across four GitHub repositories, or storage spaces, each described below.
ElectionGuard specification. The ElectionGuard specification includes both “informal” and “formal” road maps for how ElectionGuard works. The informal spec is authored by Dr. Josh Benaloh of Microsoft Research and provides the conceptual and mathematical basis for end-to-end verifiable elections with ElectionGuard. The formal spec contains detailed guidance manufacturers will need to incorporate ElectionGuard into their systems, including a full description of the API – which is the way voting systems communicate with the ElectionGuard software – and the stages of an end-to-end verifiable election.
Software code. This repository contains the actual source code vendors will use to build their ElectionGuard implementations. It is written in C, a standard language commonly used by open-source software developers and includes a buildable version of the API. This documentation is also viewable here. This code was built together with our development partner Galois.
Reference verifier and specification. As we announced in May, ElectionGuard enables government entities, news organizations, human rights organizations, or anyone else to build additional verifiers that independently can certify election results have been accurately counted and have not been altered. The resources available on GitHub today include a working verifier as well as the specifications necessary to build your own independent verifier.
Today, as part of Microsoft’s Defending Democracy Program, we are announcing that we will provide free security updates for federally certified voting systems running Windows 7 through the 2020 elections, even after Microsoft ends Windows 7 support. I would like to share more on why we help customers move away from older operating systems and why we’re making this unusual exception.
We launched Windows 7 in 2009, the same year the Palm Pre launched, Twitter took off, mobile phone navigation was just coming to market, and floppy disks were still selling by the millions. Software built for that era cannot provide the same level of security as a modern operating system like Windows 10. When we released Windows 7, we committed to supporting it for 10 years, and we’ve honored that commitment. We’ve also reminded customers about this along the way including, most recently, in January and again in March. This process is similar to how we’ve ended support for other operating systems in the past, and the majority of our customers have already made the move to Windows 10.
As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process – a process we are working with government officials to update and make more agile.
Since we announced our Defending Democracy Program, we’ve focused on bringing the best of Microsoft’s security products and expertise to political campaigns, parties, the election community, and democracy-focused nongovernmental organizations. This includes our AccountGuard service, which we offer at no additional cost, and ElectionGuard, which we’re making available for free and open-source…
Though I’ve been to Detroit in my younger years and still have family in the area, this also applies to the greater Charlotte area, where I live, and other communities throughout North America and beyond. I’m heartened to see a group address this, though getting through to some will be next to impossible. H/T AJ+, who does great work in their storytelling.
With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.
Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia, are needed more than ever to help defend democracy.
So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.
Our ElectionGuard demo will showcase three core features.
First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.
Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.
Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.
ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.
No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.
This is very much a step in the right direction. A challenge to open-source advocates to do something similar (LibreOffice are you listening!)
Today, at Microsoft’s Build Developer Conference, Microsoft CEO Satya Nadella announced a new service from our Defending Democracy Program called Microsoft 365 for Campaigns, which brings the high-end security capabilities of our Microsoft 365 Business offering to political parties and campaigns.
The majority of security breaches faced by political campaigns originate from malicious phishing attacks and target email and filesharing systems. But many campaigns are ill-equipped to deal with these threats from nation-states and criminal scammers. We talked with campaign staffers and leaders in campaign technology and heard repeatedly that security solutions for email often were too hard to configure and too expensive. M365 for Campaigns addresses both issues by making it easy to deploy advanced security features at a much lower price.
M365 for Campaigns will be available in June to all federal election campaigns, federal candidate committees, and national party committees in the United States, and we are exploring ways to bring the service to other countries in the future.
As we said when we announced the Defending Democracy Program, threats to our democratic processes from cyber-enabled interference have become a critical concern. We must all partner and do more to protect free and fair elections, and securing campaigns is an important part of this work.