Microsoft announced an ambitious effort it says will make voting secure, verifiable and more transparent with open-source software. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the software into their voting systems.

The software kit is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA.

Dubbed “ElectionGuard,” the Microsoft kit will be available beginning this summer, the company says, with early prototypes ready to pilot for next year’s general elections. The initiative was announced Monday by CEO Satya Nadella at a developer’s conference in Seattle.

He said it would provide “the software stack that can modernize all of the election infrastructure everywhere in the world.”

From Microsoft: ‘A responsibility’

“We believe technology companies have a responsibility to help protect our democratic processes and institutions. Modern technology can be used to ensure the voting process is resilient,” wrote Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, in a blogpost.
“At the same time, ElectionGuard is not intended to replace paper ballots but rather to supplement and improve systems that rely on them, and it is not designed to support internet voting. In short, ElectionGuard is a new tool for use by the existing election community and government entities that run elections.”

He spelled out five benefits of the program:

  • Verifiable: Allowing voters and third-party organizations to verify election results.
  • Secure: Built with advanced encryption techniques developed by Microsoft Research.
  • Auditable: Supporting risk-limiting audits that help assure the accuracy of elections.
  • Open source: Free and flexible with the ability to be used with off-the-shelf hardware.
  • Make voting better: Supporting standard accessibility tools and improving the voting experience.
Defending Democracy Program

Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. They are Election Systems & Software of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas.

ES&S and Hart InterCivic both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for Dominion said the company looks forward to “learning more” about the initiative.

Microsoft officials said the ElectionGuard development kit will be provided free of charge as part of its Defending Democracy Program. They also announced a cut-rate Office 365 application suite for political parties and campaigns at a 75 percent discount, the price they charge nonprofits. Both Microsoft and Google provide anti-phishing email support for campaigns.

ElectionGuard is designed to work as a standalone product or alongside existing election systems, said Josh Benaloh, a senior cryptographer at Microsoft Research and key contributor to the ElectionGuard project. “It can be used with a ballot-marking device. It can be used with an optical scanner, on hand-marked paper ballots.”

Benaloh helped produce a National Academies of Science report last year that called for an urgent overhaul of the rickety U.S. election system, which faced serious threats from Russian hackers who in 2016 attempted to infiltrate voting administration systems in several states.

That report called for all U.S. elections to be held on human-readable paper ballots by 2020. It also advocated a specific form of routine postelection audits intended to ensure that votes are accurately counted. While U.S. officials say there is no evidence of hackers tampering with election results, experts say systems used by millions of U.S. voters remain susceptible to tampering.

ElectionGuard aims to provide “end-to-end” verification of voting in two ways, Benaloh said. First, it lets voters confirm that their votes are accurately recorded. Second, the unique coded tracker it produces registers an encrypted version of the vote that keeps the ballot choice itself secret while ensuring votes are accurately counted. Outsiders such as election watchdog groups, political parties, journalists and voters themselves can verify online that votes were properly counted without being altered.

The system would also allow for reliable postelection audits and recounts. Microsoft executives say they also plan to build a prototype voting system for reference.

A spinoff of Galois called Free & Fair developed the sophisticated postelection audits , known as “risk-limiting,” for Colorado, which was the first U.S. state to require the audits recommended in the National Academies of Sciences report.

ElectionGuard is not designed to work with internet voting schemes — which experts consider too easily hackable — and does not currently work with vote-by-mail systems.

ES&S told The Associated Press via email that it was excited to partner with Microsoft and “still exploring the potentials” for incorporated the software kit its voting systems.

Hart InterCivic, the No. 3 vendor, said it planned a pilot project with Microsoft to “incorporate ElectionGuard functionality as an additional feature” layered over its core platform.

A spokeswoman for Dominion, the No. 2 vendor, said “We are very interested in learning more about the initiative and being able to review the various prototypes that are being planned, along with hearing more about other federally-supported efforts in the elections space.”

Edgardo Cortés, a former Virginia elections commissioner now with New York University’s Brennan Center, welcomed additional private sector support for election systems.

“I think it’ll take a while to catch on and see how beneficial (ElectionGuard) ends up being,” he said. “But I think it certainly does have a great deal of potential.”

Columbia University will be partnering with Microsoft to audit the pilots.