Author: Tronserve admin
Friday 30th July 2021 06:31 AM
How BlackBerry Could Make Voting From Smartphones Secure
Some states, including Colorado and Oregon, where I live, defaulted to mail-in ballots some time ago, and their elections are unconstrained by the pandemic. However, in many parts of the U.S. the prevailing attitude is that the Web lacks enough security for elections. That strikes me as odd, given that we now use the Internet to manage our finances, our healthcare, our businesses, our travel -- and increasingly our shopping, including for food.
The existing election hardware is aging and largely unsecure. No one seems to have the budget to replace it. While we can make smartphones secure, we mostly don't. These thoughts came to mind last week when BlackBerry held a virtual event that provided an update on its security offerings, and one jumped out at me that could be perfect for enabling online voting.
One party seems to want voting to be hard to ensure that its candidates get elected, but putting people at physical risk of getting infected to win an election appears, at the very least to be anti-democratic, and at worst an attempt to corrupt an election.
I'll share some thoughts on how technology could enable secure voting, and then close with my product of the week: a new Laptop from HP that could be perfect for people working from home.
One of the historical problems with elections is getting people to vote. Polling places are often not very convenient, you have to take time off work, and maintaining social distancing is almost impossible. Furthermore, most ballot machines are antiquated, and they also aren't very secure. There is no feedback loop to ensure that your vote got counted or was applied the way you intended.
This problem is an obvious oversight if there's concern about anyone, particularly a foreign government, compromising an election. The definitive way to address it would be by providing a report to the voter on how each vote was cast. Then, if reports bounced back from nonexisting addresses, or if people reported that their votes weren't recorded or were recorded in error, or if someone who didn't vote got a statement saying you voted, then it would be clear there was a problem and there would be clues to its extent.
One of the ways we ensure transactions, say with credit cards, is that customers get a billing statement at the end of the month showing payment details. Customers can check if the activity reported matches what they did.
This relatively simple feedback step would massively reduce the ability to falsify an election by compromising the voters. It would secure the voting process regardless of the tool used to capture votes. More conventional security tools could defend the back end.
Securing the Device
It would be necessary to ensure the device as well, whether a PC or a smartphone. Current-generation Windows 10 PCs are far more secure than their predecessors, but there are still PCs in the market that were old at the end of the last decade in service.
There's a similar problem with smartphones. Android historically has been unsecure. While Apple traditionally has had a stronger security message, its "security by obscurity" policy means it probably isn't trustworthy either.
Securing the entire device for an election likely would be too costly, and people probably would object to the requirement, mainly if what was used was one of the older security products that have a lot of overhead and it's known that users tend to turn it off.
What's needed is a security solution that targets the voting app explicitly, ensures there is no critical compromise of the device (avoiding screen scrapers and key loggers in particular) but that doesn't extend beyond the voting mandate.
This need came to mind last week when BlackBerry had its virtual analyst event, which packaged much of what was going to be a multi-day event into an hour. When I listened to what BlackBerry Protect for mobile did, it occurred to me that parts of it seemed to be an ideal solution.
One aspect of this solution is embedding security technology into the app, so that regardless of the security level of the device, the user and the data would be secure inside the app. BlackBerry also has a secure browser that sandboxes all activity within it. If that browser were required for voting on top of using a secure website -- similar to what banks, hospitals, and most critical government functions use -- the solution arguably would be more secure than current voting machines.
The phone could be one of the two factors for authenticating the user. BlackBerry even has technology (from Cylance) that can ensure the person on the phone is the person the phone belongs to, which is far better than a physical voting booth where poll workers check off names. Even if they require identification, IDs can be faked.
Because BlackBerry is a Canadian firm, it has no real skin in the game for any U.S. election, so the chance that it might compromise the solution is remote, particularly given that much of the company's business is with governments that trust it explicitly.
With smartphones, it would be possible to use text-to-voice and voice-to-text and adjust font sizes dynamically to help people with vision problems. Voice command could assist those with limited or no use of their arms and hands, making the solution far more effective for those who are temporarily or permanently disabled.
We know the current U.S. voting infrastructure is not secure. We know foreign governments are trying to compromise the elections. We have tested technology that is both more secure and more convenient but don't want to use it. I understand that decades ago new technologies were tried and that experiment didn't work well, but technology has advanced significantly since then. We now trust it broadly for everything from healthcare to defense.
Moving to electronic voting would help ensure democratic processes in the U.S. The only sustaining reason not to do this is that ensuring democracy is less important than providing a particular outcome for a critical mass of politicians who probably shouldn't be in politics for our own good.