Aug 1, 2019

Inside election security's biggest event

Illustration of I Voted sticker on a computer

Illustration: Rebecca Zisser/Axios

The DEF CON hacker conference's Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year's version, happening next week, comes with some upgrades.

The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.

Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with machines.

  • That was despite it being the first time many of the hackers had seen the systems.
  • Restrictive contracts with states bar public third-party audits, but Voting Village beat the contract rules by purchasing flood-salvaged equipment from an insurance company.

This year, Voting Village has expanded its range of equipment, including election software researchers have not had a chance to audit and the first test of equipment designed specifically for security and public testing.

  • Cybersecurity firm Galois will demonstrate a project funded by DARPA, the Pentagon's advanced research arm, to develop hardware that defends against hackers that target memory.
  • Galois is publicly revealing system internals to try to aid DEF CON's hackers.

What they're adding: While in previous years state election officials bristled at even well-meaning hackers intruding on their turf, this year Voting Village will launch the "Unhack the Ballot" initiative, pairing state officials with researchers who can offer nuts and bolts advice.

  • The conference is also expanding from one day of talks to three days.

For the kids: In last year's DEF CON, Voting Village helped with the conference's program for kids, developing faux election registration websites with errors previously seen on real sites for children to learn to hack.

  • This tale got garbled in the media as children hacking actual election websites or exact facsimiles of the sites (they didn't). Presidential candidate and representative Tulsi Gabbard (D-Hawaii) regularly notes that "an 11 year old girl at DEFCON hacked a replica of Florida’s voting system in 10 minutes."

Voting Village is working with kids again, although this year trying to be clearer about what the kids are actually doing.

  • This year's faux websites will be campaign finance reporting portals, where kids will create fake news to unleash using bots on a fake version of Twitter.
  • They'll also learn about how to use machine learning to create filters that can block the fake news they've spread on that fake network.
Go deeper