In brief
A former voting machine auditor says U.S. election systems still lack basic cryptographic safeguards to detect ballot tampering or duplication.
He proposes adding end-to-end cryptographic proofs - without blockchain - to secure future elections and restore public trust.
Despite identifying vulnerabilities as early as 2006, he says vendors won’t act without legal pressure or updated election laws.
In 2006, software engineer Michal Pospieszalski uncovered dangerous flaws in U.S. voting machines—flaws he says still threaten American elections today.
Hired by the Election Science Institute, where he served as Chief Technology Officer, Pospieszalski was flown to the headquarters of election vendor Election Systems & Software (ES&S) in Omaha, Nebraska. His task was to analyze the company’s iVotronic voting system.
For over a week, Pospieszalski uncovered a wide range of issues, including “bad code practices, backdoors, static passwords,” and most importantly, what he described as a complete lack of “end-to-end cryptographic proofs.”
“The biggest thing that wasn’t there was end-to-end cryptographic proofs,” Pospieszalski told Decrypt in an interview. “Meaning there’s no way the machine, even with perfect external security, could know if a ballot is legitimate, or if it’s been counted twice, three times, 10 times, or 1,000 times.”
What’s missing from today’s voting machines
The CEO of blockchain security and identity software company MatterFi, Pospieszalski, said that vulnerability isn’t hypothetical; it’s easily exploitable by anyone with access to voting machines and voter registration systems.
“You could just run the same ballot through 10 times—and that’s still true today—and it’ll just count as 10 votes,” he explained. “And the scanner doesn’t know any better, and neither does the tabulator. The tabulator in the central precinct is like, ‘Oh, it was 10 votes.’”
Pospieszalski said the separation of ballot and voter record systems often makes reconciliation impossible without referring to original paper records.
“There’s no anonymous serialization of each ballot that would allow the system to know that each serialized ballot has to be counted only once,” he said.
The solution, according to Pospieszalski, involves software—not hardware—and builds on cryptographic techniques first developed in the 1980s by David Chaum, a cryptographer who pioneered digital cash and introduced blind signatures, allowing transactions to be verified without revealing their contents.
Chaum later founded DigiCash, an early digital currency, and proposed cryptographic voting systems that preserve anonymity while enabling public verification. His work laid key foundations for both secure e-voting and modern cryptocurrencies like Bitcoin.
“What you want is the machine at the end—the central count tabulator or election management system—gets a vote definition, and you have a Chaumian-blinded serialization on every ballot,” Pospieszalski said. “So, like in LA County, that output ballot that’s printed has a serial number. That serial number doesn’t identify the voter, but it tells the tabulator in the central precinct, ‘Hey, this is a unique ballot.’”
“If I see two of them, then somebody cheated,” he added. “Especially if I see 50 of them.”
No comments:
Post a Comment