'SAVE Act' Aims To Do The Impossible: Secure Electronic Voting In The US

Senators Martin Heinrich (D-N.M.) and Susan Collins (R-Maine), who are members of the Senate Select Committee on Intelligence, introduced the Securing America's Voting Equipment (SAVE) Act. The bill aims to protect U.S. elections against both domestic and foreign hackers. This will include safeguarding electronic voting machines, registration data, and ballots from manipulation and theft.

“Our democracy hinges on protecting Americans' ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections,” said Senator Heinrich. “The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation's democratic institutions will remain vulnerable," he added.


The SAVE Act would facilitate information-sharing with states by requiring the Director of National Intelligence (DNI) to sponsor security clearances for the main state election officials, such as the secretaries as state. The DNI would then be able to share classified information regarding potential security threats to a state’s election system.

The Act would permanently classify election systems as “critical infrastructure,” too. This will designate the Department of Homeland Security to work with election officials to audit the existing systems and develop new protections against hacking. A federal grant program will also be made available, so states can upgrade their aging electronic voting systems.

As previous research has shown, some voting machines run software that hasn’t been updated in years, and they could be easily hacked into by malicious attackers.

Can Electronic Voting Even Be Secured?

Many security experts would agree that electronic voting is not the most secure way to vote and ensure the integrity of the vote, no matter what security protocols and software are being used.

For instance, some have proposed that open source software would be the answer. However, open source software can be hacked just as easily as proprietary software if nobody is responsible for finding the bugs and patching them quickly. This shouldn’t be only the government’s priority, but it should be mandated by law, to ensure there is no wiggle room for when and how electronic voting machines get patched.

Others have proposed that blockchain technology would be the ideal solution. However, even if blockchain technology would ensure the integrity of the cast votes, there could still be issues with voter identification and authentication. The attackers could steal voters’ authentication credentials and vote in their place. For instance, imagine if such a blockchain voting system would rely on voters’ social security numbers for voting system authentication. So you can see why authentication can be so problematic for an electronic voting system, even with blockchain technology.

Mandatory Auditing Of All Elections

If electronic voting can’t be fully trusted, then there should at least be a system in place to audit the results. However, auditing an election’s results often requires the political will to ask for an audit or recount, or for someone to sue for it. Therefore, it’s not always guaranteed that the stealing of an election can be uncovered, if the audit depends on the whims of a state’s election officials.

This is why some some have argued that all future elections should be automatically audited. That could certainly eliminate some of the issues with electronic voting, as it would be that much more difficult for an attacker to influence elections. However, the voting machines would need to use some kind of hardware-backed secure enclave where a log of the votes would be kept. This tamper-proof system would be much more resilient to attacks and would allow auditors to check voting integrity after the fact.

For the states that are unwilling to go back to paper ballots, the EFF has also suggested a compromise: electronic voting that’s backed by a paper trail. This would probably be even better than the secure enclave idea, as even those enclaves could have bugs in them, and attackers could discover and potentially exploit them.

Even the EFF admits, though, that “auditable paper trail” is useless without actual audits following the elections. After all, what good is it if the system is auditable but no one intends to audit it, even when there’s suspicion of hacking or electronic voting manipulation?

Going Back To Paper?

Ultimately, an electronic voting system will always suffer from the same security problems that all software does. Even Estonia’s much lauded electronic voting system was recently found vulnerable due to some chips using weak cryptography. Many of Estonian voters’ electronic cards will now have to be replaced.

It’s unlikely that a truly secure voting system that is “unhackable” will be developed anytime soon. If it is, then it should endure extensive, lengthy testing to ensure that it lives up to expectations.

In the meantime, it may be best to save the billions of dollars the DHS intends to spend on securing electronic voting and switch back to paper voting. Paper voting has its own issues, but it’s much more difficult to steal elections at scale (at least in a democratic country) than electronic voting is.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • dstarr3
    Voter - *votes for Democratic candidate*
    Machine - You have voted for . Is that correct?
    Voter - *frantically taps no*
    Machine - Thank you. Your vote for has been saved. God bless democracy.
  • leoscott
    Dstarr3, or the opposite.
  • casbornsen
    I have a Security+ cert and the only 100% secure computer is one that is taken off the internet, turned off and stored in a safe. And that's only if you trust the person with the combination. Voting should never, ever be electronic.
  • USAFRet
    20328918 said:
    Dstarr3, or the opposite.

    That 'opposite' specifically happened here in my state.
    Badly miscalibrated touchscreen.

    Select A, get B.
  • derekullo
    The only fair way to decide an election is with a Magic 8 ball.

    It is always off the internet, always turned off unless shaken and easily stored in a safe.

    I'm pretty sure it also qualifies as mechanical.
  • rcrossw
    All electronic no way. Must physically vote, even then fraud will occur. But not on the order of hacked results.
    Sounds like this would more likely allow tampering to be covered up.
    "We can't comment on the tampering proof you've obtained... it's a National Security issue you understand"

    Just get rid of these systems. Both neocons and neoliberals want this to make sure political outsiders like Trump will never come to power again, even if the people vote them in.
  • mwryder55
    Nevada uses a system that prints a copy of your selections before you finish. If these were automatically checked versus the machine's results for every machine for every election this would eliminate a lot of potential for fraud.
  • USAFRet
    20329211 said:
    Nevada uses a system that prints a copy of your selections before you finish. If these were automatically checked versus the machine's results for every machine for every election this would eliminate a lot of potential for fraud.

    If you're allowed to take that home, that opens another level of fraud.

    "If you wish to have a job on Wednesday afternoon, you'll bring me your printout that shows you voted for MyGuy"
  • mjslakeridge
    "It's not the people who vote that count, it's the people who count the votes." Joseph Stalin.