Skip to main content

'SAVE Act' Aims To Do The Impossible: Secure Electronic Voting In The US

Senators Martin Heinrich (D-N.M.) and Susan Collins (R-Maine), who are members of the Senate Select Committee on Intelligence, introduced the Securing America's Voting Equipment (SAVE) Act. The bill aims to protect U.S. elections against both domestic and foreign hackers. This will include safeguarding electronic voting machines, registration data, and ballots from manipulation and theft.

“Our democracy hinges on protecting Americans' ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections,” said Senator Heinrich. “The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation's democratic institutions will remain vulnerable," he added.

SAVE Act

The SAVE Act would facilitate information-sharing with states by requiring the Director of National Intelligence (DNI) to sponsor security clearances for the main state election officials, such as the secretaries as state. The DNI would then be able to share classified information regarding potential security threats to a state’s election system.

The Act would permanently classify election systems as “critical infrastructure,” too. This will designate the Department of Homeland Security to work with election officials to audit the existing systems and develop new protections against hacking. A federal grant program will also be made available, so states can upgrade their aging electronic voting systems.

As previous research has shown, some voting machines run software that hasn’t been updated in years, and they could be easily hacked into by malicious attackers.

Can Electronic Voting Even Be Secured?

Many security experts would agree that electronic voting is not the most secure way to vote and ensure the integrity of the vote, no matter what security protocols and software are being used.

For instance, some have proposed that open source software would be the answer. However, open source software can be hacked just as easily as proprietary software if nobody is responsible for finding the bugs and patching them quickly. This shouldn’t be only the government’s priority, but it should be mandated by law, to ensure there is no wiggle room for when and how electronic voting machines get patched.

Others have proposed that blockchain technology would be the ideal solution. However, even if blockchain technology would ensure the integrity of the cast votes, there could still be issues with voter identification and authentication. The attackers could steal voters’ authentication credentials and vote in their place. For instance, imagine if such a blockchain voting system would rely on voters’ social security numbers for voting system authentication. So you can see why authentication can be so problematic for an electronic voting system, even with blockchain technology.

Mandatory Auditing Of All Elections

If electronic voting can’t be fully trusted, then there should at least be a system in place to audit the results. However, auditing an election’s results often requires the political will to ask for an audit or recount, or for someone to sue for it. Therefore, it’s not always guaranteed that the stealing of an election can be uncovered, if the audit depends on the whims of a state’s election officials.

This is why some some have argued that all future elections should be automatically audited. That could certainly eliminate some of the issues with electronic voting, as it would be that much more difficult for an attacker to influence elections. However, the voting machines would need to use some kind of hardware-backed secure enclave where a log of the votes would be kept. This tamper-proof system would be much more resilient to attacks and would allow auditors to check voting integrity after the fact.

For the states that are unwilling to go back to paper ballots, the EFF has also suggested a compromise: electronic voting that’s backed by a paper trail. This would probably be even better than the secure enclave idea, as even those enclaves could have bugs in them, and attackers could discover and potentially exploit them.

Even the EFF admits, though, that “auditable paper trail” is useless without actual audits following the elections. After all, what good is it if the system is auditable but no one intends to audit it, even when there’s suspicion of hacking or electronic voting manipulation?

Going Back To Paper?

Ultimately, an electronic voting system will always suffer from the same security problems that all software does. Even Estonia’s much lauded electronic voting system was recently found vulnerable due to some chips using weak cryptography. Many of Estonian voters’ electronic cards will now have to be replaced.

It’s unlikely that a truly secure voting system that is “unhackable” will be developed anytime soon. If it is, then it should endure extensive, lengthy testing to ensure that it lives up to expectations.

In the meantime, it may be best to save the billions of dollars the DHS intends to spend on securing electronic voting and switch back to paper voting. Paper voting has its own issues, but it’s much more difficult to steal elections at scale (at least in a democratic country) than electronic voting is.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.