Cybersecurity Students Make Electronic Voting Systems Safer

Their System Wins First Place in Kaspersky Lab’s International Challenge Hosted by "The Economist"

When electronic voting machines came into use in the early 1990s, they made voting cheaper, easier, and more accessible to the electorate, but few programmers gave thought to the issue of cybersecurity.  The modern Internet, however, has given rise to the possibility of cyber attacks that could catastrophically disrupt the democratic process and affect the course of a nation’s history.

In September 2016 the internationally recognized computer protection firm Kaspersky Lab, in partnership with The Economist, mounted a challenge inviting teams from universities around the world to design a system for digital voting that addressed such issues as ensuring privacy and validating contested results.

New York University students Kevin Kirby, Anthony Masi, and Fernando Maymi took home first place in the challenge with their system, Votebook, which is secure, scalable, and consistent with current voter behavior and expectations of privacy. As per the rules of the challenge, Votebook is based on blockchain technology, which creates a distributed, irreversible, incontrovertible public ledger that has been described as double-entry accounting for the digital age. (Blockchain is best known as the apparatus that supports the alternative currency Bitcoin.)

Votebook employs a “permissioned blockchain” configuration in which a central authority admits voting machines to the network prior to the start of the election, and then the voting machines act autonomously to build a public, distributed ledger of votes. Voters would still register and show up to the polls just as they do in our current system, ensuring minimal disruption of voter expectations.

At the conclusion of the election, the ledger of data for each voting machine would be released to the public at large to allow for auditing. Each voter could then check to see his or her vote was counted by entering a set of unique values (voter identification, individual ballot identification) that only the voter would know – the values, when cryptographically hashed, match the entry on the ledger that represents that individual’s vote; no one else would be able to decipher those hashes.

Kirby, Masi, and Maymi, who were awarded $10,000 for taking first place in the challenge, are all NYU ASPIRE scholars, taking part in a program that aims to produce cybersecurity specialists who understand information-security issues from a multidisciplinary perspective. The program is based at the NYU Center for Cybersecurity (CCS) and accepts students from across the university, including the School of Law (where Kirby is a third-year student) and the Tandon School of Engineering (where Masi and Maymi are graduate students majoring in cybersecurity).

“Concerns about ballot stuffing, fraud, and cyber attacks have rattled voter confidence,” Maymi said. “It’s time that the voting system became more transparent, and we have shown that we should and can harness the power of blockchain technology to serve democracy.”

“We are exceedingly proud that our ASPIRE scholars triumphed in this important challenge,” said NYU Tandon Professor of Electrical and Computer Science Ramesh Karri, who co-founded CCS. “Their win is proof that interdisciplinary teams can create exceptionally secure information systems based on a deep understanding of social, behavioral, and public policy implications. With digital data becoming more and more essential in every facet of our lives — including the way in which we elect our leaders — their expertise is invaluable.”