Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair.

“This community is precisely the one whose help is going to be needed by your local election officials,” he said. “The logistical aspects of this are familiar to computing specialists,” he said, while urging virtual Black Hat attendees to “engage now.”

Scaling up mail-in voting, Blaze said, with less than 100 days left before the election, is an undertaking that, while not impossible, presents many challenges. With the “operational environment being under uncertainty and in a state of emergency…our expertise in this community is central to many of the problems that we have here.”

Blaze, who is McDevitt Chair in Computer Science and Law at Georgetown, chairman of the Tor Project and co-creator of the Voting Village at DEFCON, took the virtual “stage” at Black Hat 2020 on Wednesday for the first-day keynote. He discussed how the global coronavirus pandemic has created a national emergency on the voting front, driving a need for scaling up accessible, COVID-19-safe election mechanisms between now and November. Broader mail-in voting is an obvious choice for that – but making it or any other “fix” a reality in the short-term is easier said than done, he said.

“I’m a computer scientist who studies computer security, which is full of terribly hard problems,” Blaze said. “I don’t think I’ve ever encountered a problem that’s harder than the security and integrity of civil elections – it’s fundamentally orders-of-magnitude more difficult and more complex than almost anything else.”

One of the big reasons for this complexity is the fact that the federal government has remarkably little to do in practice with the process and the mechanisms of voting, he said, making for a patchwork of approaches that can’t be effectively changed in bulk.

“In practice, each state sets its own rules, has its own laws, and has its own requirements for the elections that are conducted in that state,” Blaze explained. “And in most states, elections are actually run by local governments, most often counties. And to give you a sense of the scale, there, there are over 3,000 counties in the United States – and if you add the townships and other governments that that run elections, there are over 5,000 government entities responsible for doing everything with the elections for their residents. So there’s no single place where you can change everything nationwide.”

With the pandemic and various politicians driving controversy over the efficacy of vote-by-mail, Blaze noted that absentee voting has always been with us – but just not at scale.

“This is available everywhere, and it’s a fairly predictable, well-established concept in general, and election officials can usually predict how many people are going to need to vote by this absentee method,” he said. “There are states that that rely on mailing voting very heavily, in places like Oregon. But that said, in most places, we still by and large vote in person.”

#black hat #critical infrastructure #government #vulnerabilities #black hat 2020 #challenges #election security #keynote #mail in voting #matt blaze #presidential election #scale