Cybersecurity

OPINION

How BlackBerry Could Make Voting From Smartphones Secure

Some states, including Colorado and Oregon, where I live, defaulted to mail-in ballots some time ago, and their elections are unconstrained by the pandemic. However, in many parts of the U.S., the prevailing attitude is that the Web lacks enough security for elections. That strikes me as odd, given that we now use the Internet to manage our finances, our healthcare, our businesses, our travel — and increasingly our shopping, including for food.

The existing election hardware is aging and largely unsecure. No one seems to have the budget to replace it. While we can make smartphones secure, we mostly don’t. These thoughts came to mind last week when BlackBerry held a virtual event that provided an update on its security offerings, and one jumped out at me that could be perfect for enabling online voting.

One party seems to want voting to be hard to ensure that its candidates get elected, but putting people at physical risk of getting infected to win an election appears, at the very least, to be anti-democratic and, at worst, an attempt to corrupt an election.

I’ll share some thoughts on how technology could enable secure voting and then close with my product of the week: a new Laptop from HP that could be perfect for people working from home.

Securing Elections

One of the historical problems with elections is getting people to vote. Polling places are often not very convenient; you have to take time off work, and maintaining social distancing is almost impossible. Furthermore, most ballot machines are antiquated, and they aren’t very secure. There is no feedback loop to ensure that your vote got counted or was applied the way you intended.

This problem is an obvious oversight if there’s concern about anyone, particularly a foreign government, compromising an election. The definitive way to address it would be by providing a report to the voter on how each vote was cast. Then, if reports bounced back from nonexisting addresses, or if people reported that their votes weren’t recorded or were recorded in error, or if someone who didn’t vote got a statement saying they voted, then it would be clear there was a problem, and there would be clues to its extent.

One of the ways we ensure transactions, say with credit cards, is that customers get a billing statement at the end of the month showing payment details. Customers can check if the activity reported matches what they did.

This relatively simple feedback step would massively reduce the ability to falsify an election by compromising the voters. It would secure the voting process regardless of the tool used to capture votes. More conventional security tools could defend the back end.

Securing the Device

It would be necessary to ensure the device as well, whether a PC or a smartphone. Current-generation Windows 10 PCs are far more secure than their predecessors, but there are still PCs in the market that were old at the end of the last decade in service.

There’s a similar problem with smartphones. Android historically has been unsecure. While Apple traditionally has had a stronger security message, its “security by obscurity” policy means it probably isn’t trustworthy either.

Securing the entire device for an election likely would be too costly, and people probably would object to the requirement, mainly if what was used was one of the older security products that have a lot of overhead, and it’s known that users tend to turn it off.

What’s needed is a security solution that targets the voting app explicitly and ensures there is no critical compromise of the device (avoiding screen scrapers and key loggers in particular), but that doesn’t extend beyond the voting mandate.

BlackBerry Protect

This need came to mind last week when BlackBerry had its virtual analyst event, which packaged much of what was going to be a multi-day event into an hour. When I listened to what BlackBerry Protect for mobile did, it occurred to me that parts of it seemed to be an ideal solution.

One aspect of this solution is embedding security technology into the app so that regardless of the security level of the device, the user and the data would be secure inside the app. BlackBerry also has a secure browser that sandboxes all activity within it. If that browser were required for voting on top of using a secure website — similar to what banks, hospitals, and most critical government functions use — the solution arguably would be more secure than current voting machines.

The phone could be one of the two factors for authenticating the user. BlackBerry even has technology (from Cylance) that can ensure the person on the phone is the person the phone belongs to, which is far better than a physical voting booth where poll workers check off names. Even if they require identification, IDs can be faked.

Because BlackBerry is a Canadian firm, it has no real skin in the game for any U.S. election, so the chance that it might compromise the solution is remote, particularly given that much of the company’s business is with governments that trust it explicitly.

With smartphones, it would be possible to use text-to-voice and voice-to-text and adjust font sizes dynamically to help people with vision problems. Voice command could assist those with limited or no use of their arms and hands, making the solution far more effective for those who are temporarily or permanently disabled.

Wrapping Up

We know the current U.S. voting infrastructure is not secure. We know foreign governments are trying to compromise the elections. We have tested technology that is both more secure and more convenient, but we don’t want to use it. I understand that decades ago, new technologies were tried, and that experiment didn’t work well, but technology has advanced significantly since then. We now trust it broadly for everything from healthcare to defense.

Moving to electronic voting would help ensure democratic processes in the U.S. The only sustaining reason not to do this is that ensuring democracy is less important than providing a particular outcome for a critical mass of politicians who probably shouldn’t be in politics for our own good.

Rob Enderle's Product of the Week

I’ve been thinking about the ideal laptop for someone working from home, and I think it is very different from what you’d pick if you were the typical mobile worker. You aren’t going on planes or even really taking it from meeting to meeting. You typically are just moving it from one part of the house to another (and maybe the yard), depending on what you want to watch.

You may want to watch the kids or the pets. You may work in the kitchen or in the living room. Generally, you have a decent amount of space, a plug close by, and no need to carry this laptop as you run to a plane since virtually no one is flying at the moment.

Thus, you can trade off the more typical 13-inch screen for a 17-inch screen, live with less battery life, but get more performance in what would be closer to the monitor size you have (had) at work, and better performance for creation or (you know you do this) gaming.

HP Envy 17

HP Envy Laptop – 17t-cg000 Touch Optional

As I was thinking about this, HP announced the availability of its Envy 17, which has a 17-inch screen, up to 4K resolution on that screen, Nvidia Discrete Graphics, up to 1 Terabyte of storage, WiFi 6, and an estimated 10.5 hours of battery life.

It has a fingerprint reader to keep your kids locked out of the box when you aren’t using it, and it has built-in Cortana and Alexa digital assistants. Starting at a reasonable US$1,249 at BestBuy, it may be the ideal product for those working from home — unless I can find a 21-inch laptop, which might be even better.

Given this is what I’d buy were I shifting from working in the office to working at home, the HP Envy 17 is my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.
Rob Enderle

Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester. Email Rob.

3 Comments

  • Your ignorance of the electoral process is stunning. Square your wholly ignorant "great idea" of voter receipts with the fundamental tenet of voter anonymity… I’ll be over here with popcorn. Did you *really* think you’re the first person to ever get a light bulb over the head with "voter receipts"?

    Did you do any actual research before blathering off this "piece"?

  • Let’s make election day a national holiday so people don’t need to take off from work to vote. Paper ballots only with ID required at the polling place, with exceptions for absentee ballots that are certified and include identification. Regardless of the fact that we bank and use other critical services online and with our phones, electronic voting is ripe for fraud. I still want to place my ballot in the box myself. Yes, I’m trusting that it will be delivered successfully to be tabulated correctly. But tapping "Submit" on my phone or computer screen and trusting the electoral system doesn’t work for me. We’ve all seen the warnings when making a payment or submitting an order online "Only click once to submit your order." That’s because there are millions of times when orders, payments, forms, etc have been duplicated sometimes ten-fold or more by human and/or system errors. Same thing can easily happen with voting, and that’s before we take fraud into account.

    I also need to push back on the statement "Because BlackBerry is a Canadian firm, it has no real skin in the game for any U.S. election." I’m not saying that BlackBerry is politically biased one way or the other. Fact is I don’t know. But how can you assert that a company "has no real skin in the game for any U.S. election" based on the fact they are located in Canada? That infers that no Canadian company is interested in who wins or loses U.S. elections. Given the AM ount of commerce that is done between the U.S. and Canada, in addition to many cross-border policies, this is illogical.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Rob Enderle
More in Cybersecurity

Technewsworld Channels