To begin answering this question, it’s important to emphasize one word: System. Voting machines, often a subject of much contention, do not work alone.
Together with configuration systems, consolidation servers, and many other elements, they form a unified whole. Good systems are designed so that their different elements validate and protect each other. Kind of like a good sports team.
The security of a robust electronic voting system should be designed following a principle known as Defense in Depth. More than implementing just one single impregnable security measure, Defense in Depth adds multiple layers of security and control mechanisms that protect data across the system.
Encryption. For starters, absolutely all the information stored in the election system, from the files that run it, to the tallying reports generated during the election, must be encrypted. Encryption protects the confidentiality of the data by making it unreadable to unauthorized users.
Certificates. In addition, every component of the system must have a unique digital certificate. These certificates allow other elements of the system to know whether or not they are interacting with a legitimate part of the team.
Digital signatures and asymmetrical keys. By combining digital signatures and asymmetrical keys, authorities can validate that the applications running the platform, and the data generated throughout the election, remained unaltered throughout the process.
Security keys also play a crucial role in protecting data. Each device has a unique set of security keys to safeguard the privileged information that it stores. And certain repositories may even have key splitting. This means that the keys are split into several parts; and only when all parties involved agree to unite their unique part of the key, they can access the data.
Air gapping. For added protection, voting machines must be air gapped. They should be isolated from the outer world. Only when voting is over, they connect to the outer world to transmit information for a few seconds. All the encrypted and digitally signed data travels through secured channels. Following the defense in depth principle, multiple layers of protection can be added to reinforce the security of the transmission.
When put in place, these security measures can guarantee the integrity, confidentiality and legitimacy of the information. Even in the unlikely event that a group of hackers would somehow manage to alter the application running one single voting machine, the digital certificates would be altered, and the System as a whole, would not allow the machine to transmit its spoiled information. Good sports teams are precisely that, teams that work together and protect each other.
Redundancy is another key concept that improves security and transparency. Just like the immutability of the blockchain is based in having multiple copies of the same data in different places, distributed data storage should be applied for added security.
When voting data is made redundant, hackers trying to change one single vote need to change it in many other places. Failing to do so would make the change obvious. This means that redundancy makes the system tamper evident.
Audits. One key benefit of automated elections is the level of transparency they offer. Redundant electronic voting systems produce multiple copies of every data point as the election progresses. This generates a very rich audit trail. Even if hackers managed to slow data transmission after polls close, the votes will always remain in the voting machines, ready to be consolidated.
When voting system generate a paper trail, it is possible to guarantee, with 100% of certainty, that the results are 100% legitimate. A paper trail allows, even those who are clueless or careless about technology, to verify that results reflect the will of the voters.
Technology is already transforming the world around us. We should embrace it to transform the future ahead of us.