(Scoop News Group)

The tech industry's election security offerings for 2020

As state and local governments have scrambled to provide digital services during the coronavirus pandemic, technology companies found an opportunity to provide their logistical and security expertise to public sector projects, often on a pro bono basis. The same kinds of public-private partnerships between the technology companies and state and local election offices, candidates and campaigns will likely be on display once again to secure polling places and voter data ahead of the 2020 presidential election.

Here are some of the private sector’s election security and logistics services on offer to candidates and state or local election officials. Several were originally offered ahead of the 2018 midterm elections and have been updated over the past two years. 



ElectionGuard, an open-source software kit Microsoft launched last year, gives voters the ability to confirm that their ballots are counted accurately. In jurisdictions using the software, voters will receive unique codes — which don’t reveal their choices — that can be tracked online as their ballots are processed and counted. Tom Burt, Microsoft’s vice president for customer security and trust, likened it to a ‘“tamper-proof bottle” in a May interview with NPR.

But the success of ElectionGuard is dependent on voting-machine manufacturers incorporating the software kit into their equipment. So far, two of the largest vendors of voting equipment — Elections Systems & Software and Hart Intercivic — have worked with Microsoft.



“Facebook Protect” launched last October to help candidates and election officials secure their accounts on both Facebook and Instagram. The free service promises quicker and more active account monitoring than standard users receive, including the flagging of unusual login locations or unverified devices. Once a single account associated with a campaign or election administrator is flagged, Facebook says it will take action to protect any accounts also affiliated with the same organization.

In August, Facebook also launched its “US 2020 Voting Information Center,” designed to help users learn if they’re registered to vote, where their polling places are and what their state’s absentee options are. Voters can register and request absentee ballots from links on the site and receive “voting alerts” from state and local election authorities, which the company said could be valuable in communicating last minute changes to polling places or election processes.

And while misinformation and disinformation remain rampant on its platform, Facebook has in recent weeks taken stronger action to delete pages associated with conspiracy theories and the coronavirus pandemic, and has also flagged posts by President Donald Trump urging his supporters to vote twice, which is illegal. The company announced earlier this month that it would also block all new political advertising for a week before the Nov. 3 election to reduce the spread of misinformation.

Separately, Facebook founder Mark Zuckerberg and his wife, Pricilla Chan, announced Sept. 1 that they will spend $300 million on staffing, training and equipping local election officials personal protective equipment and tools to process ballots and applications for the upcoming presidential election. The vast majority of the donation, $250 million, will go toward the Center for Tech and Civic Life, a nonpartisan nonprofit that will administer the funding to localities. The other $50 million will go toward the Center for Election Innovation and Research, another nonpartisan nonprofit dedicated to increasing voter turnout and combatting the kind of disinformation spread by Facebook.


The website security company’s “Athenian Project” provided protection against data theft and distributed denial of service, or DDoS attacks in the 2018 midterm elections to state and local government election websites, including those that contained information about voter registration, polling places or unofficial election-night results. Federal cybersecurity officials and industry experts alike have warned that these websites — which often reside on unsecured dot-com or dot-org domains — are potential prey for ransomware attacks that could disrupt the flow of information to voters on Election Day.

In 2020, Cloudflare is providing the service to 229 election websites in 28 states, the company said. The Athenian Project platform gives election administrators free access to many of the same tools Cloudflare’s enterprise customers use, including a web application firewall, multi-user account enablement, bot management and an “Under Attack” mode that results in additional scanning and user screening.



The “Secure the Election” initiative the ethical hacking company launched in 2018 to offer crowdsourced penetration testing to election officials, has continued into 2020. The company says that it’s committed $1 million toward the initiative, which allows white-hat hackers to expose an election system’s vulnerabilities before they can be exploited by a malicious actor. The penetration testing itself will expose how many and which servers an election system has connected to the internet, as well as whether a state’s online voter registration system connects directly to its voter registration database, and whether that database can be accessed by any other government agency, like a motor vehicle agency.

One state that’s taking advantage of Synack’s services is Colorado, where the office of Secretary of State Jena Griswold has the company testing anything that’s internet-connected, including electronic poll books. “We need to know [vulnerabilities],” Griswold’s chief information officer, Trevor Timmons, told StateScoop in July. “We’ve got enough time that if they found anything we’d be able to respond to them.”



Jigsaw, Google’s technology incubator, continues to maintain its “Protect Your Election” toolkit, which offers a similar suite of services as Cloudflare’s Athenian Project, to election officials, as well as candidates, campaign staff and media covering elections. The toolkit includes Project Shield, a filter that protects websites from DDoS attacks, and Google’s Advanced Protection Program, which provides an extra layer of account security by limiting which third-party apps can access Gmail and requiring a physical token, such as a YubiKey, for two-factor authentication.

Google this year has also partnered with the University of Southern California on a 50-state series of election security workshops, featuring secretaries of state, federal and industry cybersecurity experts and local journalists. While Google and USC were able to hold the first few sessions in-person in February, the sessions — like everything else in 2020 — were reorganized as virtual events after the onset of the COVID-19 pandemic.