by Ginny Badanes, Director of Strategic Projects, Cybersecurity & Democracy at Microsoft

Following the disruption of the 2016 US Elections by nation-state adversaries and the increase in attacks against democratic institutions globally, Microsoft launched the Defending Democracy Program in April of 2018. The program is focused on bringing governments, civil society, and the technology sector together to safeguard these vital institutions. I’ve been part of that program ever since as Director of Strategic Projects. In 2020, our work is as important as it was then as we continue to see nation-state cyberattacks targeting people and organizations involved in the upcoming U.S. election.

The Intersection Of Politics And Technology

Recent events we’ve been tracking include unsuccessful attacks on people associated with both the Trump and Biden presidential campaigns. Microsoft notifies customers of activities of this type, and we continue to enhance security features in our products and services to combat them. A few of the recent attacks we’ve observed include:

  • Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants
  • Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community
  • Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

You can learn more about these incidents here in a blog post by our Corporate Vice President for Security and Trust, Tom Burt. These attacks are part of a complicated and contentious election year, which is why we believe it is essential to be transparent about what we see and to provide guidance for how everyone involved in the political process can protect themselves.

Technology Plays An Important Role

This is why in 2018 we launched a free service for political organizations and election officials called AccountGuard. This service provides white glove nation-state-notification support as well as cyber security trainings. It also acknowledges that individuals are often targeted on more than just their official business accounts. If individuals associated with an organization enrolled in AccountGuard are using Microsoft consumer accounts as well, they can enroll those personal accounts as part of the program and receive similar protections and notifications.

We have also been working on an open-source project called ElectionGuard, which is an SDK that enables elections to be end-to-end-verifiable using encryption. The technology also has the promise to support an incredibly important part of the voting process, which is post-election audits. To learn more about ElectionGuard, take a look at this piece in the New Yorker, which follows the path to our first ElectionGuard pilot. To learn more about post-election audits, specifically risk limiting audits, listen to a podcast interview I recently did with Sean Roberts at Lincoln Policy, discussing audits and how to do them well. This year it’s more important than ever to have processes in place that ensure that the results of the elections are accurate, and that all votes that were cast were counted accurately.

In:Confidence Digital Panel On The 2020 U.S. Election

Watch the recording of my panel discussion on data, digital transparency, disinformation, and privacy in the 2020 U.S. election. Our panel at In:Confidence Digital was moderated Edward Luce, U.S. National Editor, The Financial Times, and I was joined by Ellen L. Weintraub, Commissioner of the U.S. Federal Election Commission, and J. Alex Halderman, Professor of Computer Science & Engineering at the University of Michigan. We discussed many issues that we’ve seen in the news lately, and how technology can help or harm our elections going forward. I hope you’ll watch this very compelling conversation.

 

In:Confidence