It's no secret that it's possible to hack voting systems. But how easy is it, really? Entirely too easy, if you ask researchers at this year's DefCon. They've posted a report detailing how voting machines from numerous vendors held up at the security conference, and... it's not good. Every device in DefCon's "Voting Machine Hacking Village" was compromised in some way, whether it was by exploiting network vulnerabilities or simple physical access.
In 2011, the election board in Pennsylvania’s Venango County — a largely rural county in the northwest part of the state — asked David A. Eckhardt, a computer science professor at Carnegie Mellon University, to examine its voting systems. In municipal and state primaries that year, a few voters had reported problems with machines ‘‘flipping’’ votes; that is, when these voters touched the screen to choose a candidate, the screen showed a different candidate selected. Errors like this are especially troubling in counties like Venango, which uses touch-screen voting machines that have no backup paper trail; once a voter casts a digital ballot, if the machine misrecords the vote because of error or maliciousness, there’s little chance the mistake will be detected.Read more
A new study (PDF) on the security of voting machines was released in Ohio on Friday. The report, one of the most comprehensive and informative that I've seen yet, contains some pretty astounding information about the security of voting machines that hasn't been revealed before. Unfortunately, the report isn't receiving the kind of attention it deserves.
It's the first independent study to examine machines made by Election Systems & Software, the largest voting machine company in the country – the company's machines are used in 43 states. (A similar study of voting systems done in California earlier this year did not examine ES&S machines.)
What the researchers discovered is pretty significant.Read more
Newly uncovered data have shocked election experts and administrators.
In August 2016, Florida Congresswoman Debbie Wasserman Schultz faced off against progressive maverick and Bernie Sanders supporter Tim Canova—her first-ever primary challenger—after six terms in Congress.
Just weeks earlier she had been forced to resign as head of the Democratic National Committee after stolen emails showed her talking smack about Senator Sanders and leaning on the scales in favor of her ally Hillary Clinton. Canova focused the national outrage against her, raising over $3 million, and turning the congressional election into a referendum on her policies and ethics. But with a 13.5% victory she overcame questions about her political viability and returned triumphantly to her job in Washington.Read more
For years, Barbara Simons was the loneliest of Cassandras—a technologist who feared what technology had wrought. Her cause was voting: Specifically, she believed that the electronic systems that had gained favor in the United States after the 2000 presidential election were shoddy, and eminently hackable. She spent years publishing opinion pieces in obscure journals with titles like Municipal World and sending hectoring letters to state officials, always written with the same clipped intensity.
Simons, who is now 76, had been a pioneer in computer science at IBM Research at a time when few women not in the secretarial pool walked its halls. In her retirement, however, she was coming off as a crank. Fellow computer scientists might have heard her out, but to the public officials she needed to win over, the idea that software could be manipulated to rig elections remained a fringe preoccupation. Simons was not dissuaded. “They didn’t know what they were talking about and I did,” she told me.Read more
Our hand count documented: In the 6 audited wards, 1 in every 40 presidential votes remained uncounted as county officials declared results final. Results for individual wards and candidates are here.
“If an Elmwood Park poll worker had been grabbing the ballot from every twentieth voter and ripping it up, while county election officials looked on and did nothing, this result would have been pretty much the same.”
“The poll workers were not throwing out votes,” Racine voter Scott Farnsworth explained. “The problem is that county canvass officials have no process in place to notice or correct predictable electronic miscounts.”Read more
A new bill would require states to use voting machines with paper backups and conduct audits in close elections.
Rep. Debbie Dingell (D-Mich.) introduced the Safeguarding Election Infrastructure Act on Wednesday, which aims to increase elections security by requiring voting machines funded by the federal Help America Vote Act print a paper receipt of each vote.
"Our democracy depends on free and fair elections, and we must do everything we can to protect the security and integrity of that process," said Dingell in a written statement.Read more
In 2016, more than 20 percent of American voters cast their ballots on voting machines that did not produce a verifiable paper trail. For experts, that's a gaping vulnerability, but one that can be addressed.
When Logan Lamb visited the website of Georgia’s Center for Election Systems in Aug. 2016, what he found left him speechless.
Although the cybersecurity researcher had no password or special authorization, he was able through a Google search to download the state’s voter registration list, view files with Election Day passwords, and access what appeared to be databases used to prepare ballots, tabulate votes, and summarize vote totals.
He also discovered a vulnerability that would allow anyone to take full control of a server used for Georgia’s elections.
It was everything a Russian hacker – or any malicious intruder – might need to disrupt the vote in Georgia.
“Had the bad guys wanted to just completely own the central election system, they could have,” Mr. Lamb told the Monitor in an interview.Read more
Days after activists filed a lawsuit over the security of Georgia's election systems, the university housing the servers at the center of the case wiped them of all data.
The servers had been in the possession of the Center for Elections Systems (CES) at Kennesaw State University, which had been contracted to maintain Georgia's election systems. The state ended its relationship with Kennesaw State in July.
According to emails retrieved by one of the plaintiffs in that case through an open records request and provided to The Hill, information technology (IT) staff first confirmed deleting files from the system on July 7 — four days after the suit was filed.Read more
Multiple systems ran on ancient software (the Sequoia AVC Edge uses an operating system from 1989) with few if any checks to make sure they were running legitimate code.
LAST FRIDAY, most major media outlets touted a major story about Russian attempts to hack into U.S. voting systems, based exclusively on claims made by the Department of Homeland Security. “Russians attempted to hack elections systems in 21 states in the run-up to last year’s presidential election, officials said Friday,” began the USA Today story, similar to how most other outlets presented this extraordinary claim.