America’s Electronic Voting Machines Are Scarily Easy Targets

America’s Electronic Voting Machines Are Scarily Easy Targets

By BRIAN BARRETT 08.02.16. 9:57 AM

THIS WEEK, GOP presidential candidate Donald Trump openly speculated that this election would be “rigged.” Last month, Russia decided to take an active role in our election. There’s no basis for questioning the results of a vote that’s still months away. But the interference and aspersions do merit a fresh look at the woeful state of our outdated, insecure electronic voting machines.

We’ve previously discussed the sad state of electronic voting machines in America, but it’s worth a closer look as we approach election day itself, and within the context of increased cyber-hostilities between the US and Russia. Besides, by now states have had plenty of warning since a damning report by the Brennan Center for Justice about our voting machine vulnerabilities came out last September. Surely matters must have improved since then.

Well, not exactly. In fact, not really at all.

Rise of the Machines

Most people remember the vote-counting debacle of the 2000 election, the dangling chads that resulted in the Supreme Court breaking a Bush-Gore deadlock. What people may not remember is the resulting Help America Vote Act (HAVA), passed in 2002, which among other objectives worked to phase out the use of the punchcard voting systems that had caused millions of ballots to be tossed.

In many cases, those dated machines were replaced with electronic voting systems. The intentions were pure. The consequences were a technological train wreck.

“People weren’t thinking about voting system security or all the additional challenges that come with electronic voting systems,” says the Brennan Center’s Lawrence Norden. “Moving to electronic voting systems solved a lot of problems, but created a lot of new ones.”

The list of those problems is what you’d expect from any computer or, more specifically, any computer that’s a decade or older. Most of these machines are running Windows XP, for which Microsoft hasn’t released a security patch since April 2014. Though there’s no evidence of direct voting machine interference to date, researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack.

“When people think that people think about doing something major to impact our election results at the voting machine, they think they’d try to switch results,” says Norden, referring to potential software tampering. “But you can do a lot less than that and do a lot of damage… If you have machines not working, or working slowly, that could create lots of problems too, preventing people from voting at all.”

The extent of vulnerability isn’t just hypothetical; late last summer, Virginia decertified thousands of insecure WinVote machines. As one security researcher described it, “anyone within a half mile could have modified every vote, undetected” without “any technical expertise.” The vendor had gone out of business years prior.

The WinVote systems are an extreme case, but not an isolated one. Other voting machine models have potentially vulnerable wireless components; Virginia’s just the only one where a test proved how bad the situation was.

The worst part about the current state of voting machines is that they don’t even require outside interference to undo an election. “They’re all computers. They run on tens of thousands of lines of code,” says Norden. “It’s impossible to have a perfectly secure, perfectly reliable computer.”

That’s true, but in fairness, most computers aren’t quite this imperfect, either.

A Good Kind of Audit

So electronic voting machines aren’t ideal. The good news is, it’s entirely possible to mitigate any potential harm they might cause, either by malice or mistake.

First, it’s important to realize that electronic voting machines aren’t as commonplace as one might assume. Three-quarters of the country will vote on a paper ballot this fall, says Pamela Smith, president of Verified Voting, a group that promotes best practices at the polls. Only five states—Delaware, Georgia, Louisiana, South Carolina, and New Jersey—use “direct recording electronic” (DRE) machines exclusively. But lots of other states use electronic machines in some capacity. Verified Voting also has a handy map of who votes using what equipment, which lets you drill down both to specific counties and machine brands, so you can see what’s in use at your polling station.

More than half of the states conduct post-election auditing, by checking vote totals against paper records, to ensure that the votes are accurate. Both Smith and Norden agree that this sort of auditing is the single best way to guarantee confidence in election results, as does MIT computer scientist Ronald Rivest, who has written extensively [PDF] on voting machine issues.

The problem is that not every state does post-election audits. And even some that require them by law, namely Pennsylvania and Kentucky, don’t actually use voter-verifiable paper trails, meaning they have no way to complete an audit. And progress toward more and better auditing is slow; Maryland just put an auditable system in place this year, Smith says, and will pilot it during the fall election. Over a dozen states still have no audit procedure at all.

The problem with putting these auditing systems in place is the same one keeping more reliable voting machines from the booths in the first place: a lack of money and political will. There’s new voting equipment out there that’s much more secure than the machines states purchased in bulk a decade or more ago, but only a handful of states and municipalities—Rhode Island, DC, and parts of Wisconsin among them—have upgraded in the past year.

“The money’s not there right now,” says Norden. “We interviewed election officials who told us what they were hearing from their state legislators and others who would be funding this type of equipment, and they say come back to us after there’s some kind of crisis.”

Which, if they wait long enough, is exactly what they’re going to get.

Rigging the Vote

For what it’s worth, electronic voting machines have been this hackable in previous elections as well, and there’s no indication—even in Virginia—that there’s ever been any interference.

This year feels different though, in no small measure because of Russia’s alleged responsibility for the DNC hack. If Putin would go so far as release those emails, would he pursue a direct assault on our vulnerable voting machines as well?

The short answer? Nyet.

“Putin’s not very nice, but he’s not stupid,” says Ryan Maness, a visiting fellow at Northeastern University who specializes in international cyber conflict and Russian foreign policy. “If they were going to mess with the voting machines and the vote-counting software, they wouldn’t have done the DNC hack.”

Maness argues that the DNC hack and subsequent email release has put a spotlight on Russia. The blowback from such direct interference in a United States election would be too severe. Besides, Maness says, Putin’s main objective was likely to embarrass Hillary Clinton, rather than elevate Trump. And he’s certainly achieved that much already.

But even if Maness is wrong, the even better news is that the three states that will likely decide the election—Florida, Ohio, and Pennsylvania—have voting machines that are in relatively good shape. Florida has an audit requirement in place, while Ohio not only conducts audits, Smith says, it has an “automatic recount provision,” where close races trigger a manual recount without requiring a candidate to request one. “Pennsylvania is of the most concern” among those three, says Smith, “based on the fact they have so many paperless DREs in use.” Even there, though, election officials will actively deploy paper ballots in the event that those machines fail.

Still, unlikelihood that Russia would tamper with our voting machines hasn’t lifted the sense of unease around the election. When Donald Trump suggests the election might be “rigged,” he’s referring to a host of potential disruptions, from the times and dates of scheduled debates to whatever else he might bend to his narrative. In November, should he lose, he’ll find the voting machines to be an easy target.

That suspicion is the real danger of electronic voting systems, and especially of those that can’t be easily or effectively audited. If you can’t guarantee that there was no tampering—which not every state can—it might not matter if any actually took place. In the wrong hands, the doubt itself is damaging enough.

https://www.wired.com/2016/08/americas-voting-machines-arent-ready-election/



Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more