Electronic voting machines have come under fire in recent years both for their frequent malfunctions and for vulnerabilities that could be exploited by hackers. And, it turns out, if a hacker wanted to experiment with our electronic voting systems, all he’d have to do is head over to eBay, where he could purchase a used machine for around a hundred bucks.
I just got back from my polling place here in Ohio, and I noticed that they’re having some technical problems in my precinct. For starters, one of the two electronic poll books had lost its charge and was sitting on a charger. And as I was casting my ballot on the electronic voting machine, the printout tape appeared to be in the beginning stages of jamming, so some of the lines printed over one another. If for some reason the board of elections decided there was a need to review the paper trail, my votes might not show up — or at least wouldn’t match the votes the machine had recorded. Having been a poll worker and presiding judge for many years, I know these kinds of problems are a fairly regular occurrence, especially the paper jams, which inevitably happen to one or more of the machines at least once, if not several times every Election Day. It’s one of the reasons I’ve long been a proponent of doing away with voting machines and going back to paper ballots that can be easily tracked and more importantly, can’t be hacked.
Malfunctions are one thing; hacking is quite another. The Department of Homeland Security, the Office of the Director of National Intelligence, the Department of Justice, and the FBI issued a joint statement on Monday warning of efforts by foreign actors to interfere in our elections.
“Our agencies have been working in unprecedented ways to combat influence efforts and to support state and local officials in securing our elections, including efforts to harden election infrastructure against interference,” the joint statement read. “Our goal is clear: ensure every vote is counted and counted correctly. At this time we have no indication of compromise of our nation’s election infrastructure that would prevent voting, change vote counts, or disrupt the ability to tally votes.”
You can find plenty of YouTube videos from people showing how electronic voting machines can be hacked. And a new report at Wired shows vulnerabilities that should concern all Americans as we go to the polls today and head into the 2020 presidential election. The folks at Wired were able to purchase used voting machines on eBay.
Just let that sink in for a minute.
For an individual or group determined to interfere in our elections, it would be a simple matter to pick up some used machines to experiment on.
Brian Varner explained that he didn’t even have to go to the dark web to find voting machines. He was able to purchase two on eBay for $100 each. “Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices,” he said. “I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.”
Varner said it was ridiculously simple to get into the machines once they were in his possession. The tamper-proof screws didn’t work and, shockingly, the hard drives hadn’t been wiped. “The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted,” he said. “Worse, the ‘Property Of’ government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.”
Varner, a security researcher at Symantec, undertook the experiment to search for vulnerabilities in our voting system. And boy did he find them.
“Within hours,” he said, “I was able to change the candidates’ names to be that of anyone I wanted” on a machine used in the 2012 election. “When the machine printed out the official record for the votes that were cast, it showed that the candidate’s name I invented had received the most votes on that particular machine.”
He then examined a machine used in the 2016 election, hoping to find that security had been beefed up in the four years between elections. Instead, he found the systems “are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones.”
Varner pointed to a recent report on voting machine vulnerabilities that concluded that someone would need to have physical access to the machine in order to exploit it, an assessment with which he concurs. “When I reverse-engineered voting machines in 2016, I noticed that they were using a smart card as a means of authenticating a user and allowing them to vote. There are many documented liabilities in certain types of smart cards that are used, from Satellite receiver cards to bank chip cards. By using a $15 palm-sized device, my team was able to exploit a smart chip card, allowing us to vote multiple times,” he wrote.
Indeed, both the smart cards and the hand-held encoders are available for sale on eBay. Varner said that someone wishing to interfere in our elections could purchase voting machines online, reverse engineer them to exploit them for weaknesses, and then compromise a small number of machines in a local precinct. Then it would only be a matter of obtaining physical access to the machines before an election.
And while you might be thinking it would be nigh unto impossible to gain access to a machine, I can tell you unequivocally that it’s not. When I was a poll worker, as the presiding judge I was instructed to pick up the voting machines at the county BOE and transport them to the precinct the day before the election. I had unfettered access to the machines, the smart cards, and the SD cards that recorded the votes for several hours.
While we’ve yet to see evidence that electronic voting machines in the U.S. have been hacked, there is plenty of evidence demonstrating vulnerabilities in both the machines and the humans who administer elections. In many states, voting machines are nearing the end of their lifespan and cash-strapped boards of election often don’t have the money to replace them. In 2012, I watched a voting machine change a vote from Romney to Obama. A voter alerted me to the problem, which I was able to reproduce, and I immediately took the machine out of the rotation and requested a replacement from the board of elections. But who knows how many votes were changed before the problem was discovered? To this day I have no idea whether it was a simple malfunction or there was some breach in the system. Pleas to Ohio’s secretary of state and to my county board of elections to investigate the episode (for which I provided a detailed account) went unanswered. I don’t know if they actually investigated the matter. (At the time I was a member of my county GOP executive committee, by the way, and even I couldn’t get anyone from our Republican-led BOE to respond to me. Imagine what happens when Joe Voter calls up the local BOE and complains about a voting machine problem.)
I also witnessed a machine pre-selecting votes in 2014. In that case, it pre-selected the Republican candidate for governor and the Democratic candidate for state auditor. Again, I took the machine out of the rotation and again, I never heard back about any investigation results (assuming there was in an investigation).
Some suggestions Varner has for securing voting machines include lifecycle management of the machines’ components, encrypting the hard drives, and training poll workers to identify fake chip cards that could be used in voting machines.
He also thinks that a federal standard is needed to protect voting machines, saying we need to develop “nationwide policies and security protocols that would govern how voting machines are secured.”
While I agree with most of Varner’s recommendations, I disagree with him on national standards. Our elections are safer when hackers have to deal with 50 different voting systems — and a variety of systems operating within each state. If a hacker were able to penetrate a single voting machine in one precinct, the damage could be fairly limited. If, however, all states were using similar security protocols, those who want to interfere in our elections would only have one system to figure out.
That said, states should be doing everything within their power to harden electronic voting systems to protect them from cyber attacks. Better yet, states should seriously consider going back to paper ballots. Yes, they take more time, and, as we saw in Florida many years ago, there are problems with hanging chads and half-filled-in bubbles on cards being read by optical scanners. But paper ballots always have a paper trail and they can’t be hacked. That should be reason enough to roll back the use of electronic voting machines. We can’t afford to get this wrong — our democracy depends on it.
According to Varner, the greatest fear of election security researchers is not widespread vote flipping, which he said would be easy to detect. Instead, he said a “small, public breach of security that would sow massive distrust throughout the entire election ecosystem” poses the greatest risk.
“If anyone can prove that the electoral process can be subverted, even in a small way, repairing the public’s trust will be far costlier than implementing security measures,” he warned.
Follow me on Twitter @pbolyard