110 Articles Affirm America's Computerized Voting System Is Online, Compromised, and Vulnerable To Hackers: Documented, Linked, and Quoted

110 Articles Affirm America's Computerized Voting System Is Online, Compromised, and Vulnerable To Hackers: Documented, Linked, and Quoted KanekoaTheGreat Mar 29 107 12 All of my articles on True the Vote, 2000 Mules, and America’s computerized voting system — Part I, Part II, Part III, and Part IV. “Forty-three percent of American voters use voting machines that researchers have found have serious security flaws including backdoors. These companies are accountable to no one. They won’t answer basic questions about their cyber security practices and the biggest companies won’t answer any questions at all. Five states have no paper trail and that means there is no way to prove the numbers the voting machines put out are legitimate. So much for cyber-security 101… The biggest seller of voting machines is doing something that violates cyber-security 101, directing that you install remote-access software which would make a machine like that a magnet for fraudsters and hackers.” This statement was said by Senator Ron Wyden, D-Ore., during a March 21, 2018, U.S. Senate Intelligence Committee hearing, one of the numerous hearings that Congress convened to discuss election security following the 2016 election. Wyden, his congressional colleagues, and the corporate media would spend much of the next four years discussing their many concerns about the security of the U.S. election system. Computerized voting in the United States is largely a secretive and privately-run affair conducted out of the public eye with very little oversight. The corporations that run every aspect of America’s elections, from voter registration to casting and counting votes, are subject to limited regulation and public scrutiny. The companies are privately-owned, making information about ownership, finances, and technology difficult to obtain. The software source code and hardware design are kept as trade secrets and therefore difficult to study or investigate. Join the 18,000 subscribers who read Kanekoa’s Newsletter. With both major parties doubting the integrity of the last two elections, the voting machine vendors have lost the trust of the American people. And, deservedly so. Considering J.P. Morgan, Facebook, and the Pentagon have all been hacked in recent years, it is illogical to believe that voting machine manufacturers working on limited budgets are somehow immune to cyber intrusions. Senator Amy Klobuchar, D-Minn., discussed her concerns with the three main voting machine manufacturers in the 2020 HBO Documentary, Kill Chain: The Cyber War on America's Elections: “We’re very concerned because there are only three companies. You could easily hack into them. It makes it seem like all these states are doing different things, but in fact, three companies are controlling them.” Elections Systems & Software, Dominion Voting, and Hart Intercivic account for about ninety percent of U.S. election equipment. These vendors supply the equipment at the epicenter of America’s elections: Electronic Poll Books: An electronic poll book (also called “e-poll book”) is a computer-based system that allows poll workers to look up voters and either check them in to vote or identify the person as not in the list of voters permitted to vote at the polling location. Optical Scanners: Optical scanners include both marksense and digital image scanners in which voters mark paper ballots that are subsequently tabulated by scanning devices. Optical scan voting systems can scan and tabulate ballots marked by hand or those marked by a ballot marking device. High-capacity batch-fed optical scan tabulators are used in some jurisdictions to handle larger volumes of central count ballots. Direct Recording Electronic (DRE): A direct recording electronic voting system (often touchscreen) is a vote-capture device that allows the electronic presentation of a ballot, electronic selection of valid contest options, and the electronic storage of contest selections as individual records. The voter’s choices are stored in DREs via a memory cartridge or smart card and added to the choices of all other voters. Ballot Marking Devices (BMD): A ballot marking device allows the electronic presentation of a ballot, electronic selection of valid contest options and produces a machine-marked paper ballot, but does not make any other lasting record of the voter’s selections. Hybrid Voting Systems: Hybrid voting systems combine elements of optical scanners, DREs, or ballot marking devices. Election Management System (EMS): A set of applications that handle pre- and post-voting activities, including ballot layout, programming media for voting equipment, importing results data, and accumulating and reporting results. Contrary to popular belief, all electronic voting equipment can be hacked because all such equipment must receive programming before each election from memory cards or USB drives prepared on election management systems which are often computers not only connected to the internet but also running out-of-date versions of Windows. If a county election management system is infected with malware, the malware can spread from that system to the USB drives, which then would transfer it to all the voting machines, scanners, and ballot-marking devices in the county. In 2008, the most serious breach in Pentagon history came from a single USB drive infected with a virus that spread swiftly through the Defense Department’s Secret Internet Protocol Router Network – the classified SIPRNet – as well as the Joint Worldwide Intelligence Communication System used by the U.S. government’s top intel agencies. After that hack, the Department of Defense severely restricted the use of USB drives, established programs to control and track personnel authorized to use them, and largely barred users by setting up computers without USB ports or restricting certain computer users to not recognize flash drives. In contrast, the majority of the U.S. election system is programmed by local county election officials or third-party vendors, who are plugging previously-used USB drives into computers connected to the internet, before plugging those same USB drives into the optical scanners, tabulators, and voting machines that collect, count, and determine election results. In 2019, the Associated Press reported that the vast majority of 10,000 election jurisdictions nationwide, including numerous swing states, were still using Windows 7 or older operating systems to create ballots, program voting machines, tally votes, and report counts. Windows 7 reached its “end of life” on Jan. 14, 2020, meaning Microsoft stopped providing technical support and producing “patches” to fix software vulnerabilities. Furthermore, not only are U.S. elections being programmed on computers running out-of-date software, but voting machine manufacturers have also installed remote-access software and wireless modems connecting voting machines directly to the internet. NBC News reported ten months before the 2020 election that ES&S, the largest U.S. election machine vendor, had installed at least 14,000 modems to connect their voting machines to the internet even though many election security experts had previously warned that voting machines with modems were vulnerable to hackers: Dominion Voting Systems, the second-largest U.S. election machine vendor, which has given public presentations acknowledging their use of modems in their voting machines, was also discovered to be running remote-access software during the 2020 election: In Georgia, 20-year election worker, Susan Voyles, testified that Dominion Voting Systems employees “operated remotely” on her ballot-marking devices and poll pads after the team experienced some technical problems with their machines. In Wisconsin, the Office of Special Counsel (OSC), headed by retired state Supreme Court Justice Michael Gableman, also found that Dominion and ES&S voting machines were online and connected to the internet. In Michigan, attorney and Secretary of State candidate, Matt Deperno, discovered a Telit LE910-SV1 modem chip embedded in the motherboard of an ES&S DS200 voting machine. Through these modems, hackers could theoretically intercept results as they’re transmitted on election night — or, worse, use the modem connections to reach back into voting machines or the election management systems to install malware, change software, or alter official results. Therefore, not only are hackers able to penetrate elections through vulnerable USB cards and election management systems, but also through the very voting machines themselves. This isn’t a problem exclusive to elections — all computers are hackable — and that is why election security experts have always recommended hand-marked paper ballots and rigorous post-election audits. This also isn’t a partisan issue, both Democrats and Republicans are well aware of the secrecy, privatization, and hackable hardware and software that runs America’s elections. After the 2016 election, Clinton supporters and the corporate media would spend the next four years talking about how compromised America’s computerized voting system was. Sen. Ron Wyden, Sen. Amy Klobuchar, and Sen. Kamala Harris held numerous congressional hearings where they explained that it was too easy to hack voting machines, too easy to find unattended voting machines and too many voting machines were connected to the internet: After the 2020 election, Trump supporters were censored and de-platformed (I was banned from Twitter) for pointing out the very same vulnerabilities that Democrats and the corporate media had spent the last four years discussing. Regardless of politics, these vulnerabilities are very real, they still exist today, and they are best explained by the computer scientists who have spent the last two decades researching them. Professor Matt Blaze, Georgetown University, Computer Science: “I come here today as a computer scientist who spent the better part of the last quarter century studying election system security… To be blunt, it’s a widely recognized really indisputable fact that every piece of computerized voting equipment in use at polling places today can be easily compromised in ways that have the potential to disrupt election operations, compromise firmware and software, and potentially alter vote tallies in the absence of other safeguards. This is partly a consequence of historically poor design and implementation by equipment vendors but it’s ultimately a reflection of the nature of complex software. It’s simply beyond the state of the art to build software systems that can reliably withstand targeted attacks by a determined adversary in this kind of an environment…Just as we don't expect the local sheriff to singlehandedly defend against military ground invasions, we shouldn't expect county election IT managers to defend against cyber attacks by foreign intelligence services.” Professor J. Alex Halderman, University of Michigan, Computer Science: “I’m a professor of computer science and have spent the last ten years studying the electronic voting systems that our nation relies on. My conclusion from that work is that our highly computerized election infrastructure is vulnerable to sabotage and even to cyber attacks that could change votes... I know America’s voting machines are vulnerable because my colleagues and I have hacked them repeatedly as part of a decade of research studying the technology that operates elections and learning how to make it stronger. We’ve created attacks that can spread from machine to machine like a computer virus and silently change election outcomes. We’ve studied touch screen and optical scan systems and in every single case we’ve found ways for attackers to sabotage machine and to steal votes…In close elections, an attacker can probe the most important swing states or swing counties, find areas with the weakest protection, and strike there. In a close election year, changing a few votes in key localities could be enough to tip national results.” Professor Andrew Appel, Princeton University, Computer Science: “Installing new software is how you hack a voting machine to cheat. In 2009, in a courtroom of the superior court of New Jersey, I demonstrated how to hack a voting machine. I wrote a vote-stealing computer program that shifted votes from one candidate to another. Installing that vote stealing program in a voting machine takes seven minutes per machine with a screwdriver. But really the software I built was not rocket science. Any computer programmer could write the same code. Once it’s installed, it could steal elections without detection for years to come… Other computer scientists have demonstrated similar hacks on many models of machine. This is not just one glitch from one manufacturer of machine, it’s the very nature of computers. So how can we trust our elections when it is so easy to make the computers cheat?” Americans deserve to know every single line of code and every single piece of hardware that counts their votes. Voters should demand election security legislation prioritize hand-marked paper ballots and rigorous post-election audits. Every voter should have the option to use a hand-marked paper ballot at the polling place. Voters should also demand, for a start, to ban remote access software, wireless modems, direct-recording electronic, and ballot-marking device voting systems. America’s elections must shift from a proprietary, privately-owned system to one that is open-source, available for public inspection, and completely owned by the American people. To turn this passion into a career, I need your support: subscribers who sign up for $5 a month will enable me to do this full-time. For the price of a cup of coffee, you become my largest benefactor, and my work continues to be beholden only to truth, freedom, and the American people. Searchable Database Keywords To Search: Dominion, Election Systems & Software, ES&S, Diebold, Sequoia, Premier, GEMS, DRE, direct-recording electronic, election management system, EMS, albert, albert-sensors, optical, optical-scan, optical-scanner, poll, poll book, touch-screen, touchscreen, hand-marked, hand marked, paper ballot, stingray, remote, remote-access, modem, router, password, glitch, usb, card, thumb drive, hardware, software, malware, virus, barcode, QR, etc. The bedrock of our Constitutional Republic is free and fair elections — please consider sharing this article on social media. NYT: How to Hack an Election (Jan. 31, 2004) CNN: The trouble with e-voting (Aug. 30, 2004) Princeton: Security Analysis of the Diebold Accuvote-TS Voting Machine (Sept. 13, 2006) TechReview: How to Hack an Election in One Minute (Sept. 18, 2006) CNN: Dobbs: Voting Machines Put U.S. Democracy At Risk (Sept. 21, 2006) HBO: Hacking Democracy (Nov. 2, 2006) Salon: Hacking Democracy (Nov. 2, 2006) NYT: Scientists’ Tests Hack Into Electronic Voting Machines in California and Elsewhere (July 28, 2007) Wired: Whistleblower: Voting Machine Company Lied to Election Officials About Reliability of Machines (March 27, 2008) CNN: Computerized Systems Also Vulnerable To Hacking (Oct. 30, 2008) Wired: ES&S Voting Machines Can Be Maliciously Calibrated to Favor Specific Candidates (Nov. 3, 2008) CNN: Hacking Your Vote (Oct. 27, 2010) TechReview: How Long Before Hackers Steal Votes? (March 18, 2011) NBC: It only takes $26 to hack a voting machine (Sept. 28, 2011) PBS: Internet Voting: Will Democracy or Hackers Win? (Feb. 16, 2012) WSJ: Will The Next Election Be Hacked? (Aug. 17, 2012) PopSci: How I Hacked An Electronic Voting Machine (Nov. 5, 2012) Verge: Feed the machine: America's stumble through a decade of electronic voting (Nov. 6, 2012) BrennanCenter: America’s Voting Machines At Risk (Sept. 15, 2014) Guardian: Voting machine password hacks as easy as 'abcde' (April 15, 2015) NYT: Millions of Voter Records Posted, and Some Fear Hacker Field Day (Dec. 30, 2015) Politico: More than 20 states have faced major election hacking attempts, DHS says (Sept. 30, 2016) Wired: America’s Electronic Voting Machines Are Scarily Easy Targets (Aug. 2, 2016) Politico: How to Hack an Election in 7 Minutes (Aug. 5, 2016) LawfareBlog: Secure the Vote Today (Aug. 8, 2016) CNN: Just How Secure Are Electronic Voting Machines? (Aug. 9, 2016) CBS: Hacker demonstrates how voting machines can be compromised (Aug. 10, 2016) ABC: Yes, It's Possible to Hack the Election (Aug. 19, 2016) Atlantic: How Electronic Voting Could Undermine the Election (Aug. 29, 2016) FOX: Princeton Professor demonstrates how to hack a voting machine (Sept. 18, 2016) Fortune: Watch This Security Researcher Hack a Voting Machine (Nov. 4, 2016) Vox: Here’s how hackers can wreak havoc on Election Day (Nov. 7, 2016) PBS: Here’s how hackers might mess with electronic voting on Election Day (Nov. 8, 2016) Slate: Now Is the Time to Replace Our Decrepit Voting Machines (Nov. 17, 2016) PBS: Recounts or no, U.S. elections are still vulnerable to hacking (Dec. 26, 2016) Politico: U.S. elections are more vulnerable than ever to hacking (Dec. 29, 2016) ScientificAmerican: Our Voting System Is Hackable by Foreign Powers (March 1, 2017) Politico: Will the Georgia Special Election Get Hacked? (June 14, 2017) NPR: If Voting Machines Were Hacked, Would Anyone Know? (June 14, 2017) HuffPost: Good News For Russia: 15 States Use Easily Hackable Voting Machines (July 17, 2017) Forbes: These Hackers Reveal How Easy It Is To Hack US Voting Machines (July 29, 2017) CNET: Defcon hackers find it’s very easy to break voting machines (July 30, 2017) CNN: We watched hackers break into voting machines (Aug. 11, 2017) Intercept: The U.S. Election System Remains Deeply Vulnerable (Oct. 3, 2017) NYT: The Myth of the Hacker-Proof Voting Machine (Feb. 2, 2018) Slate: America's Voting Systems Are Highly Vulnerable to Hackers (Feb. 22, 2018) NYT: I Hacked an Election. So Can the Russians. (April 5, 2018) NewYorker: America Continues To Ignore Risks of Election Hacking (April 18, 2018) Reuters: Old voting machines stir concerns among U.S. officials (May 31, 2018) Axios: There's more than one way to hack an election (July 3, 2018) Newsweek: Election Hacking: Voting-Machine Supplier Admits It Used Hackable Software Despite Past Denials (July 17, 2018) Salon: Remote-access allowed: Voting machine company admits installing vulnerable software (July 20, 2018) BBC: Hacking the US midterms? It's child's play (Aug. 11, 2018) PBS: An 11-year-old changed election results on a replica Florida state website in under 10 minutes (Aug. 12, 2018) Guardian: Why US elections remain 'dangerously vulnerable' to cyber-attacks (Aug. 13, 2018) Guardian: Kids at hacking conference show how easily US elections could be sabotaged (Aug. 22, 2018) National Academies of Sciences, Engineering, Medicine: Securing The Vote (Sept. 6, 2018) CBS: Why voting machines in the U.S. are easy targets for hackers (Sept. 19, 2018) NYT: The Crisis of Election Security (Sept. 26, 2018) Politico: Attack on commonly used voting machine could tip an election (Sept. 27, 2018) WSJ: Voting Machine Used in Half of U.S. Is Vulnerable to Attack (Sept. 27, 2018) CNN: Hackers Bring Stark Warning About Election Security (Sept. 27, 2018) Wired: Voting Machines Are Still Absurdly Vulnerable to Attacks (Sept. 28, 2018) JenniferCohn: The genesis of America’s corrupted computerized election system (Oct. 10, 2018) Slate: Can Paper Ballots Save Our Democracy? (Oct. 10, 2018) NYT: America's Elections Could Be Hacked. Go Vote Anyway (Oct. 19, 2018) Vox: The hacking threat to the midterms is huge. (Oct. 25, 2018) Forbes: Threats Obvious, But Electronic Voter Systems Remain Insecure (Nov. 1, 2018) SciAmerican: The Vulnerabilities of Our Voting Machines (Nov. 1, 2018) NYT: The Election Has Already Been Hacked (Nov. 3, 2018) NYBooks: Voting Machines: What Could Possibly Go Wrong? (Nov. 5, 2018) GQ: How to Hack an Election (Nov. 5, 2018) Salon: Philly ignores cybersecurity and disability access in voting system selection (Feb. 16, 2019) Politico: State election officials opt for 2020 voting machines vulnerable to hacking (March 1, 2019) TechCrunch: Senators demand to know why election vendors still sell voting machines with ‘known vulnerabilities’ (March 27, 2019) Salon: New "hybrid" voting system can change paper ballot after it's been cast (March 28, 2019) AP: Exclusive: New Election systems use vulnerable software (July 13, 2019) Vice: Critical US Election Systems Have Been Left Exposed Online (Aug. 8, 2019) CNN: Watch this hacker break into a voting machine (Aug. 10, 2019) NBC: How Hackers Can Target Voting Machines (Aug. 12, 2019) WaPo: Hackers were told to break into U.S. voting machines. They didn't have much trouble. (Aug. 12, 2019) MITTech: 16 million Americans will vote on hackable paperless machines (Aug. 13, 2019) Salon: Hackers can easily break into voting machines used across the US (Aug. 14, 2019) FOX: Election machine keys are on the Internet, hackers say (Aug. 22, 2019) Hill: Voting machines pose a greater threat to our elections than foreign agents (Oct. 2, 2019) NPR: Cyber Experts Warn Of Vulnerabilities Facing 2020 Election Machines (Sept. 4, 2019) JenniferCohn: America’s Electronic Voting System is Corrupted to the Core (Sept. 7, 2019) Wired: Some Voting Machines Still Have Decade-Old Vulnerabilities (Sept. 26, 2019) Hill: Hacker conference report details persistent vulnerabilities to US voting systems (Sept. 26, 2019) MotherJones: Researchers Assembled over 100 Voting Machines. Hackers Broke Into Every Single One. (Sept. 27, 2019) WaPo: The Cybersecurity 202: U.S. voting machines vulnerable to hacks in 2020, researchers find (Sept. 27, 2019) RollingStone: John Oliver Breaks Down Faulty Election Machine Security on 'Last Week Tonight' (Nov. 4, 2019) Bloomberg: Expensive, Glitchy Voting Machines Expose 2020 Hacking Risks (Nov. 8, 2019) NYBooks: How New Voting Machines Could Hack Our Democracy (Dec. 17, 2019) WaPo: Voting machines touted as secure option are actually vulnerable to hacking, study finds (Jan. 8, 2020) NBC: 'Online and vulnerable': Experts find nearly three dozens U.S. voting systems connected to internet (Jan. 10, 2020) ElectionLawJournal: Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters (Feb. 14, 2020) AP: Reliability of pricey new voting machines questioned (Feb. 23, 2020) Guardian: Hack the vote: terrifying film shows how vulnerable US elections are (March 26, 2020) HBO: Kill Chain: The Cyber War on America’s Elections (March 26, 2020) WSJ: Why a Data-Security Expert Fears U.S. Voting Will Be Hacked (April 24, 2020) WhoWhatWhy: Touchscreen Voting Machines And The Vanishing Black Votes (May 27, 2020) KimZetter: The Election Security Crisis and Solutions for Mending It (Sept.1, 2020) DotLA: LA County is Tabulating Votes with QR Codes. Security Experts Think It's a Bad Idea (Oct. 22, 2020) AJC: In high-stakes election, Georgia’s voting system vulnerable to cyberattack (Oct. 23, 2020) NYBooks: How Safe Is the US Election From Hacking? (Oct. 31, 2020) USA Today: Will your ballot be safe? Computer experts sound warnings on America's voting machines (Nov. 2, 2020) Politico: One big flaw in how Americans run elections (Nov. 2, 2020) HeritageFoundation: Iranian Hackers Indictment Shows Vulnerability of Online Voter Registration (Nov. 30, 2021) GovernmentTechnology: Report: Hackers Can Flip Votes in Georgia's Voting System (Jan. 27, 2022) NYT: How to Hack an Election (Jan. 31, 2004) “When the State of Maryland hired a computer security firm to test its new machines, these paid hackers had little trouble casting multiple votes and taking over the machines' vote-recording mechanisms… It was an ''easy matter,'' they reported, to reprogram the access cards used by voters and vote multiple times. They were able to attach a keyboard to a voting terminal and change its vote count. And by exploiting a software flaw and using a modem, they were able to change votes from a remote location.” CNN: The trouble with e-voting (Aug. 30, 2004) “A lawsuit was filed against Diebold last year in California alleging that software flaws makes the voting machines vulnerable to hacker attacks and computer viruses. There are also concerns about the lack of a verifiable paper trail with electronic voting.” Princeton: Security Analysis of the Diebold Accuvote-TS Voting Machine (Sept. 13, 2006) “Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.” TechReview: How to Hack an Election in One Minute (Sept. 18, 2006) “Princeton U. researchers have released a study and video that demonstrate the ease of altering votes on an electronic voting machine… First, the CITP group discovered that not only could it install malicious code on the voting machine, but also that the code could easily be configured to “disappear” once its work was done, leaving no trace of tampering; the electronic and paper records produced by the voting machine would agree–and both be wrong. Second, they found that physically hacking into the machine and its memory card was easy… The CITP’s third finding was that its virus code could spread… An infected memory card, inserted into another voting machine, would infect that machine and then its memory card, and so on.” CNN: Dobbs: Voting Machines Put U.S. Democracy At Risk (Sept. 21, 2006) “…electronic voting machines are placing our democracy at risk...eight out of every 10 voters will be casting their ballots this November on electronic voting machines. And these machines time and again have been demonstrated to be extremely vulnerable to tampering and error, and many of them have no voter-verified paper trail…Princeton researchers found that "malicious software" running on a single voting machine can steal votes with little, if any, risk of detection, and that anyone with access can install the software. The study also suggests these machines are susceptible to voting-machine viruses.” HBO: Hacking Democracy (Nov. 2, 2006) “Hacking Democracy follows citizen investigators as they prove America's votes can be stolen without a trace. Their mission climaxes in a duel between the Diebold corporation's voting machines and a computer hacker – with America’s democracy at stake. "Hacking Democracy" ends on a sour note, which serves as an apt metaphor for the entire election-reform movement. We see Harris and her hacker friends set out to prove that they can program a Diebold memory card -- the card that stores votes in touch-screen and optical-scan counting machines -- so that it easily steals an election. Their demonstration is so unmistakably successful you can't help feeling sick.” Salon: Hacking Democracy (Nov. 2, 2006) “In a nutshell, the case against touch-screen voting systems -- on which about 40 percent of Americans will cast their ballots this year -- boils down to this: You can never really know what's going on inside… But paperless touch-screen machines store their votes on hard drives and memory cards, rendering recounts impossible. If the computer hasn't recorded people's votes correctly in the first place, or if someone has weaseled into the database and shifted around the totals, the true count will be lost to all forever.” NYT: Scientists’ Tests Hack Into Electronic Voting Machines in California and Elsewhere (July 28, 2007) “Computer scientists from California universities have hacked into three electronic voting systems from three of the four largest companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.. and found several ways in which vote totals could potentially be altered… The reports also said the investigators had found possible problems not only with computerized touch-screen machines, but also with optical scanning systems and broader election-management software.” Wired: Whistleblower: Voting Machine Company Lied to Election Officials About Reliability of Machines (March 27, 2008) “A former technician who worked for Hart InterCivic — a voting machine company based in Texas — has alleged that his company lied to election officials about the accuracy, testing, reliability and security of its voting machines. Among the claims he makes: …didn't completely alpha test its software and didn't beta test its software at all… created a "dummy" machine to undergo certification testing in Ohio because he says its standard system configuration would not have passed certification…created a dummy report by hand and told certification officials that it came from the voting system…patched the software in some jurisdictions without telling customers it was changing the software and without submitting the changes for certification.” CNN: Computerized Systems Also Vulnerable To Hacking (Oct. 30, 2008) “U.S. election watchdogs are concerned about the accuracy of electronic voting…About half of voters will use optical-scan systems; one-third will use touch screens…Touch-screen machines can occasionally fail or register votes for unintended candidates. Optical-scan systems can have trouble reading paper ballots that are too long or marked with the wrong ink. At least one study suggests that electronic voting machines can be easily hacked…The problem now is that roughly a third of voters nationwide will use unverifiable electronic machines. So if there are uncertainties, there will be no way to resolve them.” Wired: ES&S Voting Machines Can Be Maliciously Calibrated to Favor Specific Candidates (Nov. 3, 2008) “Touchscreen voting machines at the center of recent vote-flipping reports can be easily and maliciously recalibrated in the field to favor one candidate in a race, according to a report prepared by computer scientists for the state of Ohio…At issue are touchscreen machines manufactured by ES&S, 97,000 of which are in use in 20 states…The process for calibrating the touchscreens allows poll workers or someone else to manipulate specific regions of the screen, so that a touch in one region is registered in another. Someone attempting to rig an election could thus arrange for votes for one candidate to be mapped to the opponent.” CNN: Hacking Your Vote (Oct. 27, 2010) “For University of Michigan Prof. J. Alex Halderman, getting into the machines was as easy as picking a cheap lock. Once in, the researchers were able to reprogram the memory card inside the machines, set up a mock election and then steal votes at will… We were flipping votes from one candidate to another to keep the total number of votes the same…We have found that we can make a voting machine virus that can jump from machine to machine and change the election outcome across a whole state.” TechReview: How Long Before Hackers Steal Votes? (March 18, 2011) “New Jersey’s electronic voting machines, which are emblematic of machines across the U.S., remain vulnerable to attack by hackers who could inject software or hardware to skew vote counts. DRE voting machines are very vulnerable to software-based fraud: if an attacker replaces the firmware (software) that determines how the computer interprets button-presses on the user interface, then he can make the machine fraudulently miscount votes according to an algorithm he determines. He can choose the algorithm so as to resist detection by black-box testing, that is, not to cheat in circumstances other than in real elections.” NBC: It only takes $26 to hack a voting machine (Sept. 28, 2011) “Researchers from the Argonne National Laboratory in Illinois have developed a hack that, for about $26 and an 8th-grade science education, can remotely manipulate the electronic voting machines used by millions of voters all across the U.S… an attacker could tamper with, and remotely take full control, of the e-voting machine simply by attaching what they call a piece of "alien electronics" into the machine's circuit board. The electronic hacking tool consists of a $1.29 microprocessor and a circuit board that costs about $8. Together with the $15 remote control, which enabled the researchers to modify votes from up to a half-mile away, the whole hack runs about $26.” PBS: Internet Voting: Will Democracy or Hackers Win? (Feb. 16, 2012) “Professor Halderman and some of his grad students took the bait and got busy, documenting their exploit in detail. Within 36 hours, they were in total control of the elections server. They changed votes to elect science fiction computers and robots, downloaded a file with all the real voter passwords, and rigged it so whenever someone submitted a ballot, they heard the Michigan fight song, "The Victors," after a 15-second delay.” WSJ: Will The Next Election Be Hacked? (Aug. 17, 2012) “Two years ago, hackers gained access to an online voting system created by the District of Columbia and altered every ballot on behalf of their own preferred candidates…Internet voting systems were a real threat to the integrity of the democratic process.” PopSci: How I Hacked An Electronic Voting Machine (Nov. 5, 2012) “What do you need to rig an election? A basic knowledge of electronics and $30 worth of RadioShack gear, professional hacker Roger Johnston reveals… He launched security attacks on electronic voting machines to demonstrate the startling ease with which one can steal votes…It’s called a man-in-the-middle attack. It’s a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We’re basically interfering with transmitting the voter’s intent…Anyone who does digital electronics–a hobbyist or an electronics fan–could figure this out.” Verge: Feed the machine: America's stumble through a decade of electronic voting (Nov. 6, 2012) “When it comes to the Sequoia AVC Edge with which President Obama submitted his ballot, this is what they're saying: it has "significant security weaknesses."…"The nature of these weaknesses raises serious questions as to whether the Sequoia software can be relied upon to protect the integrity of elections." Yet these machines are still in use in part or all of 13 states…A single precinct in Volusia County, Florida, late on Election Night — where voters used optical scan, fill-in-the-bubble ballots — reported that Gore had inexplicably received 16,022 negative votes. As they became more widely used, reports surfaced of glitches, including disappearing and "flipping" votes.” BrennanCenter: America’s Voting Machines At Risk (Sept. 15, 2014) “No one expects a laptop to last for 10 years. And although today’s machines debuted at the beginning of this century, many were designed and engineered in the 1990s. Forty-three states are using some machines that will be at least 10 years old in 2016. In most of these states, the majority of election districts are using machines that are at least 10 years old. In 14 states, machines will be 15 or more years old. Nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts. Older machines can also have serious security and reliability flaws that are unacceptable today. For example, Virginia recently decertified a voting system used in 24 percent of precincts after finding that an external party could access the machine’s wireless features to “record voting data or inject malicious data.” Guardian: Voting machine password hacks as easy as 'abcde' (April 15, 2015) “Touchscreen WinVote voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report…Anyone within a half mile could have modified every vote, undetected…the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to “create and execute malicious code” on the WINVote and that “the level of sophistication to execute such an attack is low”.” NYT: Millions of Voter Records Posted, and Some Fear Hacker Field Day (Dec. 30, 2015) “First and last names. Recent addresses and phone numbers. Party affiliation. Voting history and demographics. A database of this information from 191 million voter records was posted online over the last week, the latest example of voter data becoming freely available, alarming privacy experts who say the information can be used for phishing attacks, identity theft and extortion. It is not known who built the database, where all the data came from, and whether its disclosure resulted from an inadvertent release or from hacks…states are not taking the security of voter data seriously enough.” Politico: More than 20 states have faced major election hacking attempts, DHS says (Sept. 30, 2016) “Hackers have intensely probed state voter registration systems in more than 20 states…The revelation comes amid fears that the electoral system is vulnerable to digital meddling. The DHS official — speaking on background because of the subject’s sensitive nature — explained that hackers of all stripes are constantly testing the digital defenses of every state’s public-facing election systems. But in 20-plus states, the agency determined that these intrusion attempts have become what DHS calls probing of concern.” Wired: America’s Electronic Voting Machines Are Scarily Easy Targets (Aug. 2, 2016) “They are old, buggy, and insecure. If someone wanted to mess with the US election, these machines would be an easy way in. Most of these machines are running Windows XP, for which Microsoft hasn’t released a security patch since April 2014…researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack.” Politico: How to Hack an Election in 7 Minutes (Aug. 5, 2016) “Princeton professor Andrew Appel decided to hack into a voting machine… He summoned a graduate student named Alex Halderman, who could pick the machine’s lock in seven seconds. Clutching a screwdriver, he deftly wedged out the four ROM chips—they weren’t soldered into the circuit board, as sense might dictate—making it simple to replace them with one of his own: A version of modified firmware that could throw off the machine’s results, subtly altering the tally of votes, never to betray a hint to the voter. The attack was concluded in minutes… the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there. We found the machine did not have any security mechanisms beyond what you’d find on a typical home PC, it was very easy to hack…foreign hackers could attack the state and county computers that aggregate the precinct totals on election night…They could attack digitized voter registration databases…They could infect software at the point of development, writing malicious ballot definition files that companies distribute, or do the same on a software patch…They could FedEx false software to a county clerk’s office and, with the right letterhead and convincing cover letter, get it installed. Even with optical scan voting, it’s not just the voting machines themselves—it’s the desktop and laptop computers that election officials use to prepare the ballots, prepare the electronic files from the OpScan machines, panel voter registration, electronic poll books. And the computers that aggregate the results together from all of the optical scans.” LawfareBlog: Secure the Vote Today (Aug. 8, 2016) “…the computer experts have almost universally agreed: we can’t secure purely electronic voting systems. It may be surprising to outsiders, but computer scientists believe in paper ballots, either directly marked by the voter or created by a machine and placed in the ballot box. Voting systems need to convince rational losers that they lost fairly. In order to do that, it is critical to both limit fraud and have the result be easily explained. It is impossible to prevent all fraud but we must ensure that the cost of fraud scales with the size: it should take 100 times more effort to change 100 votes compared with the effort associated with changing one vote. Any voting system in which fraud is constant—that is, in which changing 100 votes takes the same effort as changing one—must be viewed as critically flawed.” CNN: Just How Secure Are Electronic Voting Machines? (Aug. 9, 2016) “We've officially entered the era of the hackable election. In a demo, Varner showed CNNMoney how a voter access card can be hacked by a small device that reprograms the card, giving voters the ability to cast their vote as many times as they wish…a hacker could intercept the signals from an electronic voting machine connected to the Internet, similar to how hackers could intercept a user's data when he or she connects to WiFi at a coffee shop. We don't know what the transport network looks like between this machine and the actual database server that's aggregating the votes and then sending it up for live broadcast. Anywhere along that path... the communications could be intercepted." CBS: Hacker demonstrates how voting machines can be compromised (Aug. 10, 2016) “Concerns are growing over the possibility of a rigged presidential election. Roughly 70 percent of states in the U.S. use some form of electronic voting. Hackers told CBS News that problems with electronic voting machines have been around for years. The machines and the software are old and antiquated. The voter doesn't even need to leave the booth to hack the machine. For $15 and in-depth knowledge of the card, you could hack the vote… There are so many places in the voting process once it goes electronic that's vulnerable. We found that more than 40 states are using voting machines there that are at least 10 years old.” ABC: Yes, It's Possible to Hack the Election (Aug. 19, 2016) “Slight meddling in some swing precincts in swing states could tip the scales. If it’s a computer, it can be hacked… if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so… In most states the data that are used to determine who won an election are processed by networked, computerized devices… There are almost no locations that exclusively use paper ballots… The process of recording which person got your vote can — almost always — be hacked. Malware can be implanted on voting machines. Almost none of these machines have any kind of malware detection software like those used at major corporations and government agencies. Even if they did, many of those cybersecurity tools are regularly defeated by today’s sophisticated hackers… In America’s often close elections, a little manipulation could go a long way… Smart malware can be programmed to switch only a small percentage of votes from what the voters intended. That may be all that is needed, and that malware can also be programmed to erase itself after it does its job, so there might be no trace it ever happened. Minimal election security standards could be simply stated: 1) No vote recording machine shall be connected electronically to any network — including but not limited to local area networks (LANs), Wi-Fi, the internet and virtual private networks (VPNs). 2) Every voting machine must create a paper copy of each vote recorded, and those paper copies must be kept secured for at least a year. 3) A verification audit by sampling shall be conducted within 90 days on a statistically significant level by professional auditors to compare the paper ballots of record with the results recorded and reported. One of the best ideas is that the software used to run voting machines be restricted to open source applications, whose code could be publicly examined. Another proposal that makes sense is that voting machines be required to run a certified malware detection software application before, during and after the voting process.” Atlantic: How Electronic Voting Could Undermine the Election (Aug. 29, 2016) “…computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility: When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals…pure electronic voting is simply too dangerous: We must use paper, either directly filled out by the voter or as a voter verifiable paper audit trail…” FOX: Princeton Professor demonstrates how to hack a voting machine (Sept. 18, 2016) “I have demonstrated how to hack the AVC Advantage voting machines that we use in New Jersey... The touch screen voting machine, the type used in about ten states, can be tampered with... By simply swapping the machines computer chip for his own... I figured out how to make a slightly different computer program that just before the close of the polls, it shifts some votes around from one candidate to another. I wrote that computer program onto a memory chip like this and now to hack a voting machine, you have to get seven minutes alone with it, with a screwdriver.” Fortune: Watch This Security Researcher Hack a Voting Machine (Nov. 4, 2016) “Researchers at cybersecurity startup Cylance said they were able to hack into the Sequoia AVC Edge Mk1, used to count votes in states including California, Florida, and New Jersey, and change the final tally it produced. In Cylance's hacking demonstration, researchers were able to alter the memory of the machine as well as the paper trail it created to change vote counts and precinct records. To pull off the hack, the researchers slipped in a custom PC memory card that overwrote software embedded on the device. Cylance said it had notified Dominion Voting Systems (née Sequoia), the voting machine's maker, and government authorities about the threat.” Vox: Here’s how hackers can wreak havoc on Election Day (Nov. 7, 2016) “Voting machines are old and vulnerable, and voter databases are connected to the internet. Many voting machines are running software that’s over a decade old, like Windows XP, which Microsoft hasn’t issued a security patch for since 2014. Others store ballots on memory cards, which could be used to insert viruses that can cause the machines to malfunction or alter votes. Take the Sequoia AVC Edge, for example, which is used in 12 states. It was hacked by a group of academics who installed malware that made the machine unable to do anything but play Pac-Man... Across the country, state voter registration data is synced with the internet; the integration has allowed people to register online or at the DMV. But it also means those databases are vulnerable to hackers… In Indiana last month, a security researcher demonstrated how he was able to quickly break into the state’s database and edit people’s voter information. Last year, another researcher found 191 million hacked voter registration records sitting on an open database that apparently anyone could find.” PBS: Here’s how hackers might mess with electronic voting on Election Day (Nov. 8, 2016) “…vulnerabilities in electronic ballots, make hacking a major possibility on Election Day… Five states — New Jersey, Delaware, Georgia, Louisiana and South Carolina — will cast votes on digital systems without leaving a paper trail. The same applies to several jurisdictions in battleground states like Pennsylvania and Ohio. Cyber vulnerabilities exist in all of these locations. Most revolve around the age of the machines and their software. The Brennan Center report estimated 43 states will use voting machines in 2016 that are more than 10 years old. Many of these devices contain outdated software — think Microsoft Windows XP or older — without security updates. Meanwhile, the mainframes of other machines are guarded by easy-to-pick padlocks or by no barrier at all. With the kind of stealth and sophistication that’s already out there, why wouldn’t a nation-state, cyber-criminal gang or activist group go into election systems that are completely vulnerable?…much of this voting technology is proprietary, so forensic auditors couldn’t independently scrub for and detect malicious software, especially given such code might delete itself after Election Day… Some counties use devices that collect and calculate results at once, such as the AccuVote TS and TSX voting machines. But the software for these popular machines lack basic cybersecurity, like encryption or strong passwords. Marketplaces for voter registration data have sprouted on the Dark Web over the last year, according to an election hacking report from the ICIT. Prices vary, but one listing offered 0.5 Bitcoins ($300) for a single state’s database.” Slate: Now Is the Time to Replace Our Decrepit Voting Machines (Nov. 17, 2016) “With antiquated voting devices at the end of their projected lifespans still in widespread use across the country, the U.S. is facing an impending crisis in which our most basic election infrastructure is unacceptably vulnerable to breakdown, malfunction, and hacking. It’s not just an inconvenience. If the machinery of democracy is called into question, so are its foundations. In today’s hyperpartisan environment, such a scenario—or even unfounded accusations of a “rigged” election that gained postelection traction—would be far more contentious. Just imagine what it might be like in 2020. No one expects a laptop to run reliably for more than a decade. Yet on Election Day 2016, 42 states used voting machines that were at least 10 years old, and 13 of those states used ones more than 15 years old. Perhaps even more troubling, these aging machines are particularly vulnerable to hacking. Although the country has made important advances in securing our voting technology in recent years, these older devices often rely on unsupported software (we found machines still operating on Windows 2000) that doesn’t receive the regular security patches that help protect against modern methods of cyberattacks and hasn’t been through the relatively rigorous federal certification program that exists today. What’s more, many of these systems don’t have a physical paper trails or ballots to back up the results, meaning there’s no way to independently verify how voters intended to cast their ballots in the case of a suspected hack. Voters complained of touchscreen calibration errors that “flipped” votes in North Carolina, Texas, Nevada, and Georgia and interfered with selecting straight party tickets in Pennsylvania. Optical scan machines malfunctioned in parts of Michigan and Massachusetts, and a few in Illinois had to be replaced because a “memory card blew.” PBS: Recounts or no, U.S. elections are still vulnerable to hacking (Dec. 26, 2016) “Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count. More than 80 percent of Pennsylvanians who voted Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. A recount would, in the words of VotePA’s Marybeth Kuznik, a veteran election judge, essentially amount to this: “You go to the computer and you say, ‘OK, computer, you counted this a week-and-a-half ago. Were you right the first time?'” These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected. Researchers would like to see the U.S. move entirely to computer-scannable paper ballots, since paper can’t be hacked. Many advanced democracies require paper ballots, including Germany, Britain, Japan and Singapore. Wallach and his colleagues believe a crafty team of pros could strike surgically, focusing on select counties in a few battleground states where “a small nudge might be decisive,” he said…Vote-tallying systems, typically at the county level, are also tempting targets. They tend to be little more than PCs running a database. Tabulation databases at the county level, which collect results from individual precincts, are supposed to be “airgapped” or disconnected from the internet at all times — though experts say they sometimes get connected anyway. They’re considered insecure for other reasons; many have USB ports where malware could be introduced. Forty-three states use machines more than a decade old. Most run on vintage operating systems such as Windows 2000 that pre-date the iPhone and are no longer updated with security patches.” Politico: U.S. elections are more vulnerable than ever to hacking (Dec. 29, 2016) “America's political system will remain vulnerable to cyberattacks and infiltration from foreign and domestic enemies unless the government plugs major holes and commits millions of dollars in the coming years… Hackers even invaded two state voter registration databases, spurring an FBI alert that sparked questions about whether a broader attack was coming. As for Election Day itself, 15 states — including swing state Pennsylvania — still rely at least partly on electronic voting machines that leave no paper trail. That’s despite years of warnings from digital security specialists, who say the touch-screen machines are prone to being hijacked and would provide no effective way to disprove claims of digital vote tampering… Democrats like Lieu say Republicans are playing with fire, warning the GOP could be in Russia’s cross hairs come 2018. And have no doubt, he added, foreign hackers “could absolutely swing an election” if the U.S. fails to lock its doors.” ScientificAmerican: Our Voting System Is Hackable by Foreign Powers (March 1, 2017) “It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief. A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election… It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices... We need to audit computers by manually examining randomly selected paper ballots and comparing the results with machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003 an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures…It is important that audits be performed on every contest in every election so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected, whether perpetrated by another country or a political party.” Politico: Will the Georgia Special Election Get Hacked? (June 14, 2017) “Logan Lamb decided he wanted to get his hands on a voting machine. A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website… Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by pollworkers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals. The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says. The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014…King has long insisted that the machines are secure because they and the GEMS tabulation computers are never connected to the internet and because officials perform tests before, during and after elections to ensure that they perform properly and that only certified software is installed on them. But critics say the tests Georgia performs are inadequate and that the center has shown a pattern of security failures that can’t be dismissed. In addition to failing to install the 2-year-old patch on its server software, Georgia, testimony in the injunction hearing last week revealed, is still using a version of software on its touch-screen machines that was last certified in 2005. That voting software is running on the machines on top of a Windows operating system that is even older than this.” NPR: If Voting Machines Were Hacked, Would Anyone Know? (June 14, 2017) “U.S. officials are increasingly worried about how vulnerable American elections really are… But even if most voting machines aren't connected to the Internet, says cybersecurity expert Jeremy Epstein, "they are connected to something that's connected to something that's connected to the Internet."… A recently leaked National Security Agency report on Russian hacking attempts has heightened concerns. According to the report, Russian intelligence services broke into an election software vendor's computer system and used the information it gained to send 122 election officials fake emails infected with malicious software. Bloomberg News reported Tuesday that Russia might have attempted to hack into election systems in up to 39 states. University of Michigan computer scientist Alex Halderman says it's just the kind of phishing campaign someone would launch if they wanted to manipulate votes. "That's because before every election, the voting machines have to be programmed with the design of the ballots — what are the races, who are the candidates," says Halderman. He notes that the programming is usually done on a computer in a central election office or by an outside vendor. The ballot program is then installed on individual voting machines with a removable memory card. "So as a remote attacker, I can target an election management system, one of these ballot programming computers. If I can infect it with malicious software, I can have that malicious software spread to the individual machines on the memory cards, and then change votes on Election Day," says Halderman. He and computer security experts, such as Halderman, think the best solution is to make sure all voting machines have paper records to back up the electronic results. They say states should also conduct audits after every election to make sure the electronic results match the paper ones. About half the states already do some audits, but Norden says most are inadequate.” HuffPost: Good News For Russia: 15 States Use Easily Hackable Voting Machines (July 17, 2017) Touch-screen machines can be programmed to change votes and are nearly impossible to audit, computer experts say… Manufacturers like Diebold touted the touch-screens, known as direct-recording electronic (DRE) machines, as secure and more convenient than their paper-based predecessors. Computer experts were skeptical, since any computer can be vulnerable to viruses and malware, but it was hard to get ahold of a touch-screen voting machine to test it. The manufacturers were so secretive about how the technology worked that they often required election officials to sign non-disclosure agreements preventing them from bringing in outside experts who could assess the machines. In September 2006, they published a research paper and an accompanying video detailing how they could spread malicious code to the AccuVote TS to change the record of the votes to produce whatever outcome the code writers desired. And the code could spread from one machine to another like a virus. That was more than a decade ago, but Georgia still uses the AccuVote TS. The state is one of five ― the others are Delaware, Louisiana, New Jersey and South Carolina ― that rely entirely on DREs for voting. Ten other states use a combination of paper ballots and DRE machines that leave no paper trail. Many use a newer version of the AccuVote known as the TSX ― even though computer scientists have demonstrated that machine, too, is vulnerable to hacking. Others use the Sequoia AVC Advantage, which Princeton professor Andrew Appel demonstrated could be similarly manipulated in a 2007 legal filing. Appel bought a Sequoia machine online for $82 and demonstrated that he could remove 10 screws and easily replace the Sequoia’s memory card with a modified version that would alter the outcome of an election…Computer scientists like Halderman, Appel and Felten have been warning states about the risks of DRE machines for over a decade, urging them to replace touch-screen machines with paper ballots that can be read with an optical scanner and easily audited after an election. Paper ballots create a physical copy of the voter’s choice that can be checked against the results; with DRE machines, it’s impossible to verify whether the choice the person intended to select is, in fact, what the machine recorded.” Forbes: These Hackers Reveal How Easy It Is To Hack US Voting Machines (July 29, 2017) “One of the things we want to drive home is that these things are ultimately software-based systems and we know software-based systems have vulnerabilities, that just comes with the territory… The attack is remarkably simple-looking, even to non-technical eyes. First, he finds the Wi-Fi access point in the device, normally used to hook up to other systems on an election network. Using a tool called Wireshark, he was then able to grab the IP address of the device. Knowing that it ran an ancient version of Microsoft Windows, Schurmann ran a hacking tool called Metasploit, which exploited an old vulnerability that was never patched on the machine. And that was it: he had enough access to alter records. What made the attack particularly worrisome was that it was possible wirelessly. "You don't even need to get up for this to work," he tells Forbes, noting that he had previously practiced the attack ahead of time . "Now we can really change things as we're the admin.”” CNET: Defcon hackers find it’s very easy to break voting machines (July 30, 2017) “When the password for a voting machine is "abcde" and can't be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed "America's worst voting machine," came equipped with this simple password even as it was used in some of the country's most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush's re-election in 2004 to Barack Obama's in 2012… "It's really just a matter of plugging your USB drive in for five seconds and the thing's completely compromised at that point," Synack co-founder Jay Kaplan said. "To the point where you can get remote access. It's very simple."… Once you're out of the voting program on the machine, it's just like any old Windows XP computer, Synack found.” CNN: We watched hackers break into voting machines (Aug. 11, 2017) “These are supposed to be the latest machines, they're still used in elections, and they're running ancient software. I think that if somebody wanted to, it would be pretty easy to fake an election…So if you are a voter in America, we're likely hacking the Machine that you vote on. There's a few dozen of these machines and also electronic poll books… We can go ahead and impact this log within 10 seconds you gain access to the operating system. We could actually remove this and clone this particular USB. We could go back and start looking at and reverse engineering what's on this image and determining the various ways that we can impact this particular operating system.” Intercept: The U.S. Election System Remains Deeply Vulnerable (Oct. 3, 2017) The Harvard report, titled “Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections,” concludes that online attackers can alter voter registration information in as many as 35 states and the District of Columbia by buying personal information through either legitimate or illegitimate sources. Voter registration information is public, and many states allow citizens to make changes online, even if they registered in person or by mail. A determined hacker could buy voter lists from the 36 jurisdictions that allow online registration, and separately buy the personal information used to confirm a voter’s identification – such as Social Security or drivers’ license numbers – to get in and make changes. Voting software is another potential target for hackers. The Intercept has previously reported on a top-secret National Security Agency report detailing a cyberattack by a Russian intelligence agency on at least one U.S. voting software supplier. The attackers sent spear-phishing emails to more than 100 local election officials just days before the November election, according to the highly classified report that was provided anonymously to The Intercept. NYT: The Myth of the Hacker-Proof Voting Machine (Feb. 2, 2018) “Eckhardt and his colleagues concluded that the problem with the machines, made by Election Systems & Software (ES&S), was likely a simple calibration error. But the experts were alarmed by something else they discovered. Examining the election-management computer at the county’s office — the machine used to tally official election results and, in many counties, to program voting machines — they found that remote-access software had been installed on it. Remote-access software is a type of program that system administrators use to access and control computers remotely over the internet or over an organization’s internal network. Election systems are supposed to be air-gapped — disconnected from the internet and from other machines that might be connected to the internet. The presence of the software suggested this wasn’t the case with the Venango machine, which made the system vulnerable to hackers. Anyone who gained remote access to the system could use the software to take control of the machine. Logs showed the software was installed two years earlier and used multiple times, most notably for 80 minutes on November 1, 2010, the night before a federal election… In the 15 years since electronic voting machines were first adopted by many states, numerous reports by computer scientists have shown nearly every make and model to be vulnerable to hacking. The systems were not initially designed with robust security in mind, and even where security features were included, experts have found them to be poorly implemented with glaring holes… ES&S has in the past sometimes sold its election-management system with remote-access software preinstalled, according to one official; and where it wasn’t preloaded, the company advised officials to install it so ES&S technicians could remotely access the systems via modem, as Venango County’s contractor did, to troubleshoot and provide maintenance… An ES&S contract with Michigan from 2006 describes how the company’s tech support workers used remote-access software called pcAnywhere to access customer election systems. And a report from Allegheny County, Pennsylvania, that same year describes pcAnywhere on that county’s election-management system on June 2 when ES&S representatives spent hours trying to reconcile vote discrepancies in a local district race that took place during a May 16th primary. An Allegheny County election official told me that remote-access software came pre-installed on their ES&S election-management system… On election nights, many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines. Election officials and vendors insist that the modem transmissions are safe because the connections go over phone lines and not the internet. But as security experts point out, many of the modems are cellular, which use radio signals to send calls and data to cell towers and routers belonging to mobile carriers — Verizon, Sprint, AT&T. These routers are technically part of the internet. Even when analog (landline) modems are used instead of cellular ones, the calls still likely pass through routers, because phone companies have replaced much of their analog switching equipment in recent years with digital systems. Because of this, attackers could theoretically intercept unofficial results as they’re transmitted on election night — or, worse, use the modem connections to reach back into election machines at either end and install malware or alter election software and official results... To subvert machines via their modem connection, an attacker could set up a device known as an IMSI-catcher (or stingray, as they’re also called) near precincts or county election offices to intercept and alter vote tallies as they’re transmitted. IMSI-catchers — which law enforcement, militaries and spies use — impersonate legitimate cell towers and trick phones and other devices in their vicinity into connecting to them instead of legitimate towers. Alternatively, a hacker could subvert telecom routers to intercept and alter election results as they pass through telecom equipment. Like any other digital device, telecom routers have vulnerabilities, and they have become a prime target in recent years for nation-state hackers from Russia and other countries. ‘‘The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,’’ says Susan Greenhalgh, a spokeswoman for the National Election Defense Coalition, an elections integrity group. ‘‘This oft-repeated myth instills a false sense of security that is inhibiting officials and lawmakers from urgently requiring that all voting systems use paper ballots and that all elections be robustly audited.’’…The top voting machine maker in the country, ES&S, distributes modems or modeming capability with many of its DRE and optical-scan machines. About 35,000 of ES&S’s newest precinct-based optical scanner, the DS200, are used in 31 states and the District of Columbia and can be outfitted with either analog or cellular modems to transmit results. Maryland, Maine, Rhode Island and the District of Columbia use only DS200 machines statewide (though they also use two other systems specifically for disabled voters and absentee ballots); Florida and Wisconsin use the DS200s in dozens of counties, and other states use them to lesser degrees. ES&S’s earlier model M100 optical scanners, which also can be equipped with modems, have long been used in Michigan — a critical swing state in the 2016 presidential election — though the state is upgrading to DS200 machines this year, as well as machines made by Dominion Voting Systems. Dominion’s machines use external serial-port modems that are connected to machines after an election ends. ” Slate: America's Voting Systems Are Highly Vulnerable to Hackers (Feb. 22, 2018) “Did Russia shift the election’s outcome by hacking registration rolls or voting machines? The fact is that it’s impossible to say. In September, the Department of Homeland Security informed officials in 21 states that Russians had hacked into their registration systems in the run-up to the election. Whether the hackers manipulated the rolls—removed names or switched their precincts—no one has investigated; perhaps no one could investigate, as so many months had passed before the hack was revealed… J. Alex Halderman a professor of computer science at the University of Michigan, testified that only a handful of vendors and contractors provide the equipment used in election machines. “Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters,” he said. “Furthermore, in close elections, decentralization can actually work against us. An attacker can probe different areas of the most important ‘swing states’ for vulnerabilities, find the areas that have the weakest protection, and strike there.” For the past decade, Halderman has run the “red teams”—the simulated attacker—in games to test the vulnerability of election machines. In those games, he testified, his team “could reprogram the machine to invisibly cause any candidate to win. We also created malicious software—vote-stealing code—that could spread from machine to machine like a computer virus, and silently change the election outcome…This month, the Center for American Progress released a study measuring the degree to which each of the 50 states meets these basic standards. The results were alarming. Paperless voting systems—touch screens with no paper backups—are still used in 14 states. Only 26 states require postelection audits. Forty-one states use database software that was created more than a decade ago—so long ago that the vendors no longer track vulnerabilities or send patches to the users. More distressing still, some of the worst laggards, by these measures, are battleground states. Florida gets an F, judged as “incomplete” or “unsatisfactory” on six of seven security metrics. Pennsylvania and Arizona get D’s. Iowa, Michigan, Nevada, Virginia, and Wisconsin get C’s. No state gets an A. Just 10 get B’s.” NYT: I Hacked an Election. So Can the Russians. (April 5, 2018) “After the chaos of the 2000 election, we were promised a modern and dependable way to vote,” Halderman says in the video. “I’m here to tell you that the electronic voting machines Americans got to solve the problem of voting integrity, they turned out to be an awful idea. That’s because people like me can hack them all too easily. Our highly computerized election infrastructure is vulnerable to sabotage and even to cyberattacks that could change votes. Halderman has testified before Congress on the issue. He says that while it’s promising that the Senate Intelligence Committee has recently shown some understanding of the problem, states must act too.” NewYorker: America Continues To Ignore Risks of Election Hacking (April 18, 2018) “America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. Another case to consider: the Department of Homeland Security recently discovered a number of rogue cell-phone simulators—technical tools that are commonly called “Stingrays”—in Washington, D.C., and has been unable to identify who was operating them…As a pair of Princeton computer scientists, Andrew Appel and Kyle Jamieson, have pointed out, cell-phone simulators, which mimic legitimate cell towers, happen also to be handy and inexpensive vote-hacking devices. On the Freedom to Tinker blog, Appel and Jamieson have posted easy-to-follow diagrams showing how the transmission of voting information from polling places could be intercepted by a Stingray and surreptitiously altered before being sent on to its intended destination, a central tabulating computer. The voting machine that Appel and Jamieson picked to illustrate this hypothetical “man-in-the-middle” attack was the DS200, a popular optical-scan voting machine that reads marked paper ballots, made by a company called Election Systems & Software… as of 2015, forty-three states and the District of Columbia were using machines that are no longer in production. Some of these machines are so old that their operating systems can’t be patched when security flaws are found, and replacement parts must be scrounged up on eBay…Software vulnerabilities, unreliable tabulators, and unprotected memory cards have left voting systems open to exploitation ever since electronic machines were introduced.” Reuters: Old voting machines stir concerns among U.S. officials (May 31, 2018) “In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned… These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows… Most of the dozen-plus state and local election officials interviewed by Reuters said they worry about bad actors hacking the older electronic voting machines to alter ballots, and then being unable to verify the results because there will be no paper trail. But the officials worry most about voters losing trust in elections, because officials would not be able to visibly demonstrate that the tally was indeed accurate.” Axios: There's more than one way to hack an election (July 3, 2018) “Here are the systems at risk in the election process: voter registration systems, voter registration databases (which the voter registration process produces), voter records at polling places (known as poll books, which exist in both printed and electronic versions), voting machines (which capture the votes), vote tabulation (when the votes are tallied)… Many parts of election systems are at risk of being exposed to the internet — and thereby potentially being inappropriately accessed or meddled with — because of human error or bad security protocols. Here are some of the main points of risk: registration interfaces, voter registration databases, electronic poll books, printed poll books, voting machines, electronic vote tabulation, optical scan vote tabulation, election management systems.” Newsweek: Election Hacking: Voting-Machine Supplier Admits It Used Hackable Software Despite Past Denials (July 17, 2018) “Election Systems and Software (ES&S) told Democratic Senator Ron Wyden of Oregon in an April letter that has now been released, first reported by Vice News and later obtained by Newsweek, that the company provided election equipment with remote connection software to an unspecified number of states from 2000 to 2006. "Prior to the inception of the [Election Assistance Commission] testing and certification program and the subsequent requirement for hardening and at customer's request, ES&S provided pcAnywhere remote connection software on the [Election-Management System] workstation to a small number of customers between 2000 and 2006," wrote Tom Burt, ES&S president.” Salon: Remote-access allowed: Voting machine company admits installing vulnerable software (July 20, 2018) “A letter sent to Congress reveals that, between 2000 and 2006, one of America's top voting machine companies installed remote-access software in their products that made it possible for them to be manipulated by third parties. In the letter, Election Systems and Software admitted that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006." As The Verge notes, "pcAnywhere’s security vulnerabilities have been well-documented in the past": In 2006, hackers stole the source code for pcAnywhere and then stayed quiet until 2012, when a hacker published part of the code online. Symantec, which distributed pcAnywhere, knew vaguely of the theft back in 2006 but only spoke up about it after the code leaked, along with the warning that users should disable or uninstall the software. At the same time, security researchers studied pcAnywhere’s code and found a vulnerability that could let a hacker take control of a whole system and bypass the need to enter a password.” BBC: Hacking the US mid-terms? It's child's play (Aug. 11, 2018) “Bianca Lewis, 11, has many hobbies. She likes Barbie, video games, fencing, singing… and hacking the infrastructure behind the world’s most powerful democracy…She’s taking part in a competition organised by R00tz Asylum, a non-profit organisation that promotes “hacking for good”…Its aim is to send out a dire warning: the voting systems that will be used across America for the mid-term vote in November are, in many cases, so insecure a young child can learn to hack them with just a few minute’s coaching.” PBS: An 11-year-old changed election results on a replica Florida state website in under 10 minutes (Aug. 12, 2018) “An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. “These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes, it’s negligent for us as a society.”” Guardian: Why US elections remain 'dangerously vulnerable' to cyber-attacks (Aug. 13, 2018) “By mid-evening, Jon Ossoff, the leading Democrat, had 50.3% of the vote, enough to win outright without the need for a run-off against his closest Republican challenger. Then Marks noticed that the number of precincts reporting in Fulton County, encompassing the heart of Atlanta, was going down instead of up. Soon after, the computers crashed. Election officials later blamed a “rare error” with a memory card that didn’t properly upload its vote tallies. When the count resumed more than an hour later, Ossoff was suddenly down to 48.6% and ended up at 48.1%… Georgia’s 15-year-old all-electronic voting system was almost impossible to audit because it produced no independently verifiable paper trail to check against the computer-generated tallies. Cybersecurity experts have warned for years that malfeasance, technical breakdown or administrative incompetence could easily wreak havoc with electronic systems and could go largely or wholly undetected. “Virtually every American voter has come to understand that the nation’s election infrastructure is susceptible to malicious manipulation from local and foreign threats,” the suit reads. “Yet, Georgia’s election officials continue to defend the state’s electronic voting system that is demonstrably unreliable and insecure, and have repeatedly refused to take administrative, regulatory or legislative action to address the election security failures.”” Guardian: Kids at hacking conference show how easily US elections could be sabotaged (Aug. 22, 2018) “The risk of a hacker casting the validity of an election into question through one of any number of other entry points is huge, and the actual difficulty of such an attack is child’s play. Literally. “The most vulnerable part of election infrastructure is the websites,” explained the security expert Jake Braun… Unlike a voting machine, Braun explains, websites represent a compelling target because they are, by their nature, connected to the internet 24/7. And, whether they are used for voter registration, online campaigning or announcing the results at the end of the election, they can be used to sow havoc…Armed with facsimiles of the websites of 13 battleground states and a child-friendly guide to basic hacking techniques, the kids were set loose on critical infrastructure – and proceeded to tear it apart… “The No 1 thing we found last year wasn’t a hack at all, it was the fact that we opened up the back of the machine, and of course, no surprise, all the parts are made across the world, especially China. “This isn’t conjecture, this isn’t my dystopian fantasy world, this is something we know they do … The fragmentation argument is absolute horseshit, because once you’re in the chips, you can hack whole classes of machines, nationwide, from the fucking Kremlin.”… The bad actor just needs to steal enough votes in a few counties in America’s battleground states – just enough to swing a close election…“I’ve only one conclusion,” said Schürmann: “Use paper and do your audits.”” National Academies of Sciences, Engineering, Medicine: Securing The Vote (Sept. 6, 2018) “Elections should be conducted with human-readable paper ballots. Paper ballots form a body of evidence that is not subject to manipulation by faulty software or hardware and that can be used to audit and verify the results of an election. Human-readable paper ballots may be marked by hand or by machine (using a ballot-marking device), and they may be counted by hand or by machine (using an optical scanner), the report says. Voters should have an opportunity to review and confirm their selections before depositing the ballot for tabulation. Voting machines that do not provide the capacity for independent auditing – i.e., machines that do not produce a printout of a voter’s selections that can be verified by the voter and used in audits – should be removed from service as soon as possible.” CBS: Why voting machines in the U.S. are easy targets for hackers (Sept. 19, 2018) “Tens of thousands of voting machines in the United States are vulnerable to hacking. They have been successfully dismantled and attacked by security researchers for years to demonstrate their flaws. In 2017, at the annual Defcon hackers conference, one tech professor from the University of Copenhagen was able to penetrate an Advanced Voting Solutions machine in about 90 minutes. The attackers were able to access the administrator mode, allowing them to potentially alter voting data. At this year's conference, a group of hackers was able to crack one in 15 minutes. One hacker told CNET: "Should you be trusting your vote with these? I don't think so." "They're running Windows. They have USB ports. They're actual computers and are very susceptible to attacks," says Cris Thomas, the global strategy lead for IBM's X-Force cybersecurity team.” Optical scan ballot machines are vulnerable to hacking — all electronic devices are — but most cybersecurity experts are more concerned with electronic machines. Voting results are stored on the machine's internal storage. If the voting data is not encrypted or improperly configured, with little effort a bad actor could access the memory and alter the voting results… The results go from [the voting machine] into a piece of electronics that takes it to the central counting place. That data is not encrypted and that's vulnerable for manipulation.” NYT: The Crisis of Election Security (Sept. 26, 2018) The Illinois intruders had quietly breached the network in June and spent weeks conducting reconnaissance. After alighting on the state’s voter-registration database, they downloaded information on hundreds of thousands of voters…In early August, Jenkins learned of another breach, this one on an Arizona state website, and it appeared to come from one of the same I.P. addresses that had been used to attack Illinois. This time, the intruders installed malware, as if setting the stage for further assault. Then reports from other states began to pour in, saying that the same I.P. addresses appeared to be probing their voter-registration networks…Internet voting, they learned, was the least of their concerns; the real problems were the machines used to cast and tally votes and the voter-registration databases the Russians had already shown interest in hacking. The entire system — a Rube Goldberg mix of poorly designed machinery, from websites and databases that registered and tracked voters, to electronic poll books that verified their eligibility, to the various black-box systems that recorded, tallied and reported results — was vulnerable…They don’t address core vulnerabilities in voting machines or the systems used to program them. And they ignore the fact that many voting machines that elections officials insist are disconnected from the internet — and therefore beyond the reach of hackers — are in fact accessible by way of the modems they use to transmit vote totals on election night. Add to this the fact that states don’t conduct robust postelection audits — a manual comparison of paper ballots to digital tallies is the best method we have to detect when something has gone wrong in an election — and there’s a good chance we simply won’t know if someone has altered the digital votes in the next election…How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry. In Ohio in 2004, for example, where John Kerry lost the presidential race following numerous election irregularities, Kerry’s team was denied access to the voting-machine software. “We were told by the court that you were not able to get that algorithm to check it, because it was proprietary information,” Kerry recalled in a recent interview on WNYC’s “Brian Lehrer Show.” He was understandably rueful, arguing how wrong it was that elections are held under “the purview of privately owned machines, where the public doesn’t have the right to know whether the algorithm has been checked or whether they’re hackable or not. And we now know they are hackable.”…There are roughly 350,000 voting machines in use in the country today, all of which fall into one of two categories: optical-scan machines or direct-recording electronic machines. Each of them suffers from significant security problems. With optical-scan machines, voters fill out paper ballots and feed them into a scanner, which stores a digital image of the ballot and records the votes on a removable memory card. The paper ballot, in theory, provides an audit trail that can be used to verify digital tallies. But not all states perform audits, and many that do simply run the paper ballots through a scanner a second time. Fewer than half the states do manual audits, and they typically examine ballots from randomly chosen precincts in a county, instead of a percentage of ballots from all precincts. If the randomly chosen precincts aren’t ones where hacking occurred or where machines failed to accurately record votes, an audit won’t reveal anything — nor will it always catch problems with early-voting, overseas or absentee ballots, all of which are often scanned in county election offices, not in precincts. Direct-recording electronic machines, or D.R.E.s, present even more auditing problems. Voters use touch screens or other input devices to make selections on digital-only ballots, and votes are stored electronically. Many D.R.E.s have printers that produce what’s known as a voter-verifiable paper audit trail — a scroll of paper, behind a window, that voters can review before casting their ballots. But the paper trail doesn’t provide the same integrity as full-size ballots and optical-scan machines, because a hacker could conceivably rig the machine to print a voter’s selections correctly on the paper while recording something else on the memory card. About 80 percent of voters today cast ballots either on D.R.E.s that produce a paper trail or on scanned paper ballots. But five states still use paperless D.R.E.s exclusively, and an additional 10 states use paperless D.R.E.s in some jurisdictions…More than a dozen companies currently sell voting equipment, but a majority of machines used today come from just four — Diebold Election Systems, Election Systems & Software (ES&S), Hart InterCivic and Sequoia Voting Systems. Diebold (later renamed Premier) and Sequoia are now out of business. Diebold’s machines and customer contracts were sold to ES&S and a Canadian company called Dominion, and Dominion also acquired Sequoia. This means that more than 80 percent of the machines in use today are under the purview of three companies — Dominion, ES&S and Hart InterCivic. Many of the products they make have documented vulnerabilities and can be subverted in multiple ways. Hackers can access voting machines via the cellular modems used to transmit unofficial results at the end of an election, or subvert back-end election-management systems — used to program the voting machines and tally votes — and spread malicious code to voting machines through them. Attackers could design their code to bypass pre-election testing and kick in only at the end of an election or under specific conditions — say, when a certain candidate appears to be losing — and erase itself afterward to avoid detection. And they could make it produce election results with wide margins to avoid triggering automatic manual recounts in states that require them when results are close. Hackers could also target voting-machine vendors and use this trusted channel to distribute their code. Last year a security researcher stumbled across an unsecured ES&S server that left passwords exposed for its employee accounts. Although the passwords were encrypted, a nation-state with sufficient resources would most likely be able to crack them, the researcher noted. Since ES&S creates ballot-definition files before each election for some customers — the critical programming files that tell machines how to apportion votes based on a voter’s screen touch or marks on a paper ballot — a malicious actor able to get into ES&S’s network could conceivably corrupt these files so machines misinterpret a vote for Donald Trump, say, as one for his opponent, or vice versa. The Department of Homeland Security, the intelligence community and election officials have all insisted that there is no evidence that Russian hackers altered votes in 2016. But the truth is that no one has really looked for evidence. Intelligence assessments are based on signals intelligence — spying on Russian communications and computers for chatter or activity indicating that they altered votes — not on a forensic examination of voting machines and election networks. “We should always be careful to point out that there hasn’t been any evidence that votes were changed in any election in this way, and that’s a true fact,” said Matt Blaze, a computer-science professor at the University of Pennsylvania and a voting-machine-security expert. “It’s just less comforting than it might sound at first glance, because we haven’t looked very hard.” Even if experts were to look, it’s not clear what they would find, he added. “It’s possible to do a pretty good job of erasing all the forensic evidence.”…Deborah Tannenbaum had a front-row seat for what occurred that night. A Democratic Party field director in Florida, she refreshed her web browser frequently as returns came in from around the county. At 10 p.m., Al Gore was ahead in Volusia, with 83,000 votes to George W. Bush’s 62,000. Things were going well for Gore across the state, and exit polls projected a six-point lead for him. But then something changed. “I had stepped out, and one of the assistants came, and he’s just like, ‘I need you to come here and verify the numbers,’ ” Tannenbaum recalled. When she looked at the county’s website, Gore’s total had dropped 16,000 votes. Tannenbaum called the county election office, alarmed. “I don’t know what’s going on down there, but you can’t take away votes!” she said. The mysterious drop would later be traced to Precinct 216, a community center in DeLand, where Gore’s total was showing negative 16,022 votes. It wasn’t the only mathematical absurdity in the tally. A Socialist Workers Party candidate named James Harris had 9,888 votes. But the DeLand precinct had only 585 registered voters, and only 219 of them cast ballots at the center that day. Volusia officials blamed the mishap on a faulty memory card. The county used optical-scan machines made by Global Election Systems (a Canadian company later acquired by Diebold and renamed Diebold Election Systems), which the county had used since 1996. When the election ended, poll workers were supposed to transmit results to the county election office via modem; but the transmission failed, so a worker drove the memory card in, where officials inserted it directly into the election-management system to tally results. Logs for that computer, however, showed two memory cards for Precinct 216 inserted, an hour apart. The vote totals went haywire after the second card was loaded. Beyond the mystery of the two cards, there was another problem with this explanation. A faulty memory card should produce an onscreen error message or cause a computer to lock up, not alter votes in one race while leaving others untouched. And what kind of faulty card deleted votes only for Gore, while adding votes to other candidates?…Despite this proliferation of voting-machine problems, the industry was expanding its reach and control, even as it was concentrating power into fewer hands. By 2010, ES&S was so big — it had bought Diebold’s election division and controlled more than 70 percent of the market — that the Justice Department filed an antitrust suit and required it to sell off some of its assets. Many election officials, baffled by the new technology and unable to hire dedicated I.T. staff, purchased complete suites of election services from vendors, services that in some cases included programming ballot-definition files for voting machines and assisting with tabulation. It became common to see voting-machine employees or their local contractors in election offices before, during and after elections, and in some cases even working in election offices full time. ES&S, for instance, even installed remote-access software and modems on election-management systems to gain remote access to them from its Nebraska headquarters to troubleshoot when things went wrong. And when things did go wrong with machines, it was often the vendor who investigated and supplied the explanation that was fed to the news media and the public. Politico: Attack on commonly used voting machine could tip an election (Sept. 27, 2018) “A malicious hacker could alter the outcome of a U.S. presidential election by taking advantage of numerous flaws in one model of vote-tabulating machine used in 26 states, cybersecurity experts warned in a report presented Thursday at the Capitol… The biggest flaw in the process we found is, even when we identify flaws, they don't get fixed… The report says an attacker could remotely gain access to the Model 650 tabulating machine manufactured by Election Systems and Software, one of the country's largest sellers of voting equipment, by exploiting numerous vulnerabilities in the unit. Researchers also said this model has an unpatched vulnerability that the manufacturer was notified about a decade ago… The event organizers said the Model 650 vote-tabulation vulnerabilities are especially problematic because states use the machines to processes ballots for entire counties. "[H]acking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the report says.” WSJ: Voting Machine Used in Half of U.S. Is Vulnerable to Attack (Sept. 27, 2018) “Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S; machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said…Earlier this month, the National Academies of Sciences, Engineering, and Medicine recommended U.S. states move away from voting machines that don’t include paper ballots…Election security researchers and politicians aren’t convinced ES&S; is doing enough. The company hasn’t adopted common internet security standards that secure against phishing attacks and make it harder to intercept messages, according to staffers for Sen. Ron Wyden (D., Ore.).” CNN: Hackers Bring Stark Warning About Election Security (Sept. 27, 2018) “The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday – just over a month before the midterm elections. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report…A voting tabulation machine the group says is used in more than two dozen states is vulnerable to be remotely hacked, they said, claiming, “hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.” Wired: Voting Machines Are Still Absurdly Vulnerable to Attacks (Sept. 28, 2018) “A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use…The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference's Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access—number in the dozens…"We didn't discover a lot of new vulnerabilities," says Matt Blaze, a computer science professor at the University of Pennsylvania and one of the organizers of the Voting Village, who has been analyzing voting machine security for more than 10 years. "What we discovered was vulnerabilities that we know about are easy to find, easy to reengineer, and have not been fixed over the course of more than a decade of knowing about them. And to me that is both the unsurprising and terribly disturbing lesson that came out of the Voting Village."…One device, the "ExpressPoll-5000," has root password of "password." The administrator password is "pasta."… Many of the machines participants analyzed during the Voting Village run software written in the early 2000s, or even the 1990s. Some vulnerabilities detailed in the report were disclosed years ago and still haven't been resolved. In particular, one ballot counter made by Election Systems & Software, the Model 650, has a flaw in its update architecture first documented in 2007 that persists. Voting Village participants also found a network vulnerability in the same device—which 26 states and the District of Columbia all currently use.” JenniferCohn: The genesis of America’s corrupted computerized election system (Oct. 10, 2018) “From 2002 until 2009, two voting machine vendors dominated United States elections: Diebold Election Systems (renamed “Premier in 2007) and Election Systems & Software (“ES&S”)…In 2009, Diebold Inc. sold its elections division, Diebold Election Systems, to ES&S…In 2010, the Department of Justice filed an anti-trust suit against ES&S & forced it to divest, stating that the combined company (ES&S + Diebold) provided more than 70 % of US voting equipment. Later that year, Diebold purportedly dissolved and its assets were split between ES&S and Dominion Voting, which was at that time a relatively unknown Canadian company. The same year, Dominion bought Sequoia (20% of US voting equipment) as well…Two brothers from Nebraska, Bob and Todd Urosevich, founded ES&S in the late 1970’s under the name DataMark. Per the Omaha Herald, the Urosevich Brothers received funding in 1979 from billionaire William Ahmanson and changed the company name from DataMark to American Information Systems (“AIS”), which was the precursor of ES&S…Thus, the voting machine giants known as ES&S and Diebold (later renamed Premier) both have direct ties to the Urosevich brothers (though Bob has apparently retired).” Slate: Can Paper Ballots Save Our Democracy? (Oct. 10, 2018) “Just stole an election at @VotingVillageDC. The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access--we showed how malicious code can spreads from the election office when officials program the ballot design… Though the context was lighthearted, what Halderman really demonstrated is staggeringly serious: that these kinds of direct-recording electronic voting machines—ones that will still be in use in many states come November—are not secure from remote hacking. The Center for American Progress recently released a study that highlighted that 42 states use electronic voting machines with software a decade old or more that leaves them especially vulnerable to hacking and malware. What’s more, five states rely solely on machines that leave no paper trail, and another 10 will use them in at least some districts. These paperless voting machines are especially problematic because even if such a machine were known or suspected to have been hacked, there’s no physical backup ballot to check it against—and therefore no way to determine for certain whether the vote an individual cast matched with the vote that the machine recorded. Worse still, some of the states with the poorest voting-system security are also electoral heavyweights, including Georgia, Texas, Pennsylvania, and Florida…A growing number of voting-rights advocates and cybersecurity experts—among them organizations like the National Academies of Sciences, Engineering, and Medicine and Verified Voting—feel that the way forward is in a return to the past: paper ballots.” NYT: America's Elections Could Be Hacked. Go Vote Anyway (Oct. 19, 2018) In the months before the 2016 presidential election, Russian hackers tried to infiltrate voting systems in dozens of states. They succeeded in at least one, gaining access to tens of thousands of voter-registration records in Illinois. In April, the nation’s top voting machine manufacturer told Senator Ron Wyden of Oregon that it had installed remote-access software on election-management systems that it sold from 2000 to 2006. Senator Wyden called it “the worst decision for security short of leaving ballot boxes on a Moscow street corner.” At a hacking convention last summer, an 11-year-old boy who had been coached on finding the vulnerabilities in a mock-up of Florida’s state election website broke into the fake site and altered the vote totals recorded there. It took him less than 10 minutes…America’s voting systems, like all large and complex computerized systems, are highly vulnerable to cyberattack — whether by altering or deleting voter-registration data, or even by changing vote counts. “The vast majority of technical infrastructure for our voting is absolutely, without doubt, woefully insecure,” said Matt Blaze, a University of Pennsylvania computer-science professor who studies voting machine security. Both of the primary methods by which Americans cast their ballots — optical-scan machines and touch-screen monitors — can be tampered with fairly easily…One, provide a paper trail for every vote. Hackers work most effectively in the dark, so they love voting machines that produce no paper verification. Currently, five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — run their elections entirely on paperless touch-screen machines. But all five states are considering a switch back to paper ballots in time for 2020. In this year’s midterms, 19 states and Washington, D.C., will use only paper ballots. Two, audit the vote. The best way to do this is known as a risk-limiting audit, which means comparing the digital tally to a manual count of a randomized sample of paper ballots. This type of audit can identify voting tabulation errors resulting from either malicious attacks or software failures. Vox: The hacking threat to the midterms is huge. (Oct. 25, 2018) “The DHS’s prized pig is the “Albert” sensor, an ungainly gray box that attaches itself, koala-like, to a server rack and monitors incoming online traffic in real time — then sends alerts to a team of analysts sitting in the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) facility in Albany, New York. Forty-one states had installed Alberts into their election-related IT infrastructure as of mid-September. Sixty-eight counties had had one installed, too. Masterson and DHS officials tell Vox that 1,300 local jurisdictions and all 50 state governments are participants in its continuous threat-sharing program with EI-ISAC. Yet these figures also show the vast extent of the challenge. If 21 states receive risk-and-vulnerability assessments, that means by Election Day, the majority won’t. Eighty-eight counties receiving remote hygiene scans means that roughly 2,900 aren’t. And boasting of 1,300 local jurisdictions that have signed on for federal monitoring also means that roughly nine out of 10 of these localities in the US have opted out of a free, vital program…On a scale of 1 to 10, with 10 being the Pentagon’s [security measures], elections have probably moved from a 2 to a 3…They laid out a number of scenarios that could exploit vulnerable election infrastructure: names deleted from voter registration databases; e-pollbooks that send voters to the wrong precinct; malware that corrupts ballot-definition files for machines or software that governs vote tabulation, before it’s installed in various counties and precincts; or corrupted public-facing websites to announce a false winner on election night…These private companies “represent an enticing target [f]or malicious cyber actors,” according to the Senate Intelligence report. Yet the report admits that state and federal authorities continue to “have very little insight into the cybersecurity practices of many of these vendors…Today, the American elections industry today is dominated by three companies: Dominion, Hart InterCivic, and, the largest, Election Systems and Software (ES&S). If you voted in the past 10 years, the chances are good that you used these machines (92 percent of voters do), or the myriad supportive technology required to stage an election… Much of the criticism has been directed at digital voting machines, called DREs. But election offices have become increasingly digital in other, less obvious ways: Adopting e-pollbooks; hauling voter registration information into state-run or third-party databases; proffering all-in-one election management suites, which program the machines and tabulate the outcomes; and building internet-based services for voters, like the precinct tally program in Knox County…One machine that came out of this process, built by Diebold, infamously was found to have a hard-coded encryption key identical to every machine, a basic security flaw…But other experts say this insistence overlooks the sophistication of nation-state attackers, who can find other creative methods for intrusion — infected USB drives, modem access, remote-access software — or, of course, infiltrating the company networks themselves, engineering direct upload malware through regular software updates…Public security audits of election technology are rare; the last major ones, commissioned by California and Ohio in 2007, were scathing. And the companies have often seemed committed to avoiding them, with one even threatening Princeton University researchers with lawsuits…In a public statement, Sen. Kamala Harris’s (D-CA) office called it “unacceptable that ES&S continues to dismiss the very real security concerns that Def Con raised.”…Two of the three largest vendors, ES&S and Hart, are owned by private equity companies whose agendas are unclear; Dominion’s headquarters isn’t even American, but Canadian… Many of the vulnerabilities election vendors have patched were previously unknown to them, instead pointed out by others. Earlier this year, security consultants flagged a “Client Web Portal” page for Dominion Voting that lacked SSL encryption. And last year, ES&S unwittingly exposed data for roughly 1.8 million Illinois voters on an Amazon server it controlled, a breach that included ES&S employee’s passwords — encrypted, but potentially crackable by an advanced adversary.” Forbes: Threats Obvious, But Electronic Voter Systems Remain Insecure (Nov. 1, 2018) “So far, government officials have repeatedly said there is “no evidence” of any malicious tampering with vote counts in previous elections. But, as Matt Blaze, computer-science professor at the University of Pennsylvania and a voting-machine-security expert told the New York Times just a week ago, that lack of evidence is “less comforting than it might sound at first glance, because we haven’t looked very hard.” And even if experts did look very hard, “It’s possible to do a pretty good job of erasing all the forensic evidence,” he said.” Beyond that, as the Associated Press noted earlier this week, the top three vendors of electronic voting systems – ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas, which collectively control more than 80% of the market – tenaciously resist transparency. They won’t allow open-ended vulnerability testing by independent, white-hat hackers, and won’t make public the results of any testing they have commissioned themselves. Two of the three won’t even say who’s doing the testing… Indeed, here’s a list of just some of the things that experts told both AP and The New York Times that malicious or hostile actors could do: Alter or erase lists of registered voters. Secretly introduce software to flip votes. - Scramble tabulation systems. Knock results-reporting sites offline. Erase all recorded votes at the end of voting. Delete voter names from the voter roll and electronic poll book. Rig DREs to print a voter’s selections correctly on the paper while recording something else on the memory card. Access voting machines via the cellular modems used to transmit unofficial results at the end of an election. Subvert back-end election-management systems – used to program the voting machines and tally votes – and spread malicious code to voting machines through them. Design code to bypass preelection testing and kick in only at the end of an election or under specific conditions – perhaps when a certain candidate appears to be losing – and erase itself afterward. Make it produce results with wide margins to avoid triggering automatic manual recounts in states that require them in close elections. Given all that, should voters trust that their votes will be counted, and counted accurately?…Voting machines are terrible in every way: the companies that make them lie like crazy about their security, insist on insecure designs, and produce machines that are so insecure that it’s easier to hack a voting machine than it is to use it to vote.” SciAmerican: The Vulnerabilities of Our Voting Machines (Nov. 1, 2018) “A few weeks ago computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election…Halderman, among others, has warned our “outmoded and under-tested” electronic voting systems are increasingly vulnerable to attacks…what’s happening in Texas is another warning sign of aging machines not functioning well, which makes them fertile ground for vote-stealing attacks. Ultimately—whether scenarios like the one in Texas stem from glitchy software, defective machinery or an adversarial hack—one outcome is a loss of confidence in our election process…As paperless computer voting machines were being introduced, there were many computer scientists who—before anyone had even studied one of these machines directly—were saying, “This just isn’t a good idea to have elections be conducted by, essentially, black box technology.”…The voting machines themselves have received much, much, much less scrutiny post-2016 from intelligence and defensive sides—as far as we know in the public sphere anyway. To my knowledge, no state has done any kind of rigorous forensics on their voting machines to see whether they had been compromised…One possibility is that attackers could infiltrate what are called election-management systems. These are small networks of computers operated by the state or the county government or sometimes an outside vendor where the ballot design is prepared…There’s a programming process by which the design of the ballot—the races and candidates, and the rules for counting the votes—gets produced, and then gets copied to every individual voting machine. Election officials usually copy it on memory cards or USB sticks for the election machines. That provides a route by which malicious code could spread from the centralized programming system to many voting machines in the field. Then the attack code runs on the individual voting machines, and it’s just another piece of software. It has access to all of the same data that the voting machine does, including all of the electronic records of people’s votes So how do you infiltrate the company or state agency that programs the ballot design? You can infiltrate their computers, which are connected to the internet. Then you can spread malicious code to voting machines over a very large area. It creates a tremendously concentrated target for attack.” NYT: The Election Has Already Been Hacked (Nov. 3, 2018) A recent poll shows that 46 percent of the American electorate do not think their votes will be counted fairly, and about a third think it is likely that a foreign country will tamper with the results…The actual problems in the electoral infrastructure are considerable. For example, just three companies produce all the voting machines. Such centralization would be dangerous even if the machines weren’t so vulnerable — which, unfortunately, they are…Yes, Georgia is running its election on old Windows 2000 machines (so old that Microsoft no longer supports the operating system for security updates), with no means of voter verification, audits or recounts…Recently, the National Academies of Sciences, Engineering and Medicine released a comprehensive study, “Securing the Vote,” which offers extensive practical recommendations. Luckily, fewer and fewer electronic voting machines remain in use around the country; they should be replaced with optical-scan ballots. Meaningful audit processes should be instituted nationwide. States need federal money to upgrade their voting machines, train their poll workers and secure and upgrade their pollbooks (which maintain voter identification information). NYBooks: Voting Machines: What Could Possibly Go Wrong? (Nov. 5, 2018) Elections Systems & Software, LLC, and Dominion Voting, account for about 80 percent of US election equipment. A third company, Hart Intercivic, whose e-slate machines have recently been reported to be flipping early votes in the current Senate race in Texas between Beto O’Rourke and Ted Cruz, accounts for another 11 percent. The enormous reach of these three vendors creates an obvious vulnerability and potential target for a corrupt insider or outside hacker intent on wreaking havoc. These vendors supply three main types of equipment that voters use at the polls: optical or digital scanners for counting hand-marked paper ballots, direct record electronic (usually touchscreen) voting machines, and ballot-marking devices that generate computer-marked paper ballots or “summary cards” to be counted on scanners. Contrary to popular belief, all such equipment can be hacked via the Internet because all such equipment must receive programming before each election from memory cards or USB sticks prepared on the county’s election management system, which connects to the Internet. Thus, if an election management system is infected with malware, the malware can spread from that system to the memory cards and USB sticks, which then would transfer it to all voting machines, scanners, and ballot-marking devices in the county. Malicious actors could also attack election management systems via the remote access software that some vendors have installed in these systems. ES&S, which happens to have donated more than $30,000 to the Republican State Leadership Council since 2013, admitted earlier this year that it has installed remote access software in election management systems in 300 jurisdictions, which it refuses to identify. The memory cards or USB sticks used to transfer the pre-election programming from the election management system to the voting machines, scanners, and ballot-marking devices constitute another potential attack vector. In theory, the person who distributes those cards or USB sticks to the precincts could swap them out for cards containing a vote-flipping program. Memory cards are also used in the reverse direction—to transfer precinct tallies from the voting machines and scanners to the election management system’s central tabulator, which aggregates those tallies. Problems can occur during this process, too. During the 2000 presidential election between George W. Bush and Al Gore, for example, a Global/Diebold machine in Volusia County, Florida, subtracted 16,000 Gore votes, while adding votes to a third-party candidate. The “Volusia error,” which caused CBS news to call the race prematurely for Bush, was attributed to a faulty memory card, although election logs referenced a second “phantom” card as well. As noted recently in the New York Times Magazine, questions from this disturbing episode remain unanswered, such as “[W]hat kind of faulty card deleted votes only for Gore, while adding votes to other candidates?”…Further complicating matters, some jurisdictions transfer results from the precincts to the central tabulators via cellular modems. ES&S has recently installed such cellular modems in Wisconsin, Florida, and Rhode Island. Michigan and Illinois transfer results via cellular modem as well. According to Computer Science Professor Andrew Appel of Princeton University, these cellular modems could enable a malicious actor to intercept and “alter vote totals as they are uploaded” by setting up a nearby cell phone tower (similar to the Stingray system used by many police departments. After precinct tallies are sent by memory card or modem to the central tabulators, a memory card or flash drive transfers the aggregated totals from the central tabulators to online reporting systems, creating another hacking opportunity. Central scanners, which are used to count absentee ballots and paper ballots from polling places that lack precinct-based scanners, are also vulnerable. As a video produced by the Emmy award-winning journalist and filmmaker Lulu Friesdat has demonstrated, the ES&S 650 central scanner, which is used in twenty-four states, can be rigged to flip votes within one minute of direct access… The most worrisome aspect of all these various vulnerabilities is that—should they be exploited—we will be unable to prove whether and to what extent they have affected the outcome of an election.” GQ: How to Hack an Election (Nov. 5, 2018) “Simply put, computer code can be corrupted, and in ways that are not readily, if ever, apparent. And most anything connected to the Internet can be hacked ("I can't wait for people to find out they can be hacked through their refrigerators," Schneider says), and that hacking can be done from a safe, anonymous remove. Nor does it necessarily matter if the voting machines themselves are offline: Unless the isolation is absolute and perpetual, clever attackers can figure out how to jump the air gap. And because it's physically easier to infect a fleet of computers with a spreading virus than it is to break the counting gears of 10,000 mechanical machines, fraud can be scaled up, and dramatically. Halderman hacked his first voting machine in 2006, when he was still a Ph.D. student at Princeton and a professor recruited him to study a DRE he'd bought online. It took months to reverse-engineer the machine and probe its vulnerabilities, but after that, the actual hacking required only a few minutes. In 2010, working with a colleague and a few of his students, he built a circuit board that could be swapped in for the original in the DREs then being used in India, the world's largest democracy. For a more clandestine and less hardware-intensive approach, he also built a small device that could be attached to one of the DRE's chips with an alligator clip and change all the votes. Halderman, in fact, has found vulnerabilities in every machine he's studied. There are two main types—DREs and optical scanners, which collect data from marked ballots fed into them—and they're all vulnerable. Moreover, none of the machines need to be opened up: All of them can be corrupted with code slipped in via a memory card or other portable media.” Salon: Philly ignores cybersecurity and disability access in voting system selection (Feb. 16, 2019) “The consensus opinion among independent cybersecurity election experts, who recommend hand-marked paper ballots (counted on scanners or by hand) for most voters, not ballot-marking devices… The expert consensus among independent cybersecurity experts specifically cautions against universal use of machine-marked paper summary cards from ballot-marking devices like ExpressVote XL, which some election officials and voting system analysts misleadingly call “voter-marked paper ballots.” (There is no universal definition of “paper ballot,” which is what allows them to do this.) The National Election Defense Coalition and Verified Voting, two nonpartisan election integrity nonprofits, likewise recommend hand-marked paper ballots as a primary voting system, as opposed to machine-marked so-called “paper ballots” from ballot-marking devices…A recent study shows that most voters don’t review the machine-marked printouts generated by ballot-marking devices, even when instructed to do so. Often, voters who do undertake such a review fail to catch inaccuracies. This means if the ExpressVote XL were secretly programmed or hacked to change the voters’ selections as reflected on the paper printout, it is likely that most voters would not notice the difference. The same would be true of unintentional programming “glitches.”…In addition, the machine-marked printouts from the ExpressVote XL include barcodes that purport to encapsulate the voter’s selections. These barcodes, which humans can’t read and verify, are the only portion of the so-called “paper ballot” that is actually counted by the scanners. Although such barcoded printouts also include human-readable text that purports to summarize the voter’s selections, the recent study mentioned above shows that most voters won’t notice if the text has been manipulated to alter their intended selections. According to computer science professor Richard DeMillo of Georgia Tech, the barcodes also can be manipulated to instruct the scanners to flip votes. Adding insult to injury, these barcode systems cost about three times as much as using hand-marked paper ballots and scanners. In addition, despite initial denials, ES&S admitted last year that it has installed remote access software in central tabulators — the county computers that aggregate electronic precinct totals — in 300 jurisdictions. Although ES&S won’t identify the 300 jurisdictions, a forensic analysis conducted in 2011 of voting equipment in Venango County, PA, revealed that someone had “used a computer that was not a part of the county’s election network to remotely access the [ES&S] central election tabulator computer, illegally, ‘on multiple occasions.’” Politico: State election officials opt for 2020 voting machines vulnerable to hacking (March 1, 2019) “Security experts warn, however, that hackers could still manipulate the barcodes without voters noticing. The National Academies of Sciences, Engineering and Medicine has also warned against trusting the barcode-based devices without more research, saying they “raise security and verifiability concerns.”…The replacements, known as ballot-marking devices, are “a relatively new and untested technology,” said J. Alex Halderman, a voting security expert who teaches at the University of Michigan. “And it’s concerning that jurisdictions are rushing to purchase them before even basic questions have been answered.” Many states have adopted what experts call a much more secure option — paper ballots that voters mark with a pen or pencil and that are then scanned and tallied. But election officials in Georgia, Delaware and Philadelphia have rejected that option in favor of the barcode devices, saying they are secure enough and better suited for many voters with disabilities. Philadelphia city commissioners on Feb. 20 selected a barcode system called the ExpressVote XL from the major vendor Election Systems & Software, despite warnings about the risks. So did Delaware, which in September chose the ExpressVote XL as part of a $13 million overhaul of election equipment. Earlier this week, Georgia lawmakers advanced a bill to approve the barcode devices in a 101-72 vote that split along party lines. Democrats tended to agree with experts who have said the machines are still too vulnerable… The dispute over the ballot-marking devices centers on the fact that they use barcodes, which can be read by scanners but not by humans. Though the paper records also display a voter’s choices in plain text, which the voter can double-check, the barcode is the part that gets tallied. The danger: Hackers who infiltrate a ballot-marking device could modify the barcode so its vote data differs from what’s in the printed text. If this happened, a voter would have no way of spotting it.” TechCrunch: Senators demand to know why election vendors still sell voting machines with ‘known vulnerabilities’ (March 27, 2019) “The letter, sent Wednesday, calls on election equipment makers ES&S, Dominion Voting and Hart InterCivic to explain why they continue to sell decades-old machines, which the senators say contain security flaws that could undermine the results of elections if exploited. “The integrity of our elections is directly tied to the machines we vote on,” said the letter sent by Sens. Amy Klobuchar (D-MN), Mark Warner (D-VA), Jack Reed (D-RI) and Gary Peters (D-MI), the most senior Democrats on the Rules, Intelligence, Armed Services and Homeland Security committees, respectively. “Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price,” the letter adds. Their primary concern is that the three companies have more than 90 percent of the U.S. election equipment market share but their voting machines lack paper ballots or auditability, making it impossible to know if a vote was accurately counted in the event of a bug.” Salon: New "hybrid" voting system can change paper ballot after it's been cast (March 28, 2019) “Unfortunately, there is no universal definition of “paper ballot,” which has enabled vendors and their surrogates to characterize machine-marked paper printouts from hackable ballot marking devices (BMDs) as “paper ballots.” Unlike hand-marked paper ballots, voters must print and inspect these machine-marked “paper ballots” to try to detect any fraudulent or erroneous votes that might have been marked by the BMD. The machine-marked ballot is then counted on a separate scanner. Most independent cybersecurity election experts caution against putting these insecure BMDs between voters and their ballots and instead recommend hand-marked paper ballots as a primary voting system (reserving BMDs only for those who are unable to hand mark their ballots)… Unlike hand-marked paper ballots counted on scanners and regular non-hybrid BMDs, these new hybrid systems can add fake votes to the machine-marked “paper ballot” afterit’s been cast, experts warn. Any manual audit based on such fraudulent “paper ballots” would falsely approve an illegitimate electronic outcome. According to experts, the hybrid voting systems with this alarming capability include the ExpressVote hybrid by Election Systems & Software, LLC (ES&S), the ExpressVote XL hybrid by ES&S, and the Image Cast Evolution hybrid by Dominion Voting. The potential for hybrid systems to add fraudulent votes without detection was identified by Professor of Statistics Philip B. Stark of UC Berkeley, an expert in postelection manual audits, in September of last year. At the time, he told TYT Investigates that the ExpressVote hybrid, which Johnson County, Kansas, had purchased a few months before the 2018 gubernatorial primary, could be maliciously programmed or hacked to create an entirely fraudulent machine-marked “paper ballot” because the machine includes an option that allows the voter to “AutoCast” the ballot without first printing and inspecting it. Moreover, as explained by Stark, the machine does not mark the ballot at all until the voter decides whether to exercise that option, which means that the machine receives advance notice of which ballots are “AutoCast” and thus safe to fraudulently mark. Another election expert, Computer Science Professor Andrew Appel of Princeton University, subsequently confirmed the existence of this stunning defect and dubbed it “Permission to Cheat.” Appel further reported that the ExpressVote XL and Dominion ImageCast Evolution include the same defect.” AP: Exclusive: New Election systems use vulnerable software (July 13, 2019) “An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts. That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023…The AP surveyed all 50 states, the District of Columbia and territories, and found multiple battleground states affected by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona and North Carolina. Also affected are Michigan, which recently acquired a new system, and Georgia, which will announce its new system soon…The election technology industry is dominated by three titans : Omaha, Nebraska-based Election Systems and Software LLC; Denver, Colorado-based Dominion Voting Systems Inc.; and Austin, Texas-based Hart InterCivic Inc. They make up about 92% of election systems used nationwide, according to a 2017 study. Of the three companies, only Dominion’s newer systems aren’t touched by upcoming Windows software issues — though it has election systems acquired from no-longer-existing companies that may run on even older operating systems. Hart’s system runs on a Windows version that reaches its end of life on Oct. 13, 2020, weeks before the election. ES&S said it expects by the fall to be able to offer customers an election system running on Microsoft’s current operating system, Windows 10.” Vice: Critical US Election Systems Have Been Left Exposed Online (Aug. 8, 2019) “The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections. Some of the systems have been online for a year and possibly longer…The systems the researchers found are made by Election Systems & Software, the top voting machine company in the country. They are used to receive encrypted vote totals transmitted via modem from ES&S voting machines on election night, in order to get rapid results that media use to call races, even though the results aren’t final. Generally, votes are stored on memory cards inside the voting machines at polling places. After an election, poll workers remove these and drive them to county election offices. But some counties want to get their results faster, so they use wireless modems, either embedded in the voting machines or externally connected to them, to transmit the votes electronically. The system that receives these votes, called an SFTP server, is connected to the internet behind a Cisco firewall…Anyone who finds the firewall online also finds the election-management system connected to it. “It is not air-gapped. The EMS is connected to the internet but is behind a firewall,” Skoglund said. “The firewall configuration [that determines what can go in and out of the firewall]… is the only thing that segments the EMS from the internet.” And misconfigured firewalls are one of the most common ways hackers penetrate supposedly protected systems. Senator Ron Wyden (D-Oregon) said the findings are “yet another damning indictment of the profiteering election vendors, who care more about the bottom line than protecting our democracy.” It’s also an indictment, he said, “of the notion that important cybersecurity decisions should be left entirely to county election offices, many of whom do not employ a single cybersecurity specialist.” “Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet,” he added…Last year, the Cisco firewalls in Wisconsin failed to receive a patch for a critical vulnerability until six months after the vulnerability had been made public and the patch was released, Motherboard has learned…A New York Times story I wrote last year, however, showed that the modem transmissions do pass through the internet, and even an ES&S document that the company supplied to Rhode Island in 2015 calls the modem transmission of votes an “internet” transmission. A document for modem transmissions from voting machines made by Dominion Voting Systems—another top voting machine company in the country—similarly discusses TCP-IP and SSL, both protocols used for internet traffic. “The configurations show TCP-IP configuration and ‘SSL Optional,’ making it clear that at least the vendors know their systems are connecting through the internet, even if their election official customers do not realize it or continue to insist to the public that the systems are not connected to the internet,” Skoglund said. ES&S has been selling systems with modems to transmit results for more than a decade. Wisconsin approved the use of its current ES&S DS200 optical scan voting machines, with modem transmission capability, in September 2015, but its previous generation of ES&S optical scan machines also used modems for transmitting results. It’s not clear if they used the same firewall and backend configuration.” CNN: Watch this hacker break into a voting machine (Aug. 10, 2019) At the largest convention of hackers in the world, voting machines were turned inside out as hackers demonstrated how easy it could be to disrupt democracy. NBC: How Hackers Can Target Voting Machines (Aug. 12, 2019) The world’s largest underground hacking conference just ended in Las Vegas. NBC News’ technology correspondent Jacob Ward gives an inside look into how hackers can target voting systems with ease. WaPo: Hackers were told to break into U.S. voting machines. They didn't have much trouble. (Aug. 12, 2019) As Sen. Ron Wyden (D-Ore.) toured the Voting Village on Friday at Def Con, the world’s hacker conference extraordinaire, a roomful of hackers applied their skills to voting equipment in an enthusiastic effort to comply with the instructions they had been given: “Please break things.”… Wyden nodded along as Harri Hursti, the founder of Nordic Innovation Labs and one of the event’s organizers, explained that the almost all of the machines in the room were still used in elections across the United States, despite having well-known vulnerabilities that have been more or less ignored by the companies that sell them. Many had Internet connections, Hursti said, a weakness savvy attackers could abuse in several ways. Congregants spoke often of the need for thorough auditing of election results, increased funding and improved transparency from vendors. The call for paper ballots was a common refrain. At the time of the 2018 midterm elections, Delaware, Georgia, Louisiana, New Jersey and South Carolina had no auditable paper trails. “Election officials across the country as we speak are buying election systems that will be out of date the moment they open the box,” Wyden said in the Voting Village’s keynote speech. “It’s the election security equivalent of putting our military out there to go up against superpowers with a peashooter.” Last month, the Senate Intelligence Committee released a report detailing how Russian hackers probably targeted all 50 states between 2014 and 2017. Although the report did not find evidence that Russian actors tampered with vote tallies on Election Day, the committee said that hackers “exploited the seams” between federal and state authorities and that states weren’t sufficiently prepared to handle such an attack. “In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking,” the report reads. “Voter registration databases were not as secure as they could have been. Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary. Despite the focus on this issue since 2016, some of these vulnerabilities remain.”… Hursti said vendors have used legal threats to “create a chilling effect” on research of their equipment, and that they were “actively trying to shoot the messengers” rather than reckon with the weaknesses in their products. That lack of cooperation has left organizers to search for machinery to use at the Voting Village: Some equipment was rescued from a warehouse where the roof collapsed, while other was snagged in government surplus auctions or on eBay, Hursti said…By the end of the weekend, they would uncover a litany of new vulnerabilities in the voting equipment, ranging from gallingly obvious passwords to hardware issues and exposure to remote attacks. MITTech: 16 million Americans will vote on hackable paperless machines (Aug. 13, 2019) “Despite the obvious risk and years of warnings, at least eight American states and 16 million American voters will use completely paperless machines in the 2020 US elections, a new report by New York University’s Brennan Center for Justice found. Paperless voting machines persist despite a strong consensus among US cybersecurity and national security experts that paper ballots and vote audits are necessary to ensure the security of the next election… America’s largest election technology company, Election Systems & Software, announced earlier this year that it would stop selling paperless machines… ES&S, the largest election tech vendor in the country, covers 44% of American voters, a 2016 report by the University of Pennsylvania’s Wharton School found. Dominion Voting Systems covers 37% of voters, and Hart InterCivic 11%. Both still sell paperless voting machines…“Selling a paperless voting machine is like selling a car without brakes—something is going to go terribly wrong,” Wyden says. “It is obvious that vendors won’t do the right thing on security by themselves. Congress needs to set mandatory federal election security standards that outlaw paperless voting machines and guarantee every American the right to vote with a hand-marked paper ballot. Experts agree that hand-marked paper ballots and post-election audits are the best defense against foreign hacking. Vendors should recognize that fact or get out of the way.”… Backups, however, are not a silver bullet for election security. Security experts say paper ballots are so important precisely because subsequent audits are necessary, and 17 of the 42 states requiring paper do not require audits.” Salon: Hackers can easily break into voting machines used across the US (Aug. 14, 2019) “Voting machines used in states across the United States were easily penetrated by hackers at the Def Con conference in Las Vegas on Friday…A video published by CNN shows a hacker break into a Diebold machine, which is used in 18 different states, in a matter of minutes, using no special tools, to gain administrator-level access…Hackers also quickly discovered that many of the voting machines had internet connections, which could allow hackers to break into machines remotely, the Washington Post reported. Motherboard recently reported that election security experts found that election systems used in 10 different states have connected to the internet over the last year, despite assurances from voting machine vendors that they are never connected to the internet and therefore cannot be hacked. The websites where states post election results are even more susceptible. The event had 40 child hackers between the ages of 6 and 17 attempt to break into a mock version of the sites. Most were able to alter vote tallies and even change the candidates' names to things like “Bob Da Builder,” CNN reported…. Sen. Ron Wyden, D-Ore., called for paper ballots that can’t be hacked. “Election officials across the country as we speak are buying election systems that will be out of date the moment they open the box,” Wyden said in a speech at the conference. “It’s the election security equivalent of putting our military out there to go up against superpowers with a peashooter.” A report by the Brennan Center for Justice at the NYU School of Law, released days after the conference, warned that 12 percent of ballots could be cast on paperless machines in 2020. The report shows that a third of all local election systems used voting machines that were more than a decade old. “We should replace antiquated equipment, and paperless equipment in particular, as soon as possible,” the report said… Rep. Ted Lieu, D-Calif., told Politico that the federal government “has a responsibility to make sure we have strong election security all over America. "It’s stupid to have the view that states have the right to have poor election security,” Lieu said. “No state has a right to have voting machines that can be easily hacked.”” FOX: Election machine keys are on the Internet, hackers say (Aug. 22, 2019) “I may have the keys to open voting machines used in states across the country, and that is not a good thing. I am not an election official. I am not a voting machine expert, operator, or otherwise affiliated with any federal, state or local government agency. I am simply an investigative journalist who, upon learning that the types of keys used for these machines are apparently widely available for purchase on the Internet, was prudent enough to ask to take a few keys home as souvenirs from my recent trip to the DEF CON 27 Hacking Conference in Las Vegas. Now, I have access to machines that have been used or are currently in-use in 35 different states. Swing-states, coastal icons and the heartland, experts say…I learned about plenty of other digital backdoors and other disturbing vulnerabilities concerning U.S. election equipment at DEF CON. Like the “hidden feature” that Hursti says was only recently discovered in a machine that’s been in use and under the microscope for more than a decade. “A hidden feature that enables you to reopen the polls silently, and insert more ballots and print the new evidence of the election,” Hursti says. And despite believing that the manufacturers had learned from previously exposed vulnerabilities on that machine over the years, “these [newly discovered] features had been missed” the entire time, Hursti says. I watched Hursti explain this new discovery to Rep. Eric Swalwell, D-Calif., one of the numerous lawmakers who attended this year’s DEF CON, and whose face seemed to drop upon learning of the new revelation. That’s likely because this particular machine has been in use in his home state of California for years…One voting machine was discovered to have a password of “1111.” Better than the voter ID machine with NO password.” Hill: Voting machines pose a greater threat to our elections than foreign agents (Oct. 2, 2019) “Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all…“Right now there are no mandatory federal cybersecurity standards for elections,” Sen. Ron Wyden (D-Ore.) reported in a July speech. “It is perfectly legal for the biggest voting machine company in America … to sell a small county equipment that every cyber-security expert in America knows is insecure.”…In 2017, the largest U.S. voting machine vendor, ES&S, exposed encrypted employee passwords online. Using those passwords, hackers could have planted malware on the company’s servers, and that malware could then be delivered to voting systems across the country with official updates. “This is the type of stuff that leads to a complete compromise,” said cyber-risk analyst Chris Vickery. Both ES&S and its main competitor, Dominion Voting Systems, have released voting machines that security experts say can add votes to paper ballots after they are cast by voters…Security experts are alarmed at internet connectivity in voting systems because it can allow hackers to inject malware that disrupts or changes the outcome of an election. Kevin Skoglund, the lead researcher of one study, confirmed that vendors "know their systems are connecting through the internet.” In August, North Carolina became the latest casualty. Voters and representatives from good-government groups pleaded with the state board of elections to adopt the type of voting system almost unanimously supported by election security experts, one that uses hand-marked paper ballots. They asked the board to reject ballot-marking devices that use barcodes and argued that hand-marked paper ballots are more secure, less expensive and less likely to create long lines at the polls… Similar decisions have been made in Delaware, Georgia, Kansas, New York, Pennsylvania and Wisconsin. Communities in those states have experienced frustration, outrage and even launched investigations following certification or adoption of election systems opposed by experts, good-government groups, competing vendors and the general public.” NPR: Cyber Experts Warn Of Vulnerabilities Facing 2020 Election Machines (Sept. 4, 2019) The machine he's investigating is a ballot-marking device used to help people with physical impairments or language barriers vote, and it's running a version of Windows that is more than 15 years old. "These systems crash at your Wal-Mart scanning your groceries. And we're using those systems here to protect our democracy, which is a little bit unsettling," he said. "I wouldn't even use this to control a camera at my house. Or my toaster." One glaring vulnerability — which cybersecurity experts have been talking about for 20 years, and yelling about for the past decade — are paperless voting machines. Experts agree that these machines are insecure because they record votes electronically and could either be manipulated or malfunction without detection. They can't truly be audited and they leave room for some doubt in the result. In 2016, approximately 20 percent of voters used electronic voting equipment that didn't provide a paper trail. In 2020, that number will be around 12 percent, according a recent report from the Brennan Center for Justice. JenniferCohn: America’s Electronic Voting System is Corrupted to the Core (Sept. 7, 2019) “Just two vendors — Election Systems & Software, LLC (ES&S) and Dominion Voting — account for eighty percent of US election equipment. Thus, corrupt insiders or foreign hackers could wreak havoc on elections throughout the United States by infiltrating either of these vendors. ES&S and Dominion are both owned by private equity, which means we don’t know who funds and controls them. ES&S, which by itself accounts for 44 percent of US election equipment, received its initial financing from the families of Nelson Bunker Hunt and Howard Ahmanson, Jr., right-wing billionaires who also contributed substantially to the Chalcedon Foundation, Christian Reconstruction’s main think tank. In 2000, ES&S’s founder, Bob Urosevich, was appointed President and Chief Operating Officer of another mega-vendor, Global Election Systems, which later changed its name to Diebold and was acquired by ES&S in 2009. Urosevich’s brother remained at ES&S the whole time as a Senior VP. It was a Global/Diebold voting machine that “lost” 16,000 Gore votes in the 2000 presidential election in which George W. Bush was declared victorious over Al Gore by just 537 votes in Florida. The “Volusia error” was discovered only because an alert poll worker happened to notice Gore’s total dropping which should never happen — absent fraud or error. As discovered by Black Box Voting author Bev Harris, Global’s largest shareholder & Senior Vice President was Jeffrey Dean, a convicted embezzler who programmed voting machines for the company. According to the Guardian, Dean programmed ⅓ of the machines in 37 states used in the 2004 presidential election... In August 2004, the Department of Homeland Security issued a Cyber Security Bulletin regarding Diebold’s “GEMS” central tabulator, stating that “a vulnerability exists due to an undocumented backdoor account, which could [allow] a local or remote authenticated user [to] modify votes.” The control cards that transfer the vote totals from the precincts to the central tabulators are another potential target for bad actors. From 2000 through at least 2017, ES&S got its control cards from a company called Vikant whose owner refused to tell an investigative reporter where the cards were made… Dominion accounts for 37 percent of US election equipment. Dominion was a Canadian company that became a major player in US elections when the Department of Justice forced ES&S to sell some of Diebold’s assets because the combined ES&S/Diebold company had accounted for a whopping 70 percent of US election equipment. It was Dominion that bought those Diebold assets in 2010. Like ES&S, it is owned by private equity. (Since initially writing this, I have learned that ES&S kept most of Diebold’s large contracts.) Dominion does some of its programming in Serbia. And a former executive of GTech/IGT — an international gaming company and former Paul Manafort client — joined Dominion as a Senior Vice President in June 2016… Voting machine vendors have an alarming history of deception. In July 2018, cybersecurity journalist Kim Zetter reported that, despite ES&S’s prior denials, ES&S’s election-management system (EMS) computers were sold with remote access software between 2000 and 2006. ES&S won’t say where it installed the remote access software that it lied about, but claims it’s been removed. According to Zetter’s article, Diebold’s EMS computers were sold with remote access software as well, and Dominion refused to comment. The installation of remote access software in EMS computers is a big deal because these are centralized county or state computers used to program all voting machines in the county or state. According to Zetter’s reporting, some of these computers also include the central tabulators that aggregate all precinct totals. But the vendor lies don’t end there. On August 8, 2019, Zetter further reported that ES&S’s EMS computers also connect to the internet, something else that ES&S had said was not the case but that leading election-security experts had long suspected. Meanwhile, ES&S installed wireless modems in ballot scanners in Florida, Wisconsin, and Illinois starting in about 2015…But over the past several years vendors, have changed the meaning of “paper ballot” to include not only unhackable hand marked paper ballots, but also hackable machine-marked summary cards with barcodes from expensive new electronic ballot marking devices (BMDs). The barcode, which voters can’t read, is the only part of the printout counted as your vote. Although the printouts also include a human readable summary, the BMDs can be hacked to change or omit the selections on the summary…The following states include one or more counties that have already chosen barcode BMDs for 2020: Ohio, Wisconsin, Pennsylvania, Texas, New York, New Jersey, Kansas, Kentucky, West Virginia, Tennessee, South Carolina, North Carolina, Georgia, Indiana, Delaware, and California…Thus, in addition to demanding that election-security legislation prioritize hand marked paper ballots and robust manual audits (and ban barcode voting), voters should insist that Representative Zoe Lofgren and other members of the House subpoena the vendors to testify under oath about ownership, past security lapses, and where and when they have installed remote access software and wireless modems.” Wired: Some Voting Machines Still Have Decade-Old Vulnerabilities (Sept. 26, 2019) “Today's report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year… "As disturbing as this outcome is, we note that it is at this point an unsurprising result," the organizers write. "It is well known that current voting systems, like any hardware and software running on conventional general-purpose platforms can be compromised in practice. However, it is notable—and especially disappointing—that many of the specific vulnerabilities reported over a decade earlier ... are still present in these systems today." The types of vulnerabilities participants found included poor physical security protections that could allow undetected tampering, easily guessable hardcoded system credentials, potential for operating system manipulations, and remote attacks that could compromise memory or integrity checks or cause denial of service. The report points out that many of these vulnerabilities were discovered years ago—sometimes more than a decade—in academic research or state and local audits. Additionally, voting machine security is only one item on a much larger punch list for better defending US elections. More districts need to implement network and cloud defenses to protect infrastructure like voter rolls and email, and more states need to conduct risk-limiting audits to verify elections results.” Hill: Hacker conference report details persistent vulnerabilities to US voting systems (Sept. 26, 2019) “Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines,” the report said. Despite the “disturbing” findings of the report, the authors wrote that the findings were “not surprising,” particularly in light of the fact that many of the election equipment cyber vulnerabilities found were “reported almost a decade earlier.” Equipment that was tested included those made by leading voting machines companies Election Systems and Software (ES&S) and Dominion Systems. The authors emphasized the need to secure the supply chain involved in building election equipment, noting the vulnerabilities posed by using components originating in foreign countries. They emphasized there is an “urgent need for paper-ballots and risk-limiting audits.” The authors also noted that the vulnerabilities found are particularly pressing given the lack of information technology expertise involved in running elections at the state and local level.” MotherJones: Researchers Assembled over 100 Voting Machines. Hackers Broke Into Every Single One. (Sept. 27, 2019) “Once again, Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room,” the authors wrote, pointing out that every piece of assembled equipment is certified for use in at least one US jurisdiction. The report urges election officials to use machines relying on voter-marked paper ballots and pair those with “statistically rigorous post-election audits” to verify the outcome of elections reflects the will of voters. The authors also warn that supply chain issues “continue to pose significant security risks,” including cases where machines include hardware components of foreign origin, or where election administrators deploy foreign-based software, cloud, or other remote services. Ultimately, the report notes flaws that have been acknowledged for years.” WaPo: The Cybersecurity 202: U.S. voting machines vulnerable to hacks in 2020, researchers find (Sept. 27, 2019) “The ethical hackers' tests, which took place this summer at the Def Con cybersecurity conference's "Voting Village," could easily be replicated by voters, poll workers, or anyone else with access to the machines, said Matt Blaze, a co-founder of the election testing project and a Georgetown University cryptography professor. And in some cases, he said, hackers could probably compromise the machines even if they weren’t anywhere near them — especially if poll workers made mistakes setting them up or took shortcuts. All it took was a few days of tinkering on machines they mostly bought on eBay. “The resources of…eBay are well within that of our foreign adversaries,” Blaze warned. Sen. Ron Wyden (D-Ore.), a major booster for election security funding, said the tests prove “it is basically a piece of cake for a relatively savvy hacker to compromise an election and alter votes."“ RollingStone: John Oliver Breaks Down Faulty Election Machine Security on 'Last Week Tonight' (Nov. 4, 2019) “Oliver pointed out that not only are aging machines likely to not function properly on their own — the glue on some touch screens can degrade and slip, causing the machine to register votes incorrectly — but they’re highly susceptible to tampering. Oliver offered various examples of how easy it is to physically hack a voting machine (it can take only a few minutes, and many are often left unattended when not in use), and how flimsy the claims are that most machines are never connected to the Internet. “So, some machines that officials insist don’t connect to the Internet, actually do connect to the Internet,” Oliver said. “And even some machines that don’t connect directly to the Internet are programmed with cards that have themselves been programmed on computers that connect to the Internet. One of the best ways to counter such tampering, Oliver said, is to use machines that also require a paper ballot, which can then be randomly audited after an election and compared to the digital results. However, many states still use paperless machines, and an estimated 16 million voters spread across numerous states will use them again in 2020.” Bloomberg: Expensive, Glitchy Voting Machines Expose 2020 Hacking Risks (Nov. 8, 2019) “Security experts say the cheapest, and to their minds, most reliable and hack-proof method to cast votes also happens to be the lowest tech: paper ballots marked by hand and fed through scanners (no chads) to tally the results. They have called for replacing computerized equipment—particularly paperless older models—with the decidedly Luddite alternative. The devices have “raised far more security questions than paper ballots because you have a potentially hackable computer standing between the voter and the record,” said J. Alex Halderman, a computer science professor at the University of Michigan, adding that without sufficient research, these new machines could be “a waste of money.”…Cybersecurity experts are baffled by local election officials choosing the computerized voting machines. “It’s a mystery to me,” said Rich DeMillo, a Georgia Tech computer science professor and former Hewlett-Packard chief technology officer. Paper ballots are marked with a writing utensil before being fed into a scanner. The more expensive ballot-marking devices use touchscreens to produce a paper record that the voter may review before putting into a scanner for tabulation. Neither method is entirely safe, as the scanner tallying paper ballots could be breached. But cybersecurity experts argue that the computerized model is riskier, because a hacked or buggy ballot marker could contaminate the paper record needed to audit results. A voter marking a ballot by hand could spoil his own but no one else’s. With ballot computers, it's up to the voter to catch and report errors in the receipt, and many don’t do that, according to a study DeMillo published in December. If authorities find a machine is at fault, the only fix is a new election, because the paper record is ruined… An investigation by City Controller Rebecca Rhynhart later found that ES&S had courted the tiny commission for six years, spending almost half a million dollars lobbying it. The company paid a $2.9 million penalty—the highest in Philadelphia history—for failing to disclose lobbying on bid documents, according to the city controller’s office. The company acknowledged that it erred by failing to register its lobbyists, saying it was due to a flawed interpretation of the city's procurement provisions…But the paper record they’re counting on isn’t reliable, said Philip Stark, a University of California-Berkeley statistics professor who invented the kind of post-election audit that security experts say is needed. “There’s no reason to believe that the paper trail generated by the XL accurately reflects voters’ selections,” he said.” NYBooks: How New Voting Machines Could Hack Our Democracy (Dec. 17, 2019) “The United States has a disturbing habit of investing in unvetted new touchscreen voting machines that later prove disastrous. As we barrel toward what is set to be the most important election in a generation, Congress appears poised to fund another generation of risky touchscreen voting machines called universal use Ballot Marking Devices (or BMDs), which function as electronic pens, marking your selections on paper on your behalf. Although vendors, election officials, and others often refer to this paper as a “paper ballot,” it differs from a traditional hand-marked paper ballot in that it is marked by a machine, which can be hacked without detection in a manual recount or audit. These pricey and unnecessary systems are sold by opaquely financed vendors who use donations and other gifts to entice election officials to buy them. These scholars warn that even a robust manual audit, known as a Risk Limiting Audit, cannot detect whether a BMD-marked paper ballot has been hacked. BMDs instead put the burden on voters themselves to detect whether such ballots include fraudulent or erroneous machine marks or omissions—even though studies already show that many voters won’t notice. For this reason, many analysts have cautioned against acquiring these new ballot-marking machines for universal use, but election officials in at least 250 jurisdictions across the country have ignored their advice. Georgia (all one hundred and fifty-nine counties), South Carolina (all forty-six counties), and Delaware (all three counties) have already chosen these systems for statewide use in 2020. At least one or more counties in the following additional states have done the same: Pennsylvania (for the most populous county, plus at least four more), Wisconsin (for Waukesha, Kenosha, Chippewa and perhaps more), Ohio (for the most populous county and others), Tennessee (for at least ten counties), North Carolina (for the most populous county), West Virginia (for the most populous county and at least one other), Texas (for at least Dallas and Travis counties), Kentucky (for the most populous county), Arkansas (at least four counties), Indiana (for the most populous county and at least eight others), Kansas (for the first and second most populous counties), California (again, for the most populous county), Montana (at least one county, though not until 2022), and Colorado (for early voting). New York state has certified (that is, voted to allow) one such system as well…Election-security expert Professor Rich DeMillo of the Georgia Institute of Technology says that, “like all voting machines, BMDs receive programming before each election via memory cards or USB sticks prepared on centralized election-management computers systems that are likely connected to the Internet on occasion.” Thus a hacker or corrupt insider could transfer malware to every BMD within the county or state by compromising either these centralized computers or the memory cards or USB sticks. Election security expert Professor Alex J. Halderman of the University of Michigan agrees that election management systems “sometimes are connected to the Internet or the data that’s programmed into them passes through an internet-connected system,” so that “we’re just one or two hops away from an online attacker.” As he testified to the House Appropriations Subcommittee earlier this year, “hackers who compromise an election management system can… spread a voter-stealing attack to large numbers of machines.” Moreover, he says that: A small number of election technology vendors and support contractors program and operate election management systems used by many local governments. The largest of these services over 2,000 jurisdictions spread across thirty-four states. Attackers could target one or a few of these companies and spread an attack to election equipment [including BMDs] that serves millions of voters…Last week, Democratic Senators Elizabeth Warren, Ron Wyden, and Amy Klobuchar, and Representative Mark Pocan (Democrat of Wisconsin) announced that they have opened an investigation into the “vulnerabilities and shortcomings of election technology industry with ties to private equity.” The reason the issue of private equity matters is that the top two vendors of these ballot-marking machines, Election Systems and Software LLC (ES&S) and Dominion Voting, account for more than 80 percent of US election equipment. They thus hold between them a near-monopoly on the industry, and their form of ownership means there is no way of discovering the details of who really owns them or even whether they are legitimate competitors.” WaPo: Voting machines touted as secure option are actually vulnerable to hacking, study finds (Jan. 8, 2020) “New voting machines that hundreds of districts will use for the first time in 2020 don’t have enough safeguards against hacking by Russia and other U.S. adversaries, according to a study out this morning from researchers at the University of Michigan. The study marks the first major independent review of the machines called ballot-marking devices, or BMDs, which at least 18 percent of the country's districts will use as their default voting machines in November. The results are a major blow for voting machine companies and election officials, who have touted BMDs as a secure option in the wake of Russia’s 2016 efforts to compromise U.S. election infrastructure. “The implication of our study is that it’s extremely unsafe [to use BMDs], especially in close elections,” Alex Halderman, a University of Michigan computer science professor and one of seven authors of the study, said in an interview…But only a handful of people who vote on BMDs are likely to check that their votes were recorded accurately, the researchers found – meaning that if hackers succeed in altering even a small percentage of electronic votes, they might be able to change the outcome of a close election without being detected. The findings come as election security groups in Pennsylvania are already suing to block some counties from using a specific brand of BMDs, the ExpressVote XL machines designed by Election Systems & Software, over hacking fears. The same machines also went haywire and called the wrong winner in a Pennsylvania county judge's race in November…The researchers list several recommendations for how election officials can use BMDs as safely as possible, but the clear lesson is that voting jurisdictions should switch to hand-marked paper ballots if at all possible, Halderman told me.” NBC: 'Online and vulnerable': Experts find nearly three dozens U.S. voting systems connected to internet (Jan. 10, 2020) “We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News. “We kept hearing from election officials that voting machines were never on the internet,” he said. “And we knew that wasn't true. And so we set out to try and find the voting machines to see if we could find them on the internet, and especially the back-end systems that voting machines in the precinct were connecting to to report their results.”…The three largest voting manufacturing companies — Election Systems &Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet…Skoglund said that they identified only one company among the systems they detected on line, ES&S. ES&S confirmed they had sold scanners with wireless modems to at least 11 states. Skoglund says those include the battleground states of Michigan, Wisconsin and Florida. While the company’s website states that “zero” of its voting tabulators are connected to the internet, ES&S told NBC News 14,000 of their DS200 tabulators with online modems are currently in use around the country. NBC News asked the two other major manufacturers how many of their tabulators with modems were currently in use. Hart said that it has approximately 1,600 such tabulators in use in 11 counties in Michigan. Dominion did not respond to numerous requests from NBC News for their sales numbers…“ES&S has repeatedly advertised its DS200 with internal modem — a critical component to ES&S’s voting systems — as being EAC certified when, in fact, it is not,” the letter said. “We therefore again respectfully request that EAC investigate and take action to correct this serious issue.” “Once you add that modem, you are de-certifying it,” Skoglund said. “It is no longer federally certified. And I don't know that all these jurisdictions are aware of that because ES&S is advertising otherwise.” ElectionLawJournal: Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters (Feb. 14, 2020) Voters can express their intent by indelibly hand-marking ballots, or using computers called ballot-marking device (BMDs). Voters can make mistakes in expressing their intent in either technology, but only BMDs are also subject to hacking, bugs, and misconfiguration of the software that prints the marked ballots. Most voters do not review BMD-printed ballots, and those who do often fail to notice when the printed vote is not what they expressed on the touchscreen. Furthermore, there is no action a voter can take to demonstrate to election officials that a BMD altered their expressed votes, nor is there a corrective action that election officials can take if notified by voters—there is no way to deter, contain, or correct computer hacking in BMDs. These are the essential security flaws of BMDs… Voting systems should be software independent, meaning that “an undetected change or error in its software cannot cause an undetectable change or error in an election outcome”. Some voting machines incorporate a BMD interface, printer, and optical scanner into the same cabinet. Other DRE+VVPAT voting machines incorporate ballot-marking, tabulation, and paper-printout retention, but without scanning. These are often called “all-in-one” voting machines. To use an all-in-one machine, the voter makes choices on a touchscreen or through a different accessible interface. When the selections are complete, the BMD prints the completed ballot for the voter to review and verify, before depositing the ballot in a ballot box attached to the machine. Such machines are especially unsafe: like any BMD described in Section 3 they are not contestable or defensible, but in addition, if hacked they can print votes onto the ballot after the voter last inspects the ballot. The ES&S ExpressVote (in all-in-one mode) allows the voter to mark a ballot by touchscreen or audio interface, then prints a paper ballot card and ejects it from a slot. The voter has the opportunity to review the ballot, then the voter redeposits the ballot into the same slot, where it is scanned and deposited into a ballot box. The ES&S ExpressVoteXL allows the voter to mark a ballot by touchscreen or audio interface, then prints a paper ballot and displays it under glass. The voter has the opportunity to review the ballot, then the voter touches the screen to indicate “OK,” and the machine pulls paper ballot up (still under glass) and into the integrated ballot box. The Dominion ImageCast Evolution (ICE) allows the voter to deposit a handmarked paper ballot, which it scans and drops into the attached ballot box. Or, a voter can use a touchscreen or audio interface to direct the marking of a paper ballot, which the voting machine ejects through a slot for review; then the voter redeposits the ballot into the slot, where it is scanned and dropped into the ballot box. In all three of these machines, the ballot-marking printer is in the same paper path as the mechanism to deposit marked ballots into an attached ballot box. This opens up a very serious security vulnerability: the voting machine can mark the paper ballot (to add votes or spoil already-cast votes) after the last time the voter sees the paper, and then deposit that marked ballot into the ballot box without the possibility of detection. Vote-stealing software could easily be constructed that looks for undervotes on the ballot, and marks those unvoted spaces for the candidate of the hacker’s choice. AP: Reliability of pricey new voting machines questioned (Feb. 23, 2020) “Nearly 1 in 5 U.S. voters will cast ballots this year on devices that look and feel like the discredited paperless voting machines they once used, yet leave a paper record of the vote. But computer security experts are warning that these so-called ballot-marking devices still pose too much of a risk. The machines have been vigorously promoted by the trio of privately held voting equipment vendors that control 88 percent of the U.S. market and are nearly unregulated at the federal level. They are expected to be used by some 40 million eligible voters more than in the 2018 midterm elections. Key counties in the crucial swing states of Pennsylvania, Ohio and North Carolina, much of Texas, California’s Los Angeles County and all of Georgia and Delaware have bought ballot-marking machines. So has South Carolina, which will use them in Saturday’s primaries.” Guardian: Hack the vote: terrifying film shows how vulnerable US elections are (March 26, 2020) “That seemingly benign piece of equipment – the hardware of American democracy – is, as several experts explain in HBO’s Kill Chain: The Cyber War on America’s Elections, nothing more than an obsolete computer. And these machines’ vulnerabilities to hacking are “terrifying”, Sarah Teale, co-director along with Simon Ardizzone and Russell Michaels, told the Guardian. America’s current election infrastructure is, as Kill Chain explains, a prescription for disaster – an outdated, willfully naive system no more prepared for attack than four years ago. Voting machines, meanwhile, are kept in service for decades; a new “secure” batch purchased for $107m by the state of Georgia came installed with dead-on-arrival Windows 7, said Hursti, “so you see how hopelessly this conversation is outdated”…“I hope ordinary Americans will come to the understanding that if any part of the election was connected to the internet it is vulnerable, and that these machines are vulnerable to hacking,” said Teale. Both Teale and Hursti are concerned with recent confidence in new measures such as ballot-marking machines or individual bar codes – both of which put yet another computer, and thus another hacking vulnerability, between the voter and the vote. “If they cannot see how they voted, if there isn’t a piece of paper with that clearly on it, it can be changed,” said Teale.” HBO: Kill Chain: The Cyber War on America’s Elections (March 26, 2020) “From directors Simon Ardizzone, Russell Michaels and Sarah Teale, the team behind HBO’s 2006 Emmy-nominated documentary Hacking Democracy, Kill Chain again follows Finnish hacker and cyber security expert Harri Hursti as he travels across the U.S. and around the world to show how our election systems remain unprotected, with very little accountability or transparency. Hursti’s eye-opening journey is supplemented by candid interviews with key figures in the election security community, as well as cyber experts and U.S. senators from both parties who are fighting to secure the integrity of the vote before November 2020. As the film shows, individuals, foreign states and other bad actors can employ a myriad of techniques to gain access to voting systems at any stage – from voter registration databases to actual election results.” WSJ: Why a Data-Security Expert Fears U.S. Voting Will Be Hacked (April 24, 2020) “By modifying just a few lines of code on the machine’s memory card, Mr. Hursti says, he could change the results of a mock election. That same model, he adds, will be among those used in the 2020 elections. (A spokesperson for the machine’s vendor, Dominion Voting, says that these weaknesses were fixed in 2012, but Mr. Hursti says that he has tested the new version and found the updates insufficient.)…Mr. Hursti warns that many voting systems have modems or other forms of network connectivity that transmit data which, he says, a determined hacker could intercept…In the documentary, Mr. Hursti says that he found more than 1,000 such machines for sale on eBay : A hacker, he notes, could simply buy one, study it and learn how to connect to it remotely…Voting Village hackers reported vulnerabilities in many of the machines, including the widely used Model 650 made by Election Systems & Software (ES&S). Eleven years earlier, Mr. Hursti had detected flaws in that machine and alerted the company; he realized that nothing had been fixed.” WhoWhatWhy: Touchscreen Voting Machines And The Vanishing Black Votes (May 27, 2020) “Votes from predominantly black precincts have mysteriously vanished from touchscreen voting machines in both Tennessee and Georgia in recent elections. Georgia replaced the touchscreen system it had been using since 2002 with yet another controversial touchscreen system, rejecting the advice of most election security experts, who note that hand-marked paper ballots are less vulnerable to both tampering and error. A BMD functions as an electronic ballpoint pen and marks the ballot for the voter. A separate or integrated scanner does the actual counting. Nearly all of the current generation of BMDs, including those chosen by Shelby County, record votes on paper with a barcode, which is impossible for the voter to read. In most cases, voters cannot decipher the barcodes with a smartphone, because the barcodes are proprietary to the vendor. Richard DeMillo, an election security expert and a computer science professor at the Georgia Institute of Technology, warns that the barcode represents a new potential target for hackers since it can be altered to flip votes. As indicated in a recent study co-authored by J. Alex Halderman, an election security expert at the University of Michigan, voters reported only 7 percent of errors made by BMDs. According to Halderman, “the implication of our study is that it’s extremely unsafe [to use BMDs], especially in close elections.”…In 2015, when Bennie Smith discovered the disappearance of votes from predominantly African American precincts, he documented the evidence by photographing the totals reported in poll tapes, the paper printouts generated by each machine after the polls close. He then compared the figures from the machines to the totals generated by the central computer, which revealed that votes from predominantly black precincts had been eliminated…In 2018, the Coalition for Good Governance (CGG), a nonprofit group in Georgia, decided to cross-reference poll tapes from Georgia precincts, which also used Diebold/ES&S touchscreen voting machines. It discovered that some 127,000 votes from predominantly black precincts had mysteriously vanished…Using electronic poll books to activate BMDs can be risky. Duncan Buell, an election security expert who serves on the faculty of the University of South Carolina, told WhoWhatWhy that “in some jurisdictions the e-poll books are connected via the internet back to home base at county headquarters. If that is the case, then one has to assume that the e-poll book is hackable and thus that the barcode is also hackable in any number of different ways.” Using electronic poll books to activate BMDs can be risky. Duncan Buell, an election security expert who serves on the faculty of the University of South Carolina, told WhoWhatWhy that “in some jurisdictions the e-poll books are connected via the internet back to home base at county headquarters. If that is the case, then one has to assume that the e-poll book is hackable and thus that the barcode is also hackable in any number of different ways.” KimZetter: The Election Security Crisis and Solutions for Mending It (Sept.1, 2020) The targeting of voting infrastructure by Russian nation-state agents during the 2016 U.S. presidential election highlighted something computer security and election integrity experts had known for nearly two decades — that electronic voting systems used throughout the United States are vulnerable to manipulation from malicious outsiders and rogue insiders. Furthermore, the attempted interference in the 2016 election proved that little had been done to address this issue since the systems were first put in place in the early 2000s… Threats against voting machines that are not connected to the internet can come from malicious insiders who have physical access to the voting machines or to the systems that program those machines. Alternatively, external hackers can gain remote access to the networks of voting machine manufacturers and slip malicious code into the software and systems that those companies supply to states… According to experts, there is little that individual states can do to mitigate the risks these machines pose before election day 2020 or future U.S. elections. The only way to address the problem is to mandate the use of voter-marked paper ballots and implement robust election audits. These audits can help verify the digital tallies or alert election officials when those results should not be trusted, based on evidence of potential interference. Statisticians and election-security experts consider risk-limiting audits the gold standard. These are manual audits that compare digital votes against a percentage of paper ballots cast in every polling place in a county…In 2008 in California, an optical-scan system made by Diebold Election Systems inexplicably dropped a batch of 197 absentee ballots from memory. The county caught the problem only because it had launched a unique ballot transparency project that year — in addition to scanning ballots through its Diebold scanner, the county purchased an off-the-shelf Fujitsu scanner and scanned the paper ballots a second time through that machine. When officials noticed that the total number of ballots scanned on the two machines were different, they discovered that 197 ballots scanned into the Diebold system on election day had subsequently disappeared from the system. When officials examined the system’s activity log, there was no record that the ballots were ever in the system, though they had shown up in vote tallies during the initial days after the election. California officials were never able to fully determine what had gone wrong…The problem with a ballot-marking device, however, is that a computer marks the paper, not the voter. Unless voters review their ballots after they are printed and before they are scanned, the system could show them one set of votes on-screen and record something else on the ballots. Some ballots also include a quick-response (QR) code or bar code on the printed ballot. If the optical scanner is allowed to scan the code instead of the human-readable portion of the ballot, the system could be manipulated to record votes differently in the QR code than on the human-readable portion that voters can review….Computer security and election integrity experts agree that the best way to address the problems in election software is to implement a solution that is software-independent. The clearest solution lies with paper ballots and post-election audits. DotLA: LA County is Tabulating Votes with QR Codes. Security Experts Think It's a Bad Idea (Oct. 22, 2020) Dozens of advocacy groups have warned California's top election official that the electronic touchscreen system used for in-person voting relies on QR codes to tabulate votes. QR codes are vulnerable to hackers and system malfunctions and cannot be easily verified by most voters, U.S. government and outside experts have found. A coalition of 36 election-security experts and advocacy groups wrote in a letter last month to Secretary of State Alex Padilla that they were "gravely concerned that [L.A. County's recently certified system] uses QR codes for tabulation" and urged him to stop relying on QR codes to tally votes at least by the 2022 primary election. "Although voters can easily verify the selections that the [voting system] prints on their ballot in their own language, they cannot easily verify the QR codes that [it] will actually use to tally votes," the letter said. If the system is hacked or wrongly records a voter's selections while electronically encoding it into the QR, there's no quick and easy way to tell…L.A. County's new voting system, manufactured by Smartmatic Corp., a voting technology company that has been scrutinized for ties to the Venezuelan government, was first used for the presidential primary in March…Such barcode-based devices also "raise security and verifiability concerns," according to an election-security report released by the National Academies of Sciences, Engineering, and Medicine last year. And the U.S.'s National Institute of Standards and Technology noted that barcodes could result in a voter being presented with different ballot selections than what the machine reads. "If barcodes are used for tabulation of cast ballots, any modification of a voter's ballot selections may go undetected and impact the election results," NIST wrote. All of this is especially problematic, experts say, because a recent University of Michigan study on voter behavior found that few voters check or detect errors on their ballots. Colorado's Secretary of State Jena Griswold said in a news release at the time that "although voters can see their vote choices, they cannot verify that the QR code is correct" and the QR codes "could be among the next target of an attack and are potentially subject to manipulation." Griswold said Colorado will stop using machines that use barcodes or QR codes to count votes after 2021. The state has been a national leader in adopting election security best practices, including practices like risk-limiting audits to verify election results. AJC: In high-stakes election, Georgia’s voting system vulnerable to cyberattack (Oct. 23, 2020) “Headed into one of the most consequential elections in the state’s history, Georgia’s new electronic voting system is vulnerable to cyberattacks that could undermine public confidence, create chaos at the polls or even manipulate the results on Election Day. Computer scientists, voting-rights activists, U.S. intelligence agencies and a federal judge have repeatedly warned of security deficiencies in Georgia’s system and in electronic voting in general…In addition, days before early voting began on Oct. 12, Raffensperger’s office pushed out new software to each of the state’s 30,000 voting machines through hundreds of thumb drives that experts say are prone to infection with malware… Officials tell voters to verify their selections on a paper ballot before feeding it into an optical scanner. But the scanner doesn’t record the text that voters see; rather, it reads an unencrypted quick response, or QR, barcode that is indecipherable to the human eye. Either by tampering with individual voting machines or by infiltrating the state’s central elections server, hackers could systematically alter the barcodes to change votes. Such a manipulation could not be detected without an audit after the election…The new system runs on a mind-boggling network of components: an electronic pollbook to check voters' registration, a device that encodes a ballot access card, a touchscreen ballot-marking device, a printer and, finally, an optical scanner. No other state uses the system, manufactured by Canada-based Dominion Voting Systems, in every polling place. Texas rejected Dominion’s equipment, saying its examiners encountered “multiple hardware issues” and could not certify that it was “safe from fraudulent or unauthorized manipulation.”…Tapping into the system would be relatively easy, Hursti said in an interview, because the pollbooks have internet capability, even if they are not always actively connected to a WiFi network, and are linked to each other through Bluetooth connections…In a report last year, the U.S. Senate Intelligence Committee listed pollbooks among the “vulnerable components of the U.S. election infrastructure.”” NYBooks: How Safe Is the US Election From Hacking? (Oct. 31, 2020) In September, The New York Times reported on a concerning surge in Russian ransomware attacks against the United States, including “against small towns, big cities and the contractors who run their voting systems,” the “full scale” of which “is not always disclosed.” Last week, the newspaper further reported that Russia “has in recent days hacked into state and local computer networks in breaches that could allow Moscow broader access to American voting infrastructure,” but said that “Russia’s ability to change vote tallies nationwide is limited,” a caveat that seems more ominous than reassuring…In August 2016, according to David Shimer’s book Rigged, “the U.S. Intelligence community had reported that Russian hackers could edit actual vote tallies, according to four of Obama’s senior advisors.”…On August 29, 2016, Reid published a letter he’d sent to then FBI director James Comey in which he said the threat of Russian interference “is more extensive than is widely known and may include the intent to falsify official election results.”…According to Rigged, the Department of Homeland Security (DHS) did not have independent surveillance abilities and just thirty-six local election offices had let them assess the security of their voting systems before the 2016 election. In January 2017, the DHS confirmed that it had conducted no forensic analysis to verify that vote tallies weren’t altered. In June 2017, it again confirmed that it had conducted no such forensic analysis and did not intend to do so. Senator Ron Wyden, Democrat of Oregon, has since said that “As far as I can tell, no systematic post-election forensic examination of these voting machines took place. Whatever the reason for this failure to act, this administration cannot afford to repeat the mistakes of 2016.” Before each election, all voting machines must be programmed with new ballots. They typically receive this programming via removable memory cards from county election management systems or computers outsourced to third parties. According to election security expert J. Alex Halderman and others, most election management systems can and likely do connect to the Internet from time to time or receive data from other, Internet-connected systems. In Halderman’s view, according to the tech news site Cyberscoop, “a determined attacker could spearphish the individuals responsible for programming the ballots and infect their devices with [vote-changing] malware” that could spread via the memory cards to all of the voting machines in a county or state; and “there’s little visibility into how officials or third parties manage the ballot programming process and whether they use cybersecurity best practices.” Furthermore, Wisconsin and Florida approved in 2015 the installation of cellular modems in their Election Systems & Software (ES&S) precinct ballot scanners, which are used to count paper ballots (whether marked by hand or with a touchscreen). Poll workers use these modems to transfer unofficial vote totals from the precincts to the county election management systems (which include the county central tabulators) on election night…As cybersecurity journalist Brad Friedman told me, “an election commission headed up by President Jimmy Carter found after the controversy surrounding the secret tabulation of the election in Ohio in 2004, that election insiders remain the greatest threat to our elections.” Election management systems, voting machines, memory cards, and USB sticks are among the many things that election insiders could corrupt. The software used in voting machines and election management systems is proprietary to the vendors, making it difficult to obtain permission to forensically analyze them. Experts say hackers could erase their tracks anyway… Since the 2016 election, most states have installed devices to detect efforts at voter registration system intrusion, known as Albert sensors (after Albert Einstein), as a primary defense against hacking. As reported by Bloomberg in 2018, these sensors “have a knack for detecting intrusions like those from Russian hackers” and “funnel suspicious information to a federal–state information-sharing center,” known as the Elections Infrastructure Information Sharing and Analysis Center (an agency run by the Center for Internet Security, which Reuters describes as “a nonprofit that helps governments, businesses and organizations fight computer intrusions”). Per Bloomberg, Albert sensors are “intended to help identify malign behavior and alert states quickly.” But they “can’t block a suspected attack,” and “experts caution that they’re not deployed to most of the 9,000 local jurisdictions where votes are actually cast, and sophisticated hackers can sneak past the sensors undetected.”…Although all electronic election equipment is vulnerable, electronic pollbooks are particularly risky because they often rely on a Wi-Fi or Bluetooth connection. Despite these reliability and security issues, use of electronic pollbooks has risen significantly since 2016…In late 2015, a poll tape analysis conducted by Bennie Smith, an election commissioner in Shelby County, Tennessee, revealed that votes had disappeared from voting machines serviced and maintained by ES&S in predominantly African-American precincts during the county’s municipal election held in October that year. USA Today: Will your ballot be safe? Computer experts sound warnings on America's voting machines (Nov. 2, 2020) “Millions of voters going to the polls Tuesday will cast their ballots on machines blasted as unreliable and inaccurate for two decades by computer scientists from Princeton University to Lawrence Livermore National Laboratory. Toyed with by white-hat hackers and targeted for scathing reviews from secretaries of state in California and Ohio, Direct Recording Electronic voting systems, or DREs, have startled Illinois voters by flashing the word "Republican" at the top of a ballot and forgotten what day it was in South Carolina. They were questioned in the disappearance of 12,000 votes in Bernalillo County, New Mexico, in 2002 and 18,000 votes in Sarasota County, Florida, in 2006. “Antiquated, seriously flawed and vulnerable to failure, breach, contamination and attack,” U.S. District Judge Amy Totenberg wrote of Georgia's aging DRE system before ordering the state to replace it in 2019. “No one is using a computer they purchased in the 1990s,” said Warren Stewart, senior editor and data specialist for Verified Voting, a nonprofit advocacy group tracking election systems. But voters in more than 300 counties and 12,000 precincts will be casting ballots using DRE technology already aging in the 1990s, when flash drives were bleeding-edge tech and Netscape Navigator was the next new thing. DREs aren't the only problematic voting systems. As late as July, more than 1,200 jurisdictions were planning to count absentees on scanners so old they are no longer manufactured, and it's not clear how many, if any, updated their equipment since then…In 2007, secretaries of state in Ohio and California took a detailed look at how votes were being counted in their state. The Ohio secretary of state’s review found one DRE system in wide use both in Ohio and across the country had “several pervasive, critical failures,” including failing to follow industry security standards. California’s secretary of state found one DRE system was built around an inherently fragile design. In another, virtually every important software security mechanism was vulnerable. A third appeared to be susceptible to a variety of attacks that would allow an attacker to control the system. In all cases, cryptography, the coding enabling information to be kept secret, was flawed or missing. Computer scientists David Dill of Stanford University and Dan Wallach of Rice University questioned whether the investigations went far enough. In one state report, researchers had referred to large numbers of bugs they found in the system, pointed out Dill and Wallace. The bugs weren’t considered pertinent to the state investigation. They were not made public. ” Politico: One big flaw in how Americans run elections (Nov. 2, 2020) In November 2016, Green Party presidential candidate Jill Stein sought recounts of the presidential election results in Michigan, Pennsylvania and Wisconsin — three states critical to Donald Trump’s upset victory. Stein had no evidence of fraud, but she cited Russian hackers’ targeting of the election, known security flaws in the states’ voting machines, a number of voting irregularities and discrepancies among the official tallies, historical voting patterns and polls that had predicted a Hillary Clinton win…And when Stein sought access to the software code used in Wisconsin’s voting machines — something state law permits for recount petitioners — the vendors who made the voting machines waged a protracted legal fight that has left Stein’s computer experts still waiting to see the code, four years later…Before his surprise win four years ago, Trump seized on machine malfunctions in states like Pennsylvania as evidence that the election should not be trusted. Dan Coats, Trump’s former director of national intelligence, seemed to acknowledge the lack of integrity mechanisms in an op-ed for The New York Times in September, when he proposed that Congress establish an independent, bipartisan commission to combat efforts to undermine trust in the current election…Two of their bills — the PAVE Act and the SAFE Act — failed to advance in the Republican-dominated Senate…Another incomplete investigation involved a 2006 election in which Florida Republican Vern Buchanan won a U.S. House seat by fewer than 400 votes. More than 18,000 ballots in Sarasota County showed no votes cast in the House race — a gap known as an undervote. State and federal probes examined voters’ complaints that the paperless touchscreen voting machines may have failed to record their choice in the race, while county officials insisted that voters had intended to leave the race blank or had simply missed it on the ballot. Florida’s Department of State conducted tests and concluded that the machines weren’t at fault, but experts called the tests flawed. More extensive testing by the Government Accountability Office “did not identify any problems” with the devices but also couldn’t say definitively that they hadn’t dropped votes, only that they were unlikely to be the cause. The questions could have been answered easily if the election had used paper ballots, which would have provided a permanent record of the voters’ selections. One example involved the sudden disappearance of 16,000 votes from Al Gore’s tally on the night of the 2000 election, after news networks had already projected him the winner in Florida over Bush. Orlich appealed to friends in the state Senate to investigate, and they hired University of Iowa computer science professor Doug Jones. Jones, who used to chair the board responsible for testing and certifying voting machines in Iowa, tested six Maricopa ballot-scanning machines and found big disparities in how they treated ballots marked with pencil or black pen. The scanners were “only marginally sensitive” to ink and overly sensitive to pencil, interpreting tiny lead specks and smudges as votes. Jones believed that some of the scanners had either missed votes during the initial tally or erroneously counted stray pencil marks during the recount. Another possibility: Someone added votes to the ballots before the recount. Jones wanted to examine the ballots, but before he had a chance, FBI agents intervened and seized them… Resistance by voting machines vendors, who fight efforts by candidates and others to examine their systems. The vendors usually investigate their own machines, often blaming voters, poll workers or election staff for whatever went wrong. That happened in 2008, when a tabulation system made by Diebold (then calling itself Premier Election Solutions) dropped hundreds of votes in Ohio counties during the presidential election. The company faulted election workers and an antivirus program the counties had installed, before finally admitting the problem was a decadeold programming error in its software…Destroyed data. Election officials are legally required to retain federal election records 22 months after polls close. But Georgia election officials wiped a server clean in mid-2017, even though it was less than a year after the 2016 election and the data was central to a lawsuit filed by an election integrity group…Records that never existed to begin with. In Humboldt County, Calif., during the 2008 presidential election, a Diebold tabulator inexplicably dropped 197 ballots from the tallies of the county’s scanned-in paper ballots. County officials discovered that the system’s logs had failed to record critical information that could have explained when and why the ballots disappeared — a lapse that violated the federal voting system guidelines that systems used in California are supposed to meet. In 2006 in Ohio, a Franklin County programmer disabled a voting machine logging function that was supposed to track any changes made to software on the machines. He said the voting machine vendor, Election Systems and Software, advised him to do this because it would speed up the process of programming the machines before elections…Twenty-one states and the District of Columbia have automatic recounts if the margin is narrow, usually 1 percent or less. Forty-three states and D.C. let candidates or voters petition for a recount, but the requirements vary. HeritageFoundation: Iranian Hackers Indictment Shows Vulnerability of Online Voter Registration (Nov. 30, 2021) Anyone inclined to downplay the risks involved in states allowing online, Internet-based voter registration, take note: Last week, the Justice Department unsealed a federal indictment of two Iranian hackers that shows how the system provides cyber-criminals–and foreign governments–a vulnerable pathway into state databases and our election systems. The U.S. Attorney for the Southern District of New York charged the two with participating in a “coordinated and multi-faceted, cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord” in the 2020 presidential election. Both of the hackers were contractors for Eelyanet Gostar, an Iranian company that provides cybersecurity services for the Iranian government. According to the indictment, in September and October of 2020, the hackers targeted 11 state voter registration and voter information websites. They managed to get into one of the states (not identified in the indictment) and download information on 100,000 voters. Next, the hackers used social media platforms to send emails and Facebook messages to Republican senators and representatives, individuals in President Trump’s presidential campaign, White House advisors, and members of the media, claiming that the Democratic Party was planning on exploiting “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The hackers masqueraded as a “group of Proud Boys volunteers.” They then created a false video that supposedly showed someone hacking into a state voter registration website and creating fraudulent absentee ballots through the Federal Voting Assistance Program for military and overseas American voters. They again made it look like the Proud Boys had obtained the surreptitious video. GovernmentTechnology: Report: Hackers Can Flip Votes in Georgia's Voting System (Jan. 27, 2022) A confidential report alleges that hackers could flip votes if they gained access to Georgia's touchscreens, drawing interest from the U.S. Department of Homeland Security, Louisiana election officials and Fox News. One key agency hasn't asked the court to disclose the report: the Georgia secretary of state's office. There's no sign that state election officials have done anything about the vulnerability, a potential flaw dangerous enough to be kept under seal, labeled in court as "attorneys' eyes only" six months ago. The vulnerability hasn't been exploited in an election so far, according to examinations of the state's Dominion Voting Systems equipment, but election security experts say it's a risk for upcoming elections this year…The vulnerability was first alleged in sealed court documents in July by Alex Halderman, a computer science professor at the University of Michigan. As an expert for plaintiffs in the election security lawsuit, Halderman gained access to Georgia voting equipment for 12 weeks and produced a 25,000-word secret report. Halderman found that malicious software could be installed on voting touchscreens so that votes are changed in QR codes printed on paper ballots, which are then scanned to record votes, according to court documents. QR codes aren't readable by the human eye, and voters have no way to know whether they match the printed text of their choices. The vulnerability could be exploited by someone with physical access to a voting touchscreen, such as a voter in a polling place, or by an attacker who used election management system computers, Halderman said. A hacker in a polling place could only target one touchscreen at a time, limiting the number of votes that could be changed, but an attack on election management systems could have a broader impact…The potential ability to hack voting touchscreens that print out paper ballots extends beyond Georgia. Dominion ballot-marking devices are used in jurisdictions in 12 states, including California, Michigan and Missouri.