“Threats to the integrity of our elections are constantly evolving. Not too long ago, a primary focus for election officials was securing voting machines. Today, cyberattack vectors have expanded — and so must our defenses,” writes Mr. Padilla, US Senator (D) from California, and former California Secretary of State
Computers liberate us from grunt work of having to calculate lots of data by hand. But computers get hacked. How do we balance freedom with safety?
On this page, you will find links to cybersecurity experts who grapple with the challenges of protecting electronic elections.
Are Voting Machines Reliable?
After the 2016 election, many people, particularly Democrats, worried that Russians had hacked US elections. This led to a flurry of research on the integrity of voting machines. Below are links to some of the findings:
By Cory Doctorow in The Washington Post, 2021. “Although the conspiracy theories are nonsense, that doesn’t mean there’s anything unreasonable about mistrusting voting machines, about which experts have been sounding the alarm for years. Even before Bush v. Gore — with its disputes over missed votes and hanging chads — voting machines were a cesspool of low reliability and low security, not to mention profiteering. And they still are,” writes Mr. Doctorow, describing voting machines used in the 2020 election.
2020 by Matt Blaze – founder of Voting Village at DefCon (Annual Hacker’s Conference). Blaze, a cryptography expert and chair of computer science and law at Georgetown University, Washington DC, gave the keynote speech at the opening of the virtual Black Hat security conference. Blaze points to “a ballooning attack surface, including county-level election management software, voting machine software, removable media such as USB sticks, and human targets.”
2020 in Election Law Journal. – “The complexity of U.S. elections usually requires computers to count ballots—but computers can be hacked, so election integrity requires a voting system in which paper ballots can be recounted by hand. However, paper ballots provide no assurance unless they accurately record the votes as expressed by the voters. Voters can express their intent by indelibly hand-marking ballots, or using computers called ballot-marking devices (BMDs). Voters can make mistakes in expressing their intent in either technology, but only BMDs are also subject to hacking, bugs, and misconfiguration of the software that prints the marked ballots. Most voters do not review BMD-printed ballots and those who do often fail to notice when the printed vote is not what they expressed on the touchscreen. Furthermore, there is no action a voter can take to demonstrate to election officials that a BMD altered their expressed votes, nor is there a corrective action that election officials can take if notified by voters—there is no way to deter, contain, or correct computer hacking in BMDs. These are the essential security flaws of BMDs.”
by Jennifer Cohn. 2019. “We have a longstanding habit in the United States of adopting voting technology systems for use in the polling place without any real studies of how well they work. We only learn about their failings after the machines are deployed and widely used.”
In this video, CNN reports on the largest convention of hackers in the world. Hackers demonstrated how easy it is to turn voting machines inside out and to disrupt democracy.
by Alex Padilla. California’s former Secretary of State, now US Senator (D) from California, writes about the dangers of using electronic voting machines. “Threats to the integrity of our elections are constantly evolving. Not too long ago, a primary focus for election officials was securing voting machines. Today, cyberattack vectors have expanded — and so must our defenses,” writes Mr. Padilla.
by Danielle Root and Liz Kennedy, 2017. “In June 2017, reports surfaced that Russian hackers infiltrated 39 state election systems in the lead-up to Election Day, while a top-secret National Security Agency (NSA) report published by The Intercept in July revealed that Russian military intelligence, or the Main Intelligence Directorate (GRU), sent spear-phishing emails to 122 email addresses associated with those likely “involved in the management of voter registration systems” in an attempt to probe or infiltrate voting databases. After successfully breaching election records in Illinois, hackers attempted to delete and alter voter information. The Illinois database contained the personal information including names, birthdates, gender, driver’s license numbers, and partial Social Security numbers—of 15 million people. Bloomberg estimates that as many as 90,000 records were compromised.
DefCon Voting Villiage Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure September 2018
The Vulnerabilities of Our Voting Machines: When Americans go to the polls, will hackers unleash chaos?
by Jen Schwartz, November 1, 2018
“What’s happening in Texas is another warning sign of aging machines not functioning well, which makes them fertile ground for vote-stealing attacks,” said computer scientist J. Alex Halderman. As cybersecurity journalist Kim Zetter recently wrote in The New York Times Magazine, “It’s not too grand to say that if there’s a failure in the ballot box, then democracy fails.”
About Voting Machine Companies
SmartMatic was formed by Antonio Mugica, Alfredo José Anzola and Roger Piñate in order to address election corruption in Venezuela. Smartmatic systems were used to elect Chauvez. Smartmatic is a multinational company that specializes in building and implementing electronic voting systems.
The Chairman of the Board of Directors of Smartmatic, is Mr. Neffenger [Wikipedia]. In November 2020, Neffenger was named a volunteer member of the Joe Biden presidential transition Agency Review Team to support transition efforts related to the Department of Homeland Security.[Wikipedia]. Although Smartmatic does not own Dominion Voting Systems and has never provided Dominion with any technology, Smartmatic did license Dominion Software.
Cybersecurity’s Revolving Door
Jeanette Manfra, one of the U.S. government’s most influential cybersecurity officials who investigated cyber threats to voting machines, now works at Google.
Manfra has taken a job at the tech giant’s cloud division in January, 2019 after leaving her post as assistant director for cybersecurity at the Department of Homeland Security.
According to Cyberscoop, Manfra is “global director of security and compliance as part of a new security team at Google Cloud . . . She will help lead a new “Office of the CISO” initiative at Google Cloud to bolster security with Cloud customers.”
“It’s not too grand to say that if there’s a failure in the ballot box,
then democracy fails.” ~ Kim Zetter in The New York Times Magazine