Our vulnerable voting machines

In 1993, 25 years ago, security researchers began an annual conference called Def Con in Los Vegas. Security professionals from all over the world attend, including hackers, designers, members of the NSA and FBI, journalists and researchers. Many papers are presented, and it is widely considered one of the most important security events of the year. In addition, there are hacking contests where prizes are awarded for breaking into various types of systems.

Last year they included The Voting Village. In it 25 pieces of election equipment including voting machines and electronic poll books were offered for hacking. Most were commonly used in the United States. All were hacked, including even mock back-office simulated election administration databases.

The point is, our voting machines and voter registration are vulnerable.

The Russians

A lot of noise is being made about Russian hacking. I do not understand this. There is no reason to believe that Russians hacking our voting rolls or results would be any worse than any other group. In fact, I'd prefer any external group to any American group. It seems to me that it would be worse for some group of American corporations to hack our elections than for the Russians to do it. I don't want the Republicans or the Democrats or the American Nazi Party or the American Green Party or any American Corporation hacking our elections either. All these seem more dangerous than any outside government.

The Russians seem more interested in creating a lack of faith in our election process and results. They want to convince Americans that we are in worse shape than we are. This seems to be the lesser of two evils. I'd rather we thought we were less secure than we are, than that we think everything is fine while the elections are rigged without our knowing.

Congressional Action

Last December 3 Republicans and 3 Democrats submitted the Secure Elections Act. From what I've been able to tell, it is a good start. It aims to:

Promote information sharing with machine companies, city and state government and federal agencies. This includes companies disclosing when they have been hacked and the Federal government promptly disclosing when it finds hacking of State and local systems.
Fund improvements to state election systems through grants and replacing outdated machines and pushing local governments toward paper ballots.
Establish bug bounties to uncover vulnerabilities

The bug bounties in particular are a reversal of the attacks against those exposing flaws. They call this aspect: Hack the Election. States will be helped and given grants to set up structures for hackers expose flaws in the system. The grants are structured to improve accountability and transparency, including a return to paper ballots. Five states don't have paper ballots and have no way to verify the correctness of their results.

How is Oregon Doing?

After our debacle with Oregon's failed health insurance exchange, I approached our system with a skeptical eye. But, the facts are quite promising. We have paper ballots. Our vote counting machines are not connected to the Internet. Surveillance of the counting is intensive. There are audits before, during and after.

Keeping clients' computers safe and profitable for over 30 years

Our vulnerable voting machines

The Russians

More problems

Congressional Action

How is Oregon Doing?

Further Reading

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Our vulnerable voting machines In 1993, 25 years ago, security researchers began an annual conference called Def Con in Los Vegas. Security professionals from all over the world attend, including hackers, designers, members of the NSA and FBI, journalists and researchers. Many papers are presented, and it is widely considered one of the most important security events of the year. In addition, there are hacking contests where prizes are awarded for breaking into various types of systems. Last year they included The Voting Village. In it 25 pieces of election equipment including voting machines and electronic poll books were offered for hacking. Most were commonly used in the United States. All were hacked, including even mock back-office simulated election administration databases. The point is, our voting machines and voter registration are vulnerable. The Russians A lot of noise is being made about Russian hacking. I do not understand this. There is no reason to believe that Russians hacking our voting rolls or results would be any worse than any other group. In fact, I'd prefer any external group to any American group. It seems to me that it would be worse for some group of American corporations to hack our elections than for the Russians to do it. I don't want the Republicans or the Democrats or the American Nazi Party or the American Green Party or any American Corporation hacking our elections either. All these seem more dangerous than any outside government. The Russians seem more interested in creating a lack of faith in our election process and results. They want to convince Americans that we are in worse shape than we are. This seems to be the lesser of two evils. I'd rather we thought we were less secure than we are, than that we think everything is fine while the elections are rigged without our knowing. More problems The companies making voting machines don't want us to know their machines are vulnerable and don't want to spend the money necessary to make them safe. They are trying to prevent Defcon from buying machines for this year. They are also using the DMCA (Digital Millennium Copyright Act) to protect their software from hacking. That act criminalizes attempts to circumvent control or to use their product in an unauthorized way. If you expose a flaw by showing how it can be hacked, then you have violated their copyright with unauthorized access. Congressional Action Last December 3 Republicans and 3 Democrats submitted the Secure Elections Act. From what I've been able to tell, it is a good start. It aims to: Promote information sharing with machine companies, city and state government and federal agencies. This includes companies disclosing when they have been hacked and the Federal government promptly disclosing when it finds hacking of State and local systems. Fund improvements to state election systems through grants and replacing outdated machines and pushing local governments toward paper ballots. Establish bug bounties to uncover vulnerabilities The bug bounties in particular are a reversal of the attacks against those exposing flaws. They call this aspect: Hack the Election. States will be helped and given grants to set up structures for hackers expose flaws in the system. The grants are structured to improve accountability and transparency, including a return to paper ballots. Five states don't have paper ballots and have no way to verify the correctness of their results. How is Oregon Doing? After our debacle with Oregon's failed health insurance exchange, I approached our system with a skeptical eye. But, the facts are quite promising. We have paper ballots. Our vote counting machines are not connected to the Internet. Surveillance of the counting is intensive. There are audits before, during and after. Further Reading Electronic voting in general: Wikipedia Oregon Department of State: "How Secure are Oregon Elections?" Langford bill - Secure Elections Act ArsTechnica article From the always good Law Fare Blog Defcon Report: Engadget article Actual PDF of the report: Date: April 2018 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk