Privacy Plus+: Securing our elections
Privacy, Technology and Perspective
Securing our elections. This week, we return to the topic of election security, and governmental entities who contract without appropriate due diligence and contract negotiations.
Vice has reported that voting machines made by the top voting machine company in this country, Election Systems & Software (“ESS”), have been left exposed online despite ESS’s denials, and to the ultimate effect of potentially allowing a hacker to alter official election results. A link to the article in Vice follows: https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials.
Hacking election machinery may not be nearly as hard to do as we might suppose – or as hard as it jolly-well ought to be.
The Guardian reports that at the Defcon hackers conference last year, a collection of children were given basic hacking instructions and then were turned loose on the voting machinery of a number of states. It took an eleven-year old girl all of ten minutes to hack the first voting machine and change the election results. Every one of the states’ machines followed. On average, the kids took about fifteen minutes to crack each machine. A link to the article in The Guardian follows: https://www.theguardian.com/technology/2018/aug/22/us-elections-hacking-voting-machines-def-con. And now, this weekend, politicians have descended on this year’s Defcon, seeking “white hat” hackers’ help in up-securing machinery and processes. The following article describes how lawmakers are now interfacing with Defcon’s “Voting Village”: https://www.cnet.com/news/lawmakers-turn-to-hackers-at-def-con-to-get-election-security/.
How secure is your own local election machinery? According to Verified Voting (“VV”), a nonprofit organization that tracks voting machine use across the country, our own Dallas County, Texas contracts with ESS for its voting machines. The following link directs to VV’s web tool, which allows you to see precisely which ESS voting machine models Dallas County is using, and also to query which vendors are servicing other jurisdictions: https://www.verifiedvoting.org/verifier/.
If democracy-threatening weaknesses in American voting machinery are apparent to eleven-year olds, they have not escaped the attention of our nation’s adversaries, either.
Former special counsel Robert Mueller’s report confirmed that in the 2016 election Russians targeted at least one private vendor that provided election software, stating, “[i]n August 2016, GRU officers targeted employees of [REDACTED], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” See Mueller Report at 51 (a link to the full Mueller report appears in our Privacy Plus+ post, dated August 3, 2019, and linked as follows: https://www.hoschmorris.com/news-hm/privacy-plus-august-3-2019).
If we can’t rely on our election results, then we can’t rely on our democratic process. Therefore the first requirement of voting machines is that they produce an accurate count of voters’ decisions. Everything else – speed in reporting vote counts, ease of use, even cost – is a distant second. Governments at every level should realize that. Painstaking due diligence, careful contracting, and the best cybersecurity this country’s best minds can produce, are all required.
Otherwise, paper ballots may actually be the answer.
Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.