Electronic Vulnerability

How easy would it be to rig the next election? Very Easy

Article at Think Progress: How easy would it be to rig the next election? 

In the popular imagination, this is what election hacking looks like?—?dramatic, national-scale interference that manually rewrites tallies and hands the victory to the outlier. Certainly these attacks may occur. However, they’re only one of a variety of electoral hacks possible against the United States, at a time when hacking attacks are becoming more accessible to threat-actors and nation-state-sponsored attackers are growing more brazen. Yes, hackers may attempt to change the vote totals for American elections?—?but they can also de-register voters, delete critical data, trip up voting systems to cause long lines at polling stations, and otherwise cultivate deep distrust in the legitimacy of election results. If hackers wish to rig a national election, they can do it by changing only small numbers on a state level.

Public Voting Machine Hackathon: Challenge or Sham

The worlds largest democracy has offered the public a chance to hack its unverifiable voting machines.  The details are skimpy, history does not provide confidence, and while it may be a step in the right direction it is ultimately insufficient.  See the article by George Washington University Professor Poorvi Vora: Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces

Surprising statements by Denise Merrill and Neil Jenkins

Denise Merrill, Secretary of the State and President of the National Association of Secretaries of State and Neil Jenkins from Homeland Security spoke on NPR on election integrity.  <listen>

We disagree with both their similar statements:

.”Because our system is highly decentralized there’s no way to disrupt the voting process in any large-scale meaningful way through cyber attacks because there’s no national system to attack,” [Merrill] said Tuesday at a hearing before the U.S. Election Assistance Commission on the impact of the critical infrastructure designation.

Jenkins was quoted as saying “having thousands of elections offices each with their own systems making hacking elections nearly impossible”

Controlling Voting Algorithms is Critical

A short op-ed in the Courant from Bloomberg View, by Cathy O’Neil describes the risks of artificial intelligence algorithms used  by the likes of Facebook and Google: Controlling A Pervasive Use Of Algorithms Critical 

We should have concerns with algorithms beyond Artificial Intelligence. The same concerns apply to any algorithm (computer code/manual process), such as voting machines.  We have no access to the code in our AccuVoteOS optical scanners. Yet we know from studies such as the California Top-To-Bottom-Review,  Hacking Democracy’s Hursti Hack, and studies by UConn that the system is vulnerable to attack.  We do not know and cannot know for sure if the software running on a particular AccuVoteOS and its memory card is correct and accurate.

Georgia on my mind. Paper not on Georgia’s radar.

Georgia and Cobb election officials are rejecting calls from advocacy groups for voters to use paper ballots while the FBI investigates a data breach at Kennesaw State University.

Voters will continue to use electronic voting machines during upcoming elections, said Candice Broce, spokesperson for Georgia Secretary of State Brian Kemp. The use of paper ballots is reserved as a backup system in case there is a problem with the voting machines, she said…

Earlier this month, KSU announced a federal investigation at the Center for Elections Systems located on the Kennesaw campus to determine if there was a data breach that might have affected the center’s records, according to Tammy DeMel, spokesperson for the university.

When will they ever learn?  We firmly believe that the days of paperless elections are coming to an end. It may take a few more years, yet we believe it is unlikely that any jurisdiction in the U.S. well make a major purchases of paperless voting equipment in the future. The useful life of most paperless equipment will end within the next decade or so.

Testimony on Early Voting and Registrar’s Bills

Yesterday, we submitted testimony on a number of early voting bills and a bill likely submitted by the Registrars of Voters Association.

The primary reason to avoid expanded mail-in or no-excuse absentee voting is the opportunity for and documented record of absentee voting fraud. There are other reasons:

  • Contrary to a touted benefit – early voting DECREASES turnout…

And a bill likely submitted by the Registrars of Voters Association.

As an election official, I am sympathetic to the wish of Registrars to make their jobs simpler.  Yet, my sympathy ends when it results in barriers to participation in democracy for candidates and citizens.

We respond to Secretary Merrill’s testimony opposing audit transparency bill

Last Monday we testified for S.B. 540, a bill that would increase audit transparency and public verifiability.

Later we noticed that Secretary of the State, Denise Merrill, submitted testimony opposing one provision of the bill and therefor recommending against the entire bill. Her testimony misinterpreted our bill, recommending against it based on something we did not ask for and was not part of the bill.

In response we wrote a follow-up letter to the GAE Committee.

Election News Roundup

Several instructive articles and events this week.

  • Last week, Secretary of the State and President of NASS (National Association of Secretaries of  State) held a press conference discussing Donald Trump’s allegations of 3 Million “Illegals” Voting.  Secretary Merrill Challenges President’s Reported Claims of Illegal Voting
  • Meanwhile, at least, Connecticut is no Kansas: The Kansas Model for Voter-Fraud Bluffing
  • Here an article I generally agree with from Forbes: What The Election Can Teach Us About Cybersecurity
  • Speaking of attacks on voter databases here is a story from this fall: Hackers hit Henry County voter database

Video: The Story of the Attempted Presidential Election Audit

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election

Also, I’m not sure that we at the University of Michigan could hack into all the paper ballots across multiple states sufficient to change the Presidential election. But I’m pretty sure my undergraduate security course could have changed the outcome of the Presidential election this year. It really is that bad, – Alex Halderman

Connecticut pre-election voting machine testing now less reliable

Over the the last few weeks, we have learned that in the November Election, registrars have substituted a less effective form of pre-election testing that is less likely to catch errors in ballots or election equipment. There are at least two problems

Page 1 of 2212345...1020...Last »