The Secure Elections Act

Scrap electronic voting systems and get back to paper ballots

A bipartisan group of six Senators just introduced legislation called the Secure Elections Act that seeks to eliminate paperless voting machines from American elections. Led by Sen. James Lankford of Oklahoma, the senators have focused on two major changes that have broad support from voting security experts.
The first objective is to get rid of paperless electronic voting machines. Computer scientists have warned for two decades that these machines are vulnerable to hacking and can’t be meaningfully audited. States have begun moving away from paperless systems, but budget constraints force some to continue relying on insecure paperless equipment. The Secure Elections Act would help fund a return to more secure systems that use voter-verified paper ballots.
The law’s second goal is to encourage states to perform routine post-election audits based on modern statistical techniques. Many states today only recount in the event of very close elections, and often count too many ballots (wasting taxpayer money) or too few (failing to verify the outcome). The Lankford bill would encourage states to adopt statistically sophisticated procedures to count only as many ballots as needed to verify if a result was correct.
Paperless electronic voting problems were obvious in numerous states in 2016. Early on Election Day, “glitches” were reported in the iPad tablets used in Hamilton County, Ohio, the home of Cincinnati. So extensive was the meltdown that a state judge ordered the polls to stay open while voters were told to come back and try again if they had problems the first time.
Touchscreen voting machines used in elections across the nation after 2002 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a federal report.
The AVS WinVote machines used in three presidential elections in Virginia “would get an F-minus” in security, according to Jeremy Epstein, a computer scientist at the nonprofit tech research group SRI International. He has been trying to get them decertified ever since. The Virginia Information Technology Agency and outside contractor Pro V&V found numerous flaws in the system, which has also been used in Mississippi and Pennsylvania.
A commission that stripped those machines of certification also found that the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to “create and execute malicious code” on the WINVote and that “the level of sophistication to execute such an attack is low”.
“Bottom line is that if no elections were ever would only be because no one with even a modicum of skill ever tried,” Epstein has said. 
Two years ago a watchdog group went after the system in Washington D.C. as a symbolic way to demonstrate what any decent hacker can do. They collected data stored on a server, database usernames and passwords, plus the key used to encrypt ballots.
They modified all ballots that had already been cast to show write-in votes for candidates they selected, then rigged a “back door” to replace future votes in the same way. To show they had control of the server, they left a calling card on the system’s confirmation screen. The hack remained active for two business days before testers pointed out the attack.
Based on that experience the D.C. Board of Elections has said they won’t proceed with an electronic ballot return system at this time. Voters will still be able to download and print ballots to return by mail, which seems a lot less risky. You know, like we do here in Oregon...


Popular posts from this blog

Lose the labels

Short Bits 01