voting with paper ballots (Mikko Lemola/Shutterstock.com)

Stronger election security with less technology

With the wide variety of voting systems technology and uneven security requirements in local jurisdictions across the country, the best defense against election hacking may involve less technology, experts said.

MORE INFO

Virginia considers decertifying touchscreen voting machines

The state could accelerate the move to systems that provide a paper trail for election audits. Read more.

DefCon hackers made short work of voting machines. Now what?

Even machines not connected to the internet can be hacked, so election officials must ensure they’re using secure technology and locking down the entire voting process. Read more.

'Clunky,' low-tech voting system still vulnerable to hacks

A new report outlines a range of vulnerabilities, infiltration points and tactics that could be used to undermine credibility in an election or even manipulate the results. Read more.

"I don't have a lot of confidence" in the security of election equipment, said Alex Halderman, who is director of the University of Michigan's Center for Computer Security and Society and researches voting machine security.

"The machines have vulnerabilities that could allow someone to hack in and alter the software that's running on them," he said at a Sept. 8 Brookings Institution discussion. "You don't even need physical access to the machines."

Nor do the machines need to be connected to the internet to be prone to manipulation, Halderman added.

"With just momentary access to the memory card that's used to program the ballot for the election, we could insert vote-stealing software that would then reprogram the machine ... and select whoever we wanted as the winning candidate," he explained.

Halderman added that even if American machines were not manipulated by a foreign government in 2016, "I think it's a matter of time" before vote tampering occurs, if the vulnerabilities are left unaddressed.

Retired four-star Gen. John Allen said that "now, in many respects, the first line of defense of American democracy, and last line of defense of American democracy, is in the hands of our states and our counties."

Allen, a 40-year Marine veteran and co-director of Brookings' Center for 21st Century Security and Intelligence, added, "while the process of voting is certainly a local issue, it's really a national security issue."

"The problem is, there are very unlevel approaches from county to county and state to state across the country" whose capacities for cyber defense can be very limited, said Allen. "One of the reasons is because we don't impose federal standards on this process."

Halderman suggested that while installing layered defenses and purchasing more secure technology would help, he advocated for less reliance on technology in the electoral process.

"Essentially, what we need is a system that relies on physical fail-safes" and conducts paper-based post-election audits, he said.

A Brennan Center study estimated that replacing paperless machines nationwide would incur a one-time cost between $130 million and $400 million. Halderman added that, based on his own estimate, conducting post-election audits for every federal race would cost about $20 million annually.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

inside gcn

  • Catalyst supercomputer at Lawrence Livermore National Lab

    Energy Department launches new HPC initiative

Reader Comments

Thu, Sep 14, 2017 DrK

At last, a realization that technology is the the end all solution to all systems. Employment of technology usage in new or critical areas should only come after much security, privacy, and safety vetting has undertaken.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group