As Many States Grapple with Election Security, Massachusetts Remains Confident

Interference during the 2016 presidential elections left many states rushing to shore up systems, but commonwealth officials say they are in a “good position.”

by Eli Sherman, MetroWest Daily News / August 20, 2018
Shutterstock

(TNS) — With midterm elections fast approaching, security of voting systems and voter data has emerged as a major concern across the country.

"We've been working on this for some time and we've been aware of the (cyberattack) issues since the 2016 election," said Debra O'Malley, spokeswoman for Massachusetts Secretary of the Commonwealth William Galvin.

Public scrutiny surrounding election security intensified in July after a grand jury indicted 12 Russian hackers, accusing them of interfering in U.S. elections two years ago.

"The object of the conspiracy was to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election," according to the indictment.

The indictment largely focuses on the presidential campaign, but hackers also targeted state and local election boards, successfully stealing the personal information of at least 500,000 voters, according to the indictment. Stolen information included names, addresses, partial Social Security numbers, dates of birth and driver's license numbers.

Massachusetts is not named in the indictment, and O'Malley said the U.S. Department of Homeland Security had not contacted state election officials about it.

Nonetheless, top national intelligence officials have said all 50 states were likely targeted, which Russia is likely to do again in the 2018 midterm elections. On July 19, Microsoft reported hackers with ties to Russia had already targeted three separate congressional candidates.

In Massachusetts, state primaries are scheduled for Sept. 4. O'Malley said security measures are in better shape than many other states, oddly in part because of its somewhat antiquated system.

"We're in a good position, luckily, because our state voter database is on a closed network," O'Malley said.

A closed network means local and state election offices are hardwired together - and not connected to the Internet - making it incredibly difficult to access without physically tapping into the system. Additionally, Massachusetts benefits from still using paper ballots, a traditional voting method that helps ensure accuracy and safeguard against cyberattacks.

"It's turned out to be in our benefit," O'Malley added.

Marlborough City Clerk Lisa Thomas agreed.

"There is no cybersecurity issue because they are standalone machines and not connected to anything," said Thomas. "Cybersecurity is not an issue as of yet."

The city, however, is purchasing poll pads. The technology will prevent someone from casting a ballot during early voting in November and then again on Election Day. Thomas said the purchase is not in response to concerns about voter fraud, but instead to make the early voting process easier on her staff.

Thomas was unsure of the cost of the poll pads.

In Framingham, the city's latest capital budget includes $116,580 to fund the purchase of 20 new voting machines, including hardware and election reporting software. The project was originally recommended in the fiscal 2018 budget, but voted down by Town Meeting before being approved this year.

The city's existing AccuVote machines date to July 2006, and are no longer manufactured by the company.

Framingham plans to acquire 20 ImageCast Precinct voting machines sold by Dominion Voting Systems, one of the country's major election equipment vendors.

Kay Stimson, Dominion's vice president of government affairs, said the machines operate in a closed network, meaning they're never connected to each other, or to a public network, reducing the risk of a cyberattack.

Stimson said Dominion's machines comply with industry standards for security and accessibility, and use multiple checks and balances to ensure confidence in election results.

"As a company, we are prioritizing election security," she said, "and we're making sure that we try to actively, proactively, work with members of Congress so they understand how voting systems are designed and tested and certified and secured."

Other states, including Delaware, Georgia, Louisiana, New Jersey and South Carolina, have moved entirely to electronic voting machines, first touted as a way to reduce fraud, boost voter turnout and cut costs through increased efficiency. In the wake of the 2016 election, however, many are rethinking the technology, as the machines are more susceptible to hacks. And without a paper record, it's difficult to audit and confirm results.

"It is nearly impossible to determine if paperless voting machines have been hacked and if vote tallies have been altered," according to a July report by U.S. Committee on House Administration Democrats.

Massachusetts is mandated to audit 3 percent of precincts after presidential elections, which election watchdogs say is a good step toward improving election security. There's no requirement to audit midterm elections.

In Natick, Town Clerk Diana Packer said the town is "diligent" when it comes to cleaning up its voter list.

Steps include weekly or biweekly checks to removed deceased residents from the list, frequent checks to remove residents that moved overseas, confirmation cards mailed annually to residents who didn't respond to the U.S. Census to determine if they still live in Natick and checking to determine if a resident is registered to vote when they drop by Town Hall to fill out paperwork for an unrelated matter, such as securing a dog license.

Marie Y. Ryan, president of the Massachusetts Town Clerks Association, went so far as to say there are "no issues" related to cybersecurity in Massachusetts elections.

"As far as the cybersecurity, there are no issues in Massachusetts, unlike other states, because our systems (and) equipment are not connected to the Internet at all," Ryan wrote in an email.

Massachusetts state and local election officials, like Marlborough, have begun experimenting with more advanced technology systems, however, including "e-poll books," sometimes called "poll pads." The e-poll books, which look like tablets, are not used to count votes. But the databases kept on the machines maintain sensitive voter information, including names, addresses, political parties, dates of birth and sometimes voter identification numbers. While conceptually simple and designed to improve the overall voting experience, e-poll books are potentially vulnerable to cyberattacks.

"Some of those (e-poll books) are Internet- and Bluetooth-enabled, so they could be tampered with," said Pam Wilmot, executive director of Common Cause Massachusetts, a government watchdog. "They are not directly connected to the central voting registry ... but they do later get uploaded, so there is some vulnerability."

Some Massachusetts municipalities have already begun using the e-poll books to check in voters for Town Meetings, including in Sherborn, Canton and Tewksbury. But local officials are waiting for state guidance on whether to use them in the upcoming elections.

"The state Election Division is not yet (ready) to certify them for use at elections due (to) possible issues since they could connect to Wi-Fi," wrote Ryan, who is also the Great Barrington town clerk. "This is something that is being worked on presently. We have total confidence in the state Election Division to come up with a way to be able to use the (e-poll books) for elections."

With an eye to further bolster election security throughout the state, Massachusetts applied for and received a $7.9 million federal grant, which requires a 5 percent state match. The grant was part of a $380 million federal grant program made available to states to improve the administration of elections, enhance technology and make election security improvements.

There's no requirement, however, to spend the money before the midterm elections and state officials are not banking on it. The state would not share its proposal for the funds with Wicked Local, saying the plan still needs federal approval.

"Obviously, we're not depending on the funding to prepare," O'Malley said.

On July 19, the Republican-controlled U.S. House moved to eliminate future funding for states to strengthen election security, much to the chagrin of House Democrats, including Massachusetts Rep. Jim McGovern of Worcester.

"Does anybody really believe that these attacks are going to stop?" McGovern asked hypothetically on the House floor. "This is about protecting our democracy, and I don't understand why this is controversial."

Beyond the public sector, private, political and nonprofit organizations are also custodians of extensive databases of voter information, making them also susceptible to cyberattacks.

The grand jury indictment detailed intricate phishing email scams and malware attacks targeting staffers of the Democratic National Committee, the Democratic Congressional Campaign Committee and the Hillary Clinton presidential campaign.

The hackers stole thousands of documents from the Democratic Party, ultimately releasing troves of private information and emails. The leak, albeit two years ago, wreaked havoc in the party and its members are not quick to forget.

"In the wake of the attacks on our elections and the hacking of our colleagues in Washington by the Russian government, we've taken active steps to step up our security measures," said Emily Fitzmaurice, communications director for the Democratic Party. "The security of our work has been and continues to be a top priority."

©2018 MetroWest Daily News, Framingham, Mass. Distributed by Tribune Content Agency, LLC.