“The bottom line is, be nervous,” said Matt Bishop, a UC Davis computer science professor who specializes in computer security.
California has been pushing hard to make its voting systems more secure and more efficient since Florida’s famous “hanging chad” election of 2000. That was the presidential election in which the final result was delayed for more than a month while partisans for Republican George W. Bush and Democrat Al Gore battled in courts and county election offices over how — or even if — thousands of contested ballots in Florida should be counted.
That was the biggest election controversy of modern times — until Russia’s interference with the 2016 campaign that was designed to help Donald Trump win the presidential election.
In September 2017, the Department of Homeland Security warned election officials in California and 20 other states that Russian hackers had tried to break into their voting systems during the campaign.
Earlier this month, Robert Mueller, the special counsel leading a probe into the Russian interference, indicted 12 Russian intelligence officers and said they had hacked into one state’s registration database. The defendants “stole information related to approximately 500,000 voters, including names, addresses, partial Social Security numbers, dates of birth and driver’s license numbers,” according to the indictment.
“There is no evidence of a breach of California’s election systems in 2016,” Secretary of State Alex Padilla said in an email Monday. “Mueller’s indictment, however, is a stark reminder that cyber threats to our elections are very real — and they won’t be going away.”
There’s no evidence that Russian tampering altered any votes in 2016. Doing so would be difficult because of security measures that are standard in California and most of the nation.
San Francisco’s system is typical, said John Arntz, the city’s elections chief. There’s an “air gap” in the electronic voting machines and the equipment that tallies the votes, he said.
Those machines “are never connected to the Internet,” Arntz said. “The way the system is set up, if someone physically hacked into one voting machine, they couldn’t affect the other machines, because they’re not connected. And even then, they’d have to just about destroy the machine to hack in.”
California has another safeguard, which Arntz called “the ultimate fail-safe”: Since 2006, all touch-screen voting systems in the state have had to provide a paper receipt that confirms the electronic totals.
About a dozen states allow electronic voting without requiring a paper trail audit.
That requirement “has been one of the most talked about election cyber-security reforms at the national level,” Padilla said. “But California has required a voter-verified paper audit trail for every vote for over a decade.”
While the prospect of outside groups changing individual ballots or flipping final vote totals are the flashiest election security issues, that’s far from the only damage hackers can cause, said Bishop, the UC Davis computer science professor. He has been involved in officially sanctioned efforts to break into voting systems in California and other states.
For example, the one successful Russian hacking effort cited in Mueller’s indictment is believed to have involved voter registration data in Illinois, officials in that state said. California and many other states allow residents to register to vote electronically, and those databases must be connected to the Internet, where hackers lurk.
“The leak of the voter registration data is bad,” Bishop said. “But what’s really bad is if you can get in there and change things.”
Social Security and driver’s license numbers are a potential treasure trove for identity thieves. But hackers looking to disrupt an election could change addresses, misspell names, flip party registrations or take dozens of other actions that could slow voting to a crawl.
“Who knows what they could do?” Bishop said. “Hackers could even scrub out the names of voters entirely, effectively disenfranchising them.”
Concern about hacking is one of the most important reasons for the slow progress of efforts to move toward a system in which voters could cast their ballots over their smart phones, laptops or tablets via the Internet. Computer security experts like Bishop and David Dill of Stanford University argue that the potential problems far outweigh any benefits.
“Computers are very complicated things and there’s no way with any reasonable amount of resources that you can guarantee that the software and hardware are bug-free and that they haven’t been maliciously attacked,” Dill, who also is a director of the nonprofit election security group VerifiedVoting.org, said in a 2016 article. “From that perspective, looking at a system that relies on the perfectibility of computers is a really bad idea.”
State election systems aren’t the only concern. With only a handful of companies providing the bulk of the country’s voting machines and software, hacker attacks on those vendors could endanger systems used across the country, Bishop said.
Last week, for example, Election Systems and Software, one of the nation’s largest manufacturers of voting machines, revealed that for a time in the 2000s, it sold election management systems equipped with remote access software that allowed its technicians to connect to the machines via the Internet.
But if the technicians can get in electronically, so can hackers.
“Installing remote-access software and modems on election equipment is the WORST decision for security short of leaving ballot boxes on a Moscow street corner,” Sen. Roy Wyden, D-Ore., said in a July 17 tweet.
Since 2016, California has been working to strengthen its voting information system in advance of this year’s elections, Padilla said.
“We conducted an agency-wide security audit, replaced obsolete devices, enhanced security of our servers and upgraded firewalls and applied security patches,” he said. “We have also strengthened agency procedures related to security, including increased 24/7 monitoring and alert capabilities and implementing additional security tools to detect and prevent malware and viruses.”
The state also must certify any voting system before it can be sold in California, which means intensive testing and even “red team” security testing, with experts trying to hack in, Padilla said. San Francisco is among the counties looking to replace outdated machines.
The most important security measure, however, could be California’s growing shift from electronic voting to vote-by-mail, where every vote is cast on an old-school paper ballot.
In the June primary, more than two-thirds of the votes were cast on mail ballots. That number will only grow as more counties sign on to a state program that calls for providing every voter with a mail ballot, which eliminates any concerns about the security of the electronic voting machines used at polling places.
But even if every possible measure is taken to protect the state’s elections, there are no guarantees, Bishop admitted. If there’s corruption or incompetence, all bets are off.
“There is no such thing as absolute security,” he said.
©2018 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.
