Florida may be ripe for the picking, computer scientists say, because numerous counties in the state still rely on voting machines that are drawing fire from experts for their vulnerability to a cyberattack.
(TNS) — Bad actors working for the likes of
These computer scientists along with election integrity groups familiar with the model that
They say that state election officials have accepted wholesale the spin from the manufacturer that these machines -- which voters at polling places feed ballots into after marking candidates of their choice -- are secure.
“It has been asserted that voting machines are not vulnerable to remote hacking because they are never connected to the Internet, but both the premise and the conclusion are false,” states a
The experts urged the state to eliminate the use of wireless modems.
“Our elections remain under attack by the opponents of a free and fair democracy, who wish to compromise our election infrastructure to sow chaos, distrust, or even manipulate the election outcome,” the letter states.
The response of Florida’s election officials? Crickets.
Criticism of the machines, manufactured by
After Russian hackers attacked America’s voting systems in 2016, numerous states such as
“They are vulnerable in so many different ways, and most importantly because of the way they are designed, you don’t need sophisticated nation- state-level antics at all,” said
“You can hack them even without ever coming to
Hursti was featured in the
Not all counties with the DS200 have wireless capability, but the
Hursti said Florida’s own test of the wireless DS200 in 2015 found that it can be bedeviled by just a bit of wrong code in its firewall script.
It is a misnomer, Hursti said, that the DS200 uses a modem, conjuring up the days when fax machines used dedicated landline phones, he said. But in fact, the machine is equipped with sophisticated software that pretty much operates as a cellphone, he said.
It’s also a myth that the machine is hack-proof because it still uses internet protocol when connecting to the wireless network, the computer scientist said.
“There is no secure network in that context. It’s using the same Verizon network a criminal would use,” Hursti said. “You can reroute that call to
“I think it would be wise for
ES&S did not return an email or a phone call for comment.
Advertising for the DS200, though, says it uses encryption and a digital fingerprint to protect voting results. In one of its promotions, ES&S advertises the voting machine with the slogan, “Because who wants to be stuck inside counting ballots?”
And the company's website says it trains all election offices on its equipment. "We go above and beyond what's required to keep our elections safe," ES&S states.
Generally, vote totals are stored on memory cards, called cartridges, inside the voting machines at polling places.
The DS200 uses a wireless connection to transmit these results via cell towers to a simple file-transfer server that is connected to the internet behind a firewall.
For security reasons, the SFTP server and firewall are supposed to be connected to the internet for only a couple of minutes before an election to test the transmission, and then for long enough after an election to send the vote totals.
But researchers found some of the systems stayed connected to the internet for months at a time, and year-round for others, making them vulnerable to hackers.
And guess where? Critical battleground states, including seven
The assault that Russians mounted in 2016 on America's voting system was unrelenting.
Supervisor of Elections
The state found inadequate signal strength for the machines in two tests of the ES&S system in 2018 for certification. There is no indication that any tests were performed on wireless security, according to a
Link said that poll workers are now trained on where to take the DS200 to get a solid signal. They may have to move the machine outside the polling station, such as an outside corner of a school, to transmit results.
“We have addressed all of it,” she said.
He said the concerns with wireless transfers are hypothetical and conspiratorial. He pushed back on the contention that the DS200 uses a cellphone connection like any other.
The results remain walled off from the wireless device in the DS200 until the time they are to be transmitted. Wilcox said that the machines use what is akin to a secret handshake to transmit data.
But Wilcox and Link said voters need to know there is a safety net in case election results are corrupted by outside actors: a paper trail.
Before any results are transmitted, poll workers print out the results. One copy goes to the Supervisor of Elections Office and the other is posted on the window or door of the polling station.
“That is my rock,” Wilcox said. “We’ve been doing this for 20 years and nobody has intercepted interim results, but if they were, I got the actual printed out results.”
“That is how we know if something was changed,” Link said.
The cartridge with the voting data from the machine -- the official results -- also are transported to the election office, as are the paper ballots submitted by voters.
Wilcox was adamant the public know that the electronic transfer of data for expediency sake does not represent the official results. Those are on the paper trail and the memory card.
But what about election central where the votes from hundreds of precincts are compiled?
The letter sent to the
“Now you can change the data, now you can change the information that’s within the voting system, or change the behavior of the voting system itself,” the official was quoted in the September letter as saying on a conference call with the
The official said the use of wireless devices “make the voting system a node on the internet” and that it “could provide an entryway for remote attackers.”
The results transmitted wirelessly by the DS200 are what voters get on the night of the vote -- but they are unofficial.
Link said her workers check the paper trail against the results shortly after
She said 100 percent of the results during the primary matched the paper trail.
The enthusiasm of election chiefs in
Just this August, the
Many states will use only voting machines that are EAC certified, but
Advocates said the EAC’s rebuke was a good first step but that the federal government needs to do more.
“The election industry is entirely broken,” said
“There is no oversight of it. There is no regulation. As a result, the vendors can make these sorts of false claims with impunity."
Free Speech for the People spearheaded the letter to the
“As Americans, we have not invested in election security,” she said. “Voting localities have to balance their budgets so that filling potholes and election security are fighting each other for spots on the budget and often the potholes win.”
Another myth about election security, Torres-Spelliscy said, is that the voting system is secure because it is so decentralized with counties in various states using different technologies. It would take a massive coordinated effort by
But the fact is, Torres-Spelliscy said, most tabulators use similar hardware and software. “You can impact a voting technology used across many jurisdictions,” she said. “It is possible to have a huge impact.”
She told the
“We are stopping them,” Link told commissioners.
(c)2020 The Palm Beach Post (West Palm Beach, Fla.). Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.