The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Verified Voting Testimony for the New Jersey State Assembly Judiciary Committee

Verified Voting is a national non-partisan, not for profit research and advocacy organization founded by computer scientists and committed to safeguarding democracy in the digital age. We promote technology and policies that ensure auditable, accessible and resilient voting for all eligible citizens. We urge you to adopt the proposed amendments and vote “YES” on A-4619.

New Jersey is one of only a handful of states whose voters are still casting votes on entirely electronic voting systems, direct recording electronic (DREs). Because these systems record votes directly onto computer memory without any independent paper record of the vote, they are especially vulnerable to undetectable and uncorrectable errors in the vote count.

Numerous studies and security evaluations of DRE systems over the years have found that the DREs in use in New Jersey have insecurities making them vulnerable to undetectable manipulation and tampering.1 Because DRE systems prevent anyone from verifying that the electronic tally accurately reflects voter intent, many States have discontinued the use of electronic DRE voting systems in favor of paper ballots. In 2006 only 25% of voters nationwide cast their ballots on paper but in 2017 more than 70% of U.S. voters marked a paper ballot.2

Verified Voting Names Voting Rights Lawyer and Pennsylvania Election Official Marian K. Schneider New President

Nearly a year after intelligence agencies confirmed foreign interference in our elections – and with midterm primaries just around the corner – the U.S. is looking to safeguard its elections infrastructure. To that end, Verified Voting, the leading national organization focused solely on making our voting technology secure, has named voting rights lawyer and former Pennsylvania election official Marian K.  Schneider as its new president. Schneider, who most recently served as the special advisor to Pennsylvania Governor Tom Wolf on election policy, will focus on restoring faith in the democratic process of voting by securing our elections.

A lawyer with expertise in voting rights and election law, Schneider has extensive experience with state government administration as well as in the nonprofit social justice sector.

“Marian brings an uncommon mix of passion and experience as an on-the-ground election official and as an advocate to Verified Voting, and we couldn’t be more pleased to have her join,” said Barbara Simons who served as Interim President and will now return to her role as Board Chair. “We are confident that under Marian’s leadership, Verified Voting can achieve its goals to secure future elections.”

Yes, Voting Machines Can Be Hacked – Now the Hard Work Begins

A new report on cyber vulnerabilities of our elections systems raises awareness of a critical issue, but in order to secure our elections, we need fundamental changes made at the state and local level. Verified Voting collaborated on the DEFCON Hacker Village to raise awareness of a chilling reality: our enemies have the will, intention and ability to tamper with our election infrastructure, potentially delegitimizing our elections and destabilizing our government. Verified Voting has known of this frightening possibility for years—we were founded in 2004, in the wake of election irregularities, to secure our democracy by ensuring that Americans’ votes would be counted the way they intended to cast them.

We know from deep experience: protecting our election infrastructure is a national security issue, and if we don’t act now, as former FBI Director James Comey has stated, ‘They’ll be back.’ That’s why Verified Voting has worked continuously with state election officials to safeguard their systems. Just last month, Verified Voting worked closely with Virginia’s Board of Elections in their move to decertify and remove its insecure, untrustworthy paperless voting machines and replace them with voter-marked paper ballots.

Verified Voting Is Seeking a New President

Download this announcement in PDF format.

Verified Voting Foundation (a 501(c)(3) organization) and VerifiedVoting.org (a 501(c)(4) organization) are nonprofit, nonpartisan organizations founded over a decade ago by election security experts. We strive to guarantee the accuracy, transparency, and verifiability of elections, so that citizens rightly can trust election outcomes. We are the only national organization with the exclusive mission of protecting the security of elections in the digital age.

This is an exciting time to be Verified Voting President. Citizens and policy makers are finally becoming aware of major security vulnerabilities of our election systems. The President of Verified Voting, who is the Chief Executive Officer of both organizations, will have a platform that can have significant national impact.

Verified Voting is a leading election security organization in the U.S., earning widespread respect among activists, academics, election officials, and other officials at all levels of government. We specialize in election technology and procedures, and we are the most trusted source of impartial information and expertise on these topics. Our Board and Advisory Board are comprised of a who’s who of election security and cybersecurity experts, as well as election officials and attorneys.

Verified Voting Letter to the US Senate Select Committee on Intelligence

Verified Voting vigorously applauds the Senate Select Committee on Intelligence for its leadership and commitment to securing our elections. With clear evidence that foreign attackers sought to attack our 2016 elections through various means, our intelligence agencies warn that hostile attackers will be back to attack future elections. Congress and the most vulnerable states should act with urgency to fund and implement protective reforms that will make our election systems resilient against cyber attack: funding the adoption of paper ballots and accessible ballot marking systems, and implementing robust, manual post-election audits of the votes.

The June 21 hearing is an important first step toward those reforms, providing valuable information through witness testimony and questions of the Senators. We wish to expand on several key points that were raised in the hearing to ensure a clear understanding of the challenges we face in securing our elections.

It is crucial to understand that further reforms are urgently needed to bolster the mitigations currently in place so that it is possible to detect and correct a cyber attack on the vote count.

Some testimony asserted that pre-election testing and post-election audits currently in place would catch errors in vote tallies caused by a malicious attacker or software failure. Unfortunately, pre-election testing, though helpful for ensuring the completeness of ballot programming, can be defeated by malicious software designed to detect when the system is in test mode. This is what happened with Volkswagen diesels cars: the software caused the cars’ emissions systems to behave correctly during testing, but then allowed them to pollute under non-testing conditions.

Alex Halderman: Expert Testimony before the US Senate Select Committee on Intelligence

Chairman Burr, Vice Chairman Warner, and members of the Committee, thank you for inviting me to speak today about the security of U.S. elections. I’m here to tell you not just what I think, but about concerns shared by hundreds of experts from across cybersecurity research and industry. Such expertise is relevant because elections—the bedrock of our democracy—are now on the front lines of cybersecurity, and they face increasingly serious threats. Our interest in this matter is decidedly non-partisan; our focus is on the integrity of the democratic process, and the ability of the voting system to record, tabulate, and report the results of elections accurately.

My research in computer science and cybersecurity tackles a broad range of security challenges. I study attacks and defenses for the Internet protocols we all rely 1 on every day to keep our personal and financial information safe. I also study the capabilities and limitations of the world’s most powerful attackers, including sophisticated criminal gangs and hostile nation states. A large part of my work over the last ten years has been studying the computer technology that our election system relies on.2 In this work, I often lead the “red team,” playing the role of a potential attacker to find where systems and practices are vulnerable and learn how to make them stronger.

I know firsthand how easy it can be to manipulate computerized voting machines. As part of security testing, I've performed attacks on widely used voting machines, and I've had students successfully attack machines under my supervision.

Technology Experts’ Second Letter to Georgia Secretary of State Brian Kemp

This letter was sent to Georgia Secretary of State Brian Kemp on May 24, 2017. Download PDF

On March 14th we sent a letter to you expressing grave concerns regarding the security of Georgia’s voting systems and requesting transparency from your office concerning key questions about the reported breach at Kennesaw State University Center for Election Systems (KSU).

The FBI has reportedly closed its investigation into the breach at KSU and will not be pressing federal charges1 but regrettably little more is known. We remain profoundly concerned about the security of Georgia’s votes and the continued reliance on Diebold paperless touchscreen voting machines for upcoming elections.2

The FBI’s decision not to press charges should not be mistaken for a confirmation that the voting systems are secure. The FBI’s responsibility is to investigate and determine if evidence exists indicating that federal laws were broken. Just because the FBI concluded this hacker did not cross that line does not mean that any number of other, more sophisticated attackers could not or did not exploit the same vulnerability to plant malicious software that could be activated on command. Moreover, the FBI’s statement should not be misinterpreted to conclude that KSU or the Georgia voting system do not have other security vulnerabilities that could be exploited by malicious actors to manipulate votes.

Any breach at KSU’s Election Center must be treated as a national security issue with all seriousness and intensity. We urge you to engage the Department of Homeland Security and the US Computer Emergency Readiness Team (CERT) to conduct a full forensic investigation. We cannot ignore the very real possibility that foreign actors may be targeting our election infrastructure.

Amid Cybersecurity Concerns, France Abandons Plans for Internet Voting in Upcoming Elections

Earlier this month, the French government announced that it was cancelling plans to allow citizens abroad to vote over the Internet in legislative elections this June. Calling allegations of Russian hacking in western countries worrisome, the National Cybersecurity Agency of France (ANSSI) described the current risk of cyberattack as “extremely high,” and advised “that it would be better to take no risk that might jeopardize the legislative vote for French citizens residing abroad.”

In February Emmanuel Macron's En Marche (Onwards!) party alleged that their campaign was the target of 'fake news' put out by Russian news agencies and they had been victims of cyberattacks. Following these allegations, outgoing president Bernard Hollande called a meeting of the French Defense Council and asked for a report on “specific monitoring and protection measures, including in the cyber domain, to be taken during the election campaign.”

In February Emmanuel Macron's En Marche (Onwards!) party alleged that their campaign was the target of 'fake news' put out by Russian news agencies and they had been victims of cyberattacks. Following these allegations, outgoing president Bernard Hollande called a meeting of the French Defense Council and asked for a report on “specific monitoring and protection measures, including in the cyber domain, to be taken during the election campaign.”

Technology Experts’ Letter to Georgia Secretary of State Brian Kemp

On March 3rd it was reported that the Federal Bureau of Investigations is conducting a criminal investigation into an alleged cyber attack of the Kennesaw State University Center for Election Systems. According to the KSU Center for Election Systems’ website, “the Secretary of State authorized KSU to create a Center for Election Systems, dedicated to assisting with the deployment of the Direct Record Electronic (DRE) voting technology and providing ongoing support.”[1] The Center is responsible for ensuring the integrity of the voting systems and developing and implementing security procedures for the election management software installed in all county election offices and voting systems.

The Center has access to most if not all voting systems and software used in Georgia. It also is responsible for programming these systems and accessing and validating the software on these systems. It is our understanding that the Center also programs and populates with voter records the electronic poll books used in polling places statewide. A security breach at the Center could have dire security consequences for the integrity of the technology and all elections carried out in Georgia.

In order for citizens to have faith and confidence in their elections, transparency is crucial, including about events such as the KSU breach, and its extent and severity. While we understand that this investigation is ongoing and that it will take time for the full picture to emerge, we request that you be as forthcoming and transparent as possible regarding critical information about the breach and the investigation, as such leadership not only will be respected in Georgia but also emulated in other states where such a breach could occur.

Our Voting System Is Hackable by Foreign Powers | David Dill

The FBI, NSA and CIA all agree that the Russian government tried to influence the 2016 presidential election by hacking candidates and political parties and leaking the documents they gathered. That’s disturbing. But they could have done even worse. It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief.

A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.

Halderman isn’t going to steal an election, but a foreign nation might be tempted to do so. It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices.