A report from the Senate Intelligence Committee concluded that Russia was preparing to undermine confidence in the United States’ voting process when its hackers surveilled around 20 state election systems in the run-up to the 2016 elections. The report drew attention the lack of oversight of the cybersecurity practices of election technology vendors. As CyberScoop observes “[g]overnment agencies are not allowed to enter and defend private computer networks unless they’re given direct consent, which in turn limits the defensive support options immediately available to the election technology industry.”
NPR posted an extensive investigation into the continuing vulnerability of America’s elections infrastructure. At a meeting of election directors and secretaries of state at Harvard this Spring, cybersecurity expert Bruce Schneier laid out the problem, “[c]omputers are basically insecure. Voting systems are not magical in any way. They are computers. … This is the problem we always have in computer security — basically nobody has ever built a secure computer. … I want to build a robust system that is secure despite the fact that computers have vulnerabilities, rather than pretend that they don’t because no one has found them yet. And people will find them — whether it’s nation-states or teenagers on a weekend.”
The Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking.
In an oped in the Charleston Gazette-Mail, Audrey Malagon argues that West Virginia’s plans to allow internet voting for military voters puts their votes at risk. “Blockchain technology addresses only part of the security process currently used by those administering U.S. elections. It’s like installing a high-tech lock and alarm system in your home, and then leaving a front door key and the alarm pass code under the doormat. The alarm system may work perfectly, but until the keys and pass codes are also secure, your home won’t be secure, either.”
According to documents obtained by the Anchorage Daily News through a public records request, a hacker gained unauthorized access in 2016 to the server that hosts Alaska’s public elections website. The incident drew the attention of federal law enforcement but had not been publicly revealed by Alaska election officials.
The Washington Post lauded Colorado’s effort to secure their voting system through risk limiting audits. “In Colorado, even if something happens, I don’t have to worry about it because there’s a process in place,” said Marian Schneider, president of the nonprofit organization Verified Voting. “It’s almost like a disaster recovery plan for elections — that if a disaster were to befall the vote count, we could recover from it.”
Following a similar (successful) legal effort in New York, an expedited lawsuit argues that Ohio counties violate federal law when they destroy ballot images shortly after election.“You may have the original ballot, but that’s not what the machine counted: it counted the picture,” John Brakey, director of AUDIT-USA, a nonpartisan advocacy group involved in the Ohio case, told WhoWhatWhy. “How can you destroy the evidence that you used to count the votes?”
Cyber-security experts hired by Knox County Tennessee to analyze the denial of service cyberattack on election night, found evidence of a “malicious intrusion” into the county’s elections website from a computer in Ukraine during a concerted cyberattack, which likely caused the site to crash just as it was reporting vote totals in this month’s primary. They noted “a suspiciously large number of foreign countries” accessed the site as votes were being reported on May 1.
Amid fears of overseas organizations taking advantage of loopholes in campaign funding laws to target voters before polling day, Google has banned all as relating to the Irish abortion referendum from its platform. The decision will mean an end to advertisements relating to the referendum appearing alongside Google results and on YouTube in the last two weeks of the campaign.
Pakistan’s Supreme Court ruled that it is impossible to incorporate an electronic voting system for the upcoming general elections in the country. The justices stressed that an experimental phase to test the system was necessary, to which the counsel for PTI suggested that the top court seek a written report from the concerned authorities.