According to a recently released report from the DEF CON 27 Voting Machine Hacking Village, there are a number of vulnerabilities in voting machines currently in use throughout the United States. The report’s findings came from an exhibition at DEF CON, where security professionals were invited to break into machines provided by the operators of the exhibit. DEF CON, one of the largest annual hacker conventions in the United States, has organized the event during the three year period in which the Library of Congress has designated that voting machines can legally be hacked for research purposes, as they are otherwise protected by the Digital Millennium Copyright Act. According to event organizers, each of the over 100 machines in the Voting Village were compromised in some way.
The event takes place at a time of heightened concern around election security following the 2016 election. One of the recurring lessons from the annual DEF CON reports has been the lack of progress in fixing problems that have existed for years. The Senate Intelligence Committee released a report in July finding that Russia had targeted election systems in all fifty states, and that this threat will only grow as other nations develop those capabilities. Although there is no proof that votes in 2016 were actually tampered with, attacks are likely to continue and increase in the 2020 election. Whether or not votes are actually changed, vulnerabilities in voting machines compromise the entire election system.
Hackers at the Voting Village demonstrated to legislators a wide range of vulnerabilities in the election equipment brought to DEF CON. Administrator passwords to many of the voting machines either had not been set, had been set by default to the name of the manufacturer, or could be found via basic web search. The physical apparatus of certain machines was not sealed, allowing the machine to be easily opened and exposing USB ports. Pollbooks running on a standard tablet operating system still contained pre-installed apps like Hulu and Netflix along with other bloatware. Because the devices connect to WiFi networks, security flaws in these unrelated programs mean the machines have more points of potential attacks. These vulnerabilities were discovered by technologists and security professionals, many of whom had never worked on these specific election machines before. Although election officials questioned the usefulness of an exercise that does not replicate the limited access of a polling station, the report suggests that the variety of security problems created enough opportunities for attacks to be deeply concerning.
The Voting Village report recommends that states adopt paper ballots and risk-limiting audits as quickly as possible. The former allows for a paper trail—unlike electronic machines that only record the vote directly into internal memory (giving them the name Direct-Recording Electronic voting machines, or DREs). When paper ballots are used, there is a receipt of the voter’s choice. Post-election audits can compare samples of the paper ballots to the recorded vote totals. Risk Limiting Audits, or RLAs, can more reliably find discrepancies in election machines through statistically rigorous sampling methods after the election. Election security experts generally recommend moving away from DREs that do not produce a paper trail, which became more ubiquitous because of the accessibility requirements of the Help America Vote Act. DREs are generally more accessible to voters because they are touchscreen devices that allow for more user interface adjustments. However, they also run on software that can be compromised. If a DRE was compromised, it would be possible to change the voter input or ballot output without leaving any evidence.
These ideas from the Voting Village are not new. The report’s authors note that these recommendations align with other recommended best practices from a 2018 National Academies report in the wake of the 2016 election. That report recommended only using voting processes that could be rigorously and securely audited—paper ballots counted by hand or optical scanner—and the immediate removal of machines that would interfere with independent auditing (e.g., DREs without a paper audit function). The report further suggests that one machine should not both mark and count a ballot to allow for regular auditing. According to the National Academies, RLAs should be mandatory for all contests. Without these improvements, citizens may lose confidence in a democratic election because there may be no way to guarantee a legitimate process.
Despite positive feedback from legislators, the Voting Village report and similar efforts by election security experts have not moved legislators enough to get vulnerable machines replaced before the 2020 election. State and federal officials will instead have to decide whether to prioritize election security as 2022 and 2024 approach.