E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked—in some cases with less than two hours’ work. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place. … “These people who hacked the e-poll book system, when they came in the door they didn’t even know such a machine exists. They had no prior knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.
The Danish hacker, Hursti added, also had no prior knowledge about the e-voting system he hacked. Both hacks, Hursti says, undermine critics who have claimed that computerized election system hacks are too elaborate and unrealistic to be used in real world settings.
“I hacked the same e-poll book system in 2007,” Hursti says. But it took him two weeks instead of the few hours it took hackers last weekend.
One big difference between now and then is a key rule issued in October 2015, by the U.S. Copyright Office. That rule established that hacks to e-voting and electronic vote counting and tabulating systems are allowable under the Digital Millennium Copyright Act—so long as those hacks are used for research purposes.