Computer security experts have warned for years that some voting machines are vulnerable to attack. And this week, in Virginia, the state Board of Elections decided to impose an immediate ban on touchscreen voting machines used in 20 percent of the state’s precincts, because of newly discovered security concerns. The problems emerged on Election Day last November in Spotsylvania County. The AVS WINVote touchscreen machines used in precinct 302 began to shut down. “One machine would go and crash. They’d bring it back up. Another one would crash,” said Edgardo Cortes, the state’s elections commissioner. “Starting in the early afternoon, they brought in a piece of replacement equipment that experienced the same issues when they set it up in the precinct.” Cortes added that elections workers had a theory about what had caused the problem. “There was some interference,” he said, “potentially from a wireless signal from an election officer [who] was streaming music on their phone.”
When state auditors investigated, though, they didn’t find that particular problem. Instead, they found something more disturbing. While using their smartphones, they were able to connect to the voting machines’ wireless network, which is used to tally votes.
Other state investigators easily guessed the system’s passwords — in one case, it was “abcde” — and were then able to change the vote counts remotely without detection.
Jeremy Epstein is co-founder of Virginia Verified Voting and one of many computer experts who had warned about the security flaws. He’s not at all surprised by the state’s findings. He said there’s no evidence that anyone has ever tampered with Virginia’s voting machines, but if they had, there’s no way to tell.
Epstein said the vulnerabilities could be used to create a lot of mischief, “to change the list of races, change the list of candidates, change the votes that have been recorded, change the totals recorded, things like that.”