The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies’ systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing. “Amazon will not go out of business because one percent of its transactions are fraudulent,” said David Jefferson, a visiting computer scientist at Lawrence Livermore National Laboratory and chairman of the Verified Voting Foundation, a non-governmental organization working toward accuracy, integrity, and verifiability of elections. “That’s not the case for elections.” Jefferson’s words came during his talk at the latest edition of DEFCON, the annual infosec event. Election hacks naturally became something of an overarching theme within the Caesar’s Palace convention center this summer. In fact, there was an entire room dedicated solely to testing the reliability of US electronic voting systems. Called “Voting Village,” the space was filled with more than 25 pieces of electoral hardware—voting machines and other electronic election-management equipment—in various stages of deconstruction. Any curious conference attendee, no matter where they fell within the conference’s wide technical skill spectrum, could contribute to the onslaught of software and hardware hacks targeting the machines in this de facto lab.
… “They’re voting computers,” said Matt Blaze, associate professor of computer and information science at the University of Pennsylvania and a researcher focused on computer security and cryptography. “So understanding what they do is as easy or as hard as understanding what a computer does.” Whether or not we believe that the companies making electoral systems are capable of building reliable computer systems “is actually kind of central to whether we regard the government we have as being legitimately elected,” Blaze concluded.
“The question that the electronic voting community has asked is ‘Are [electronic voting] machines better against this traditional threat than the paper systems we knew before?'” Blaze said during his DEFCON presentation. “The answer to that question is and has been mostly ‘no.'”
In previous examinations of electronic tabulation systems, known in the industry as Direct Recorder Electronic (DRE) voting machines, Blaze said researchers largely found “horrific” vulnerabilities. “We were literally limited only by our typing speed in writing them down,” he said. “You open the box, and they hit you in the face.” Some of those vulnerabilities were documented by Blaze and other researchers as part of the 2007 California Top-To-Bottom Review and Ohio EVEREST Review.