“Anyone who says they’re un-hackable is either a fool or a liar.” Jake Braun, CEO of Cambridge Global Advisors and one of the main organizers of the DEFCON Voting Village, said the U.S. election industry has an attitude similar to what had been seen with the air and space industry and financial sectors. Companies in those sectors, Braun said, would often say they were un-hackable their machines didn’t touch the internet and their databases were air-gapped — until they were attacked by nation-states with unlimited resources and organized cybercrime syndicates and they realized they were “sitting ducks.” … Candice Hoke, law professor and co-director of the Center for Cybersecurity and Privacy Protection, said in a DEFCON talk the laws surrounding investigations of potential election hacking were troublesome. “In some states, you need evidence of election hacking in order to begin an investigation. This is an invitation to hackers,” Hoke said. “We all know in the security world that you can’t run a secure system if no one is looking.”
Barbara Simons, former president of the Association for Computing Machinery and current board chair for Verified Voting, said the push towards paperless ballots has made it very difficult or impossible for election officials to perform recounts if it suspected there was hacking of voting machines. “We need to get paper ballots everywhere, but we also need get people to look at them because those paper ballots, by-and-large, are being counted by computers in optical scans, and those computers are computers,” Simons said. “We need to get laws passed, or requirements, that after every election, before the votes are certified a manual random post-election ballot audit is conducted as a check against the computers and the scanners.”
Simons said there were currently 14 states that have electronic-only voting, meaning there is no way to perform a proper recount and many states have retrofitted electronic voting machines with paper copies printed on thermal rolls, which are typically seen in supermarket receipt printers.
“Those retrofits are really bad designs. Most people don’t look at them. They can be very hard to read because the font can be very small. It can be designed to print out everything a voter does with no summary page, making it difficult to see who someone voted for. And they’re hard to recount because it’s a continuous roll,” Simons said. “If you want to count something, the easiest way to do it — like you do with money or cards — is you sort it into piles and count each pile. But if it’s a continuous roll, you can’t do that.”
Full Article: Hacking voting machines takes center stage at DEFCON.