There likely isn’t a quick fix for complex U.S. election integrity challenges such as social-engineering interference on Facebook. Experts say there is a straightforward response, however, to vulnerable voting-machine software. The problem is that it involves cooperation in Congress. When the Senate failed to move the Secure Elections Act forward in August because of White House concerns over states’ rights, coupled with funding concerns, the United States lost its best chance this year of taking steps toward patching voting machines. The most recent federal dollars devoted to improving elections came from the Help Americans Vote Act of 2002, which was itself flawed because its authors failed to predict cybersecurity standards for voting machines. The idea of hackers infiltrating computerized voting machines at the time was “completely ridiculous,” says Margaret MacAlpine, a voting-machine security researcher and a founding partner of cybersecurity consultancy Nordic Innovation Labs. “The cybersecurity threat was more than science fiction at that point,” she says. And even now, as knowledge that the machines are vulnerable to hackers spreads, there is still a lack of political will to allocate the funds needed to replace them and ensure that new machines are secured against attacks, she says.
Security vulnerabilities in electronic voting machines, or EVMs, have been well-documented since at least 2005, but officials often believed that the problems could be ignored because manufacturers said the machines couldn’t be connected to the Internet. That argument became invalid when manufacturers began routinely installing remote-access software on the machines. Following the 2016 election, the U.S. Department of Homeland Security declared elections to be part of the nation’s critical infrastructure.
EVMs are still in heavy use in the United States. And their security issues extend beyond software vulnerabilities: DefCon’s latest Voting Machine Hacking Village report says hackers could break even their physical locks—designed to prevent unauthorized access to the power switch, USB ports, and modem ports—in 5 seconds.
“The crux of the problem” with today’s EVM software, MacAlpine says, “is that the county officials who maintain election equipment are locked into extremely expensive service deals. But because the machine parts are so old, they can’t be maintained by the counties. It’s this horrible Catch-22.”
At stake is the ability for voters to trust that their ballots are properly counted, and for election observers to be able to verify that those ballots were cast without interference. And while counties and states nationwide have the opportunity between each election to change how they handle the country’s most sacred democratic institution, few have done much to improve electronic voting machines.
Full Article: Securing voting machines means raising funds – The Parallax.