With the U.S. presidential election just weeks away, questions about election security continue to dog the nation’s voting system. It’s too late for election officials to make major improvements, “and there are no resources,” said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. “Nobody should ever imagine changing the voting technology used this close to a general election,” said Douglas Jones, a computer science professor at the University of Iowa. “The best time to buy new equipment would be in January after a general election, so you’ve got almost two years to learn how to use it.” … Some states conduct extensive pre-election tests of their voting equipment, but other tests are less comprehensive, said Pamela Smith, president of elections security advocacy group Verified Voting. Most jurisdictions conduct pre-election voting tests, but many “randomly select some machines” after ballot information, such as candidates’ names, is programmed in, Smith said. Testing all voting machines before an election would be more secure, she said.
The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen. The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges — more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots. But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work. Many U.S. voting systems still have vulnerabilities, and many states use statistically unsound election auditing practices, said Joe Kiniry, a long-time election security researcher. “With enough money and resources, I don’t think [hacking the election] is actually a technical challenge,” said Kiniry, now CEO and chief scientist at Free and Fair, an election technology developer. “It’s a social, a political, and an infrastructural challenge because you’d have a medium-sized conspiracy to achieve such a goal. Technically, it’s not rocket science.”
The furor over the cyberattacks injecting turmoil into Hillary Clinton’s presidential campaign obscures a more pervasive danger to the U.S. political process: Much of it has only lax security against hackers, with few if any federal cops on the beat. No one regulator is responsible for requiring campaigns, political operations and state and local agencies to protect the sanctity of the voter rolls, voters’ personal data, donors’ financial information or even the election outcomes themselves. And as the Democrats saw in Philadelphia this past week, the result can be chaos. The most extreme danger, of course, is that cyber intruders could hack the voting machinery to pick winners and losers. But even less-ambitious exploits could sway the results in a close election — anything from tampering with parties’ volunteer schedules and get-out-the-vote operations to deleting the registrations of frequent voters or knocking registration databases offline. Cyber scams aimed at campaign donors’ financial data, such as a just-disclosed hack aimed at the Democratic Congressional Campaign Committee, could deter future contributors by making them fear identity theft. Or, as happened this past week to the Democratic National Committee, online thieves could get hold of a political operation’s embarrassing internal emails, creating headaches for a presidential candidate just before she accepts her party’s nomination.
As the U.S. heads toward an especially contentious national election in November, 15 states are still clinging to outdated electronic voting machines that don’t support paper printouts used to audit their internal vote counts. E-voting machines without attached printers are still being used in a handful of presidential swing states, leading some voting security advocates to worry about the potential of a hacked election. Some makers of e-voting machines, often called direct-recording electronic machines or DREs, are now focusing on other sorts of voting technology, including optical scanners. They seem reluctant to talk about DREs; three major DRE vendors didn’t respond to questions about security. … While a hacked election may be unlikely, it’s not impossible, said Joe Kiniry, a long-time election security researcher. Researchers have found many security holes in DREs, and many states don’t conduct comprehensive election audits, said Kiniry, now CEO and chief scientist at Free and Fair, an open-source election technology vendor. “I would say that a determined adversary, with the standard skill that people like me have, would be able to hack an election nationally,” he said. “With enough money and resources, I don’t think that’s actually a technical challenge.” Voting results are “ripe for manipulation,” Kiniry added. Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”
Oregon: Portland tech firm Galois spins out new company to make elections more secure | Portland Business Journal
Portland computer science research and development firm Galois is taking aim at election security with its latest spin-off, Free & Fair. The new wholly-owned subsidiary is run by elections security researcher Joseph Kiniry, who two years ago illustrated how easy it is to hack vote-by-email systems, and is based on technology developed by Galois. To start, Free & Fair has three products:
A tabulator, which is a secure and verifiable ballot scanning system.
The ePollbook, which is a scalable and secure electronic poll book for precincts and county voting centers.
A supervised voting system, which is a complete polling place system based on the STAR-Vote project. That project is a collaboration between academia and Travis County (Austin), Texas to create a secure, reliable and auditable voting system.
A series of data breaches overseas are spurring concerns that hackers could manipulate elections in the United States.Since December, hundreds of millions of voters in the U.S., the Philippines, Turkey and Mexico have had their data discovered on the web in unprotected form. In some instances, legitimate security researchers found the information, but in others, malicious hackers are suspected of pilfering the data for criminal purposes.The data breaches are raising questions as the U.S. considers whether to move toward electronic balloting. More people than ever are using the internet to register to vote and to request mail-in ballots. Some states have even become vote-by-mail only in recent years. “If you can’t keep the voter registration records safe, what makes you think you can keep the votes safe?” asked Pamela Smith, president of election watchdog Verified Voting.For a politically inclined hacker, insecure voter data could “very easily” create a pathway to “massive” voter fraud, said Joseph Kiniry, CEO of Free & Fair, which advocates for secure digital election systems. “If you can go in there and delete rows based on someone’s name or political affiliation, we will have a massively screwed up election process on the day,” he said.
National: Voter ID Laws May Have Actually Increased The Likelihood Of Voter Fraud—By Hackers | Fast Company
Over the past 16 years, only 10 cases of voter impersonation—out of 146 million registered voters—have ever been identified. And yet each election, a vocal political contingent made up primarily of Republicans complains about an alleged epidemic of voter fraud and impersonation. To combat it, they propose—and in many cases successfully pass—laws requiring voters to provide verification of their identity with an ID card, along with verbal confirmation of various pieces of personal data, before they are permitted to vote. As election officials become more reliant on electronic databases, the potential for hackers to commit voter manipulation and election fraud has gone way up. But it’s these very voter ID laws that are partly to blame, despite legislators’ claims that they would make elections safer, according to Joseph Kiniry, CEO of Free and Fair, a provider of secure election services and systems. “The best thing [hackers] could do is to screw up that data prior to the election,” says Kiniry.
With the U.S. knee-deep in what has been an unusual presidential primary season, to say the least, many eligible voters are highly engaged in the process, passionate about their preferred candidates. But when it comes to voting trends, a reality check is in order: Voter turnout in the U.S. during the last midterm election hit the lowest point since the 1940s. In fact, the number of Americans heading to the polls each election has been declining for the last 50 years, which helps explain a concerted push by election officials to deploy technology that simplifies the process of, and increases participation in, elections. Before delving into the current and future state of election technology, let’s summarize how we arrived at this point. Most jurisdictions today are using election technology developed in the 1990s, and the typical voting system is running an operating system that is no longer vendor-supported, no longer has security updates (which couldn’t be applied anyway because of certification requirements) and relies on technology that wasn’t considered “cutting edge” even when it was purchased. All of which begs the question: Why are these outdated systems still in use?
The cryptocurrency Bitcoin has risen into public consciousness over the past few years. It is the first digital currency to reach this level of success and notoriety. Bitcoin is based on a decades old cryptographic concept called a blockchain. As people and companies seek new ways to conduct elections that make better sense in our high tech world, several startups have proposed using blockchains, or even Bitcoin itself, to conduct elections. Using Bitcoin (or a blockchain) as an election system is a bad idea that really doesn’t make sense. While blockchains can be useful in the election process, they are only appropriate for use in one small part of a larger election system. A blockchain is basically a public database of information that is distributed across many different computers so that all users are able to verify that they have the same overall data even if some of the computers go down. There is no need to trust a central server or authority. A blockchain is a fundamental concept in cryptography that existed for decades prior to being used in cryptocurrencies like Bitcoin.