If you voted in a Virginia election any time between 2003 and April of this year, your vote was at serious risk of being compromised by hackers. That’s the assessment reached by Virginia’s board of elections, which recently decertified some 3,000 WINVote touchscreen voting machines after learning about security problems with the systems, including a poorly secured Wi-Fi feature for tallying votes. The problems with the machines are so severe that Jeremy Epstein, a computer scientist with SRI International who tried for years to get them banned, called them the worst voting machines in the country. If the WINVote systems weren’t hacked in a past election, he noted in a recent blog post and during a presentation last week at the USENIX security conference, “it was only because no one tried.” The decision to decommission the machines, which came after the state spent a decade repeatedly ignoring concerns raised by Epstein and others, is a stark reminder as the nation heads into the 2016 presidential election season that the ongoing problem of voting machine security is still not taken seriously by election officials. Virginia officials only examined the WINVote systems after Governor Terry McAuliffe tried to vote with one during the state’s general elections last November.
Dismayed at the problems he encountered first hand trying to select a candidate in a Senate race, he demanded an investigation. But even after serious vulnerabilities were then uncovered, some election officials argued against replacing the machines. Richard Herrington, secretary of the Fairfax City Electoral Board, asserted that no voting system was secure. “No matter how much time, money and effort we could put into a device or a system to make it as secure as possible, there is always the possibility that someone else would put in the time, money and effort to exploit that system,” he said.
Although many of the issues found in the WINVote machines are specific to them, some of the problems are similar to ones found in other voting machine models over the years, all of which demonstrates just how flawed the federal testing and certification process is for approving voting machines used in the US.
The WINVote touchscreen machines, made by the now-defunct Advanced Voting Solutions when it went by its original name, Shoup Voting Solutions, were used in about 30 counties in Virginia before they were decommissioned this year. The machines were also used in Pennsylvania and Mississippi to a lesser degree, but Pennsylvania eliminated its systems in 2007, and Mississippi, which only used them in one county, replaced them in 2013.
Virginia first began using the WINVote machines in 2003 in Fairfax County, the largest county in the state. Problems with the systems emerged immediately. In a race for the Fairfax School Board, the machines inexplicably subtracted one vote for every 100 votes cast (.pdf) in favor of incumbent school-board candidate Rita Thompson, which resulted in a 2 percent reduction in votes for her overall. Thompson lost the race by 1,600 votes. More than 77,000 votes were cast for her countywide, so two percent of the vote was 1,540.
Full Article: Virginia Finally Drops America’s ‘Worst Voting Machines’ | WIRED.