America’s voting machines are a patchwork of systems spread across thousands of districts, with widely varying degrees of accountability. It’s a mess. One that the Department of Homeland Security has finally committed to helping clean up. This week, DHS chief Jeh Johnson held a call with state election officials to outline, very roughly, the kind of assistance that DHS will provide to help prevent cyber attacks in this fall’s elections. For now, details are vague, and whatever DHS plans to do will need to happen quickly; election day may be November 8, but in some states, early voting starts in just six weeks. That’s not enough time to solve all of America’s voting machine issues. Fortunately, there’s still plenty DHS can accomplish—assuming the districts that need the most help realize it. The problems with America’s electronic voting machines are extensive, but also easily summarized: Many of them are old computers, and old computers are more vulnerable to disruptions both purposeful (malware) and benign (bugs).
In the most extreme case to date, a security expert found that one particular type of electronic voting machine, used in Virginia elections, was so insecure that a novice hacker would have been able to sway results without much difficulty. That device was decertified, but researchers have demonstrated that other models, still in use around the country, are also vulnerable. The reason so many machines are so out of date is also simple; replacing them would require money, and few districts are willing or able to pay for them. It’s often not even clear who would pick up the bill.
“Our elections are sometimes federal elections, sometimes state, sometimes local. The way we run elections is very decentralized,” says Pamela Smith, president of Verified Voting, a group that promotes electoral accountability. Authorities at each of those levels have had years of experience passing around responsibility. Until and unless voting systems are designated as “critical infrastructure,” a move DHS has considered, and which would give the federal government more direct authority over the process, that will remain the case.
… “An election official could go to DHS and ask for a vulnerability scan” of their voting machines, Smith says. “There could be time between now and election day to do some vulnerability scans on things like the online voter registration database, to make sure that how they’re doing that is secure.”