Breaches of voting machine data raise worries for midterms
Sensitive voting system passwords posted online. Copies of confidential voting software available for download. Ballotcounting machines inspected by people not supposed to have access.
The list of suspected security breaches at local election offices since the 2020 election keeps growing, with investigations underway in at least three states — Colorado, Georgia and Michigan. The stakes appeared to rise this week when the existence of a federal probe came to light involving a prominent loyalist to former President Donald Trump who has been promoting voting machine conspiracy theories across the country.
While much remains unknown about the investigations, one of the most pressing questions is what it all could mean for security of voting machines with the midterm elections less than two months away.
Election security experts say the breaches by themselves have not necessarily increased threats to the November voting. Election officials already assume hostile foreign governments might have the sensitive data, and so they take precautions to protect their voting systems.
The more immediate concern is the possibility that rogue election workers, including those sympathetic to lies about the 2020 presidential election, might use their access to election equipment and the knowledge gained through the breaches to launch an attack from within. That could be intended to gain an advantage for their desired candidate or party, or to introduce system problems that would sow further distrust in the election results.
In some of the suspected security breaches, authorities are investigating whether local officials provided unauthorized access to people who copied software and hard drive data, and in several cases shared it publicly.
After the Georgia breach, a group of election security experts said the unauthorized copying and sharing of election data from rural Coffee County presented “serious threats” to the November election.
They urged the state election board to replace the touch-screen devices used throughout the state and use only hand-marked paper ballots.
Harri Hursti, a leading expert in voting security, said he is concerned about another use of the breached data.
Access to the voting equipment data or software can be used to develop a realistic looking video in which someone claims to have manipulated a voting system, he said.
Such a fake video posted online or to social media on or after Election Day could create chaos for an election office and cause voters to challenge the accuracy of the results.
“If you have those rogue images, now you can start manufacturing false, compelling evidence — false evidence of wrongdoing that never happened,” Hursti said.
“You can start creating very compelling imaginary evidence.”