Are wire­less vot­ing machines vul­ner­a­ble? Some states say no

Lodi News-Sentinel - - PAGE TWO - By Tim John­son

WASH­ING­TON — Barely a month be­fore midterm elec­tions, vot­ing in­tegrity ad­vo­cates and elec­tronic vot­ing ex­perts want the fed­eral gov­ern­ment to is­sue an of­fi­cial warn­ing to states that use vot­ing machines with in­te­grated cel­lu­lar modems that the machines are vul­ner­a­ble to hacks, po­ten­tially in­ter­fer­ing with the bal­lot count­ing.

Once seen as a use­ful tool to pro­vide quick elec­tion re­sults, vot­ing machines with cel­lu­lar modems are now sub­ject to fierce de­bate over how easy it would be to break into them and change the re­sults.

Such machines are cer­ti­fied for use in Florida, Illi­nois, Michi­gan and Wis­con­sin.

A spokes­woman for the Florida Depart­ment of State, Sarah Rev­ell, de­fended the cer­ti­fi­ca­tion of such machines.

“Vot­ing machines are not con­nected to the in­ter­net,” Rev­ell said in an email to McClatchy, adding that “it is im­por­tant to note that when trans­mit­ting elec­tion data ev­ery­thing is en­crypted and au­then­ti­cated.”

But a num­ber of vot­ing ma­chine re­searchers take is­sue with such as­ser­tions, say­ing that cel­lu­lar net­works in­creas­ingly over­lap with the in­ter­net and open av­enues for hack­ers to in­ter­fere with un­of­fi­cial early re­sults even when there are pa­per bal­lots that can be tal­lied for a slower of­fi­cial count. They say in­ter­fer­ing with un­of­fi­cial early re­sults, even when cor­rected later, could in­crease mis­trust among vot­ers and add un­cer­tainty im­me­di­ately af­ter elec­tions con­clude.

“The vot­ing ma­chine ven­dors like to say, well, the vot­ing ma­chine mo­dem is only used for trans­mit­ting the un­of­fi­cial re­sults when you close the polls back through the in­ter­net to county cen­tral where the clerk can post them,” said An­drew W. Ap­pel, a com­puter sci­en­tist at Prince­ton Univer­sity.

“The prob­lem is that mo­dem talk­ing through the cell­phone net­work re­ally is more con­nected to the in­ter­net than they like to think.”

Ap­pel said hack­ers could in­ter­cept sig­nals us­ing a por­ta­ble cell phone tower, com­monly called a St­ingray, and even in­tro­duce ma­li­cious code through in­ter­net-linked cel­lu­lar net­works.

“If you can talk to that mo­dem, and if there are any se­cu­rity flaws in the vot­ing ma­chine soft­ware that talk through that mo­dem, then the vot­ing ma­chine could be con­fused into in­stalling new soft­ware that changes the vote,” Ap­pel said.

Ap­pel was among 30 re­searchers, ac­tivists and sci­en­tists who signed a let­ter this week urg­ing the fed­eral gov­ern­ment to cau­tion states from the use of such vot­ing machines, cit­ing their “grave con­cerns” that ma­nip­u­la­tion through cel­lu­lar net­works could “wreak havoc on an elec­tion.”

“The con­ve­nience of trans­mit­ting vote to­tals on­line does not out­weigh the need of the Amer­i­can peo­ple to be as­sured their votes will be ac­cu­rately trans­mit­ted and counted,” said the let­ter, which was also en­dorsed by five cit­i­zen and dig­i­tal rights groups, in­clud­ing Com­mon Cause and the Elec­tronic Fron­tier Foun­da­tion.

How many cel­lu­lar-en­abled vot­ing machines will be in use for Nov. 6 midterm elec­tions is not known. There is no na­tional registry for the 10,000 or so elec­tion ju­ris­dic­tions in the United States, so an ex­act num­ber could not be de­ter­mined read­ily.

An of­fi­cial with the Elec­tion As­sis­tance Com­mis­sion, an in­de­pen­dent fed­eral agency that is a clear­ing­house for elec­tion in­for­ma­tion, said there are “prob­a­bly” more than 1,000 of the cel­lu­lar-en­abled machines de­ployed in dif­fer­ent parts of the coun­try.

“They are out there,” said Brian Han­cock, di­rec­tor of test­ing and cer­ti­fi­ca­tion for the Elec­tion As­sis­tance Com­mis­sion. “As you know, it’s up to the states to de­cide which sys­tems they use.”

In the wake of Rus­sian in­ter­fer­ence in the 2016 U.S. elec­tions and warn­ings that such med­dling may be re­cur­ring this year, vot­ing of­fi­cials say they are seek­ing a bal­ance be­tween se­cu­rity, ac­cu­racy, and con­ve­nience for vot­ers — as well as speed in dis­sem­i­nat­ing vote re­sults.

A spokesman for the Wis­con­sin Elec­tions Com­mis­sion, Reid Mag­ney, said his agency does not be­lieve cel­lu­lar-en­abled machines are vul­ner­a­ble.

“It is not a large con­cern at this point,” Mag­ney said. “The re­sults are en­crypted and use se­cu­rity keys, so the re­ceiv­ing com­puter knows that the data is au­then­tic . ... I know peo­ple have the­o­rized about man-inthe-mid­dle at­tacks. I’ve never seen peo­ple in­ter­cept (cel­lu­lar sig­nals), change them, re-en­crypt them and send them on.”

An Illi­nois board of elec­tions spokesman, Matt Di­et­rich, said cel­lu­lar-en­abled vot­ing machines are used in his state “but they are only al­lowed to trans­mit un­of­fi­cial re­sults.”

Rev­ell, the Florida spokes­woman, said all Florida vot­ing is on pa­per bal­lots “so we can al­ways re­fer to the orig­i­nal record” in case of con­fu­sion. While some coun­ties may have the cel­lu­lar-en­abled machines, she said, “that does not mean coun­ties uti­lize it.”

Vot­ing se­cu­rity ad­vo­cates say elec­tion of­fi­cials un­der­es­ti­mate the de­ter­mi­na­tion and so­phis­ti­ca­tion of for­eign ad­ver­saries that want to in­ter­fere in U.S. elec­tions.

“We have a big bull’s-eye painted on our elec­tion sys­tems. We have to pri­or­i­tize se­cu­rity over the de­mand to have elec­tions re­sults right now,” said Su­san Green­halgh, pol­icy di­rec­tor at the Na­tional Elec­tion De­fense Coali­tion, a New York-based elec­tion in­tegrity net­work.

C. ALUKA BERRY/THE STATE FILE PHO­TO­GRAPH

Vot­ers cast their vote in the South Carolina Re­pub­li­can pres­i­den­tial pri­mary at Saxe Gotha Pres­by­te­rian Church in Lex­ing­ton, South Carolina, on Jan­uary 21, 2012.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.