Are wireless voting machines vulnerable? Some states say no
WASHINGTON — Barely a month before midterm elections, voting integrity advocates and electronic voting experts want the federal government to issue an official warning to states that use voting machines with integrated cellular modems that the machines are vulnerable to hacks, potentially interfering with the ballot counting.
Once seen as a useful tool to provide quick election results, voting machines with cellular modems are now subject to fierce debate over how easy it would be to break into them and change the results.
Such machines are certified for use in Florida, Illinois, Michigan and Wisconsin.
A spokeswoman for the Florida Department of State, Sarah Revell, defended the certification of such machines.
“Voting machines are not connected to the internet,” Revell said in an email to McClatchy, adding that “it is important to note that when transmitting election data everything is encrypted and authenticated.”
But a number of voting machine researchers take issue with such assertions, saying that cellular networks increasingly overlap with the internet and open avenues for hackers to interfere with unofficial early results even when there are paper ballots that can be tallied for a slower official count. They say interfering with unofficial early results, even when corrected later, could increase mistrust among voters and add uncertainty immediately after elections conclude.
“The voting machine vendors like to say, well, the voting machine modem is only used for transmitting the unofficial results when you close the polls back through the internet to county central where the clerk can post them,” said Andrew W. Appel, a computer scientist at Princeton University.
“The problem is that modem talking through the cellphone network really is more connected to the internet than they like to think.”
Appel said hackers could intercept signals using a portable cell phone tower, commonly called a Stingray, and even introduce malicious code through internet-linked cellular networks.
“If you can talk to that modem, and if there are any security flaws in the voting machine software that talk through that modem, then the voting machine could be confused into installing new software that changes the vote,” Appel said.
Appel was among 30 researchers, activists and scientists who signed a letter this week urging the federal government to caution states from the use of such voting machines, citing their “grave concerns” that manipulation through cellular networks could “wreak havoc on an election.”
“The convenience of transmitting vote totals online does not outweigh the need of the American people to be assured their votes will be accurately transmitted and counted,” said the letter, which was also endorsed by five citizen and digital rights groups, including Common Cause and the Electronic Frontier Foundation.
How many cellular-enabled voting machines will be in use for Nov. 6 midterm elections is not known. There is no national registry for the 10,000 or so election jurisdictions in the United States, so an exact number could not be determined readily.
An official with the Election Assistance Commission, an independent federal agency that is a clearinghouse for election information, said there are “probably” more than 1,000 of the cellular-enabled machines deployed in different parts of the country.
“They are out there,” said Brian Hancock, director of testing and certification for the Election Assistance Commission. “As you know, it’s up to the states to decide which systems they use.”
In the wake of Russian interference in the 2016 U.S. elections and warnings that such meddling may be recurring this year, voting officials say they are seeking a balance between security, accuracy, and convenience for voters — as well as speed in disseminating vote results.
A spokesman for the Wisconsin Elections Commission, Reid Magney, said his agency does not believe cellular-enabled machines are vulnerable.
“It is not a large concern at this point,” Magney said. “The results are encrypted and use security keys, so the receiving computer knows that the data is authentic . ... I know people have theorized about man-inthe-middle attacks. I’ve never seen people intercept (cellular signals), change them, re-encrypt them and send them on.”
An Illinois board of elections spokesman, Matt Dietrich, said cellular-enabled voting machines are used in his state “but they are only allowed to transmit unofficial results.”
Revell, the Florida spokeswoman, said all Florida voting is on paper ballots “so we can always refer to the original record” in case of confusion. While some counties may have the cellular-enabled machines, she said, “that does not mean counties utilize it.”
Voting security advocates say election officials underestimate the determination and sophistication of foreign adversaries that want to interfere in U.S. elections.
“We have a big bull’s-eye painted on our election systems. We have to prioritize security over the demand to have elections results right now,” said Susan Greenhalgh, policy director at the National Election Defense Coalition, a New York-based election integrity network.