How secure is your vote?

Report from cyber security experts contradicts local election officials’ assurances about the security of our local voting machines.

| 29 Sep 2019 | 06:44

With the 2020 campaign season in full swing, and concerns that election results could be compromised, Straus News undertook an extensive review of what voting machines are in use in our communities and talked with local election officials and cyber security experts to hear their views.

At an August gathering of cyber security experts and hackers, called DEFCON Voting Village, attendees spent two and a half days exploring and exploiting the vulnerabilities of voting machines.

The report of their findings, released Sept. 26, revealed that the voting machines currently in use in Sussex, Pike and Orange counties are hackable.

Marge McCabe’s stance when it comes to the voting machines used in Sussex County is if it ain’t broke, don’t fix it. As the Board of Elections Administrator, McCabe said the county has been using the same machines for the past 18 years.

“It’s my opinion that if something is working well, you don’t change it,” she said. “Our machines are still working well.”

The machines in question are iVotronic direct-recording electronic machines, made by Election Systems & Software (ES&S).

With iVotronic machines, voters make their choices on a touchscreen which records and tabulate votes in the machines’ internal memory.

While acknowledging that electronic machines have fallen out of favor because of hacking concerns, McCabe said that the ones used in Sussex are stand-alone machines and are not connected to each other or to the internet.

“I think there’s a lot of misinformation out there,” she said. “We test an election to such an extreme that we know, without a shadow of a doubt, that those machines are tabulating correctly. We test tens of thousands of ballots to make sure that the data we put in is the data that comes out.”

“Whatever happens, we have a process that deals with it because voter confidence is our number one goal,” she said. “I think we really bend over backwards to make sure that our voters are confident when they go into a booth.”

ES&S, the company that makes the machines stopped making them several years ago, although it continues to service and support them, according to Katina Granger, public relations manager for the company.

“ES&S no longer manufactures and sells paperless voting equipment as a primary voting device,” Granger said. “Our current line of voting systems produces a voter-verifiable paper trail which jurisdictions can use to perform post-election audits.”

This year’s report from Voting Village, as well as its report from 2017, cited vulnerabilities of the iVotronic, used in Sussex County and the Dominion Voting Systems’ ImageCast Precinct used by both Pike and Orange counties.

Pike County’s new voting machines were rolled out just in time for this year’s May 21 primary election, making Pike one of only a few Pennsylvania counties to meet the state-wide mandate to upgrade early, according to Pike County Director of Elections Nadeen Manzoni.

Manzoni said the county’s new ImageCast Precinct machines combine voter-marked paper ballots with an optical scanner that tabulates the votes.

At the DEFCON convention, attendees working on the ImageCast Precinct said that, by bringing a simple screwdriver and a CF card into the voting area, an attacker could use the screwdriver to access the machine’s intended CF card and swap it with their own card, allowing them to boot a different operating system and take control of the machine.

To illustrate their point, attendees reported they were able to boot a different operating system on the machine and play video games, including the popular game “Pong.”

In Orange County, a voter-verifiable paper trail has been the norm since 2005, according to Board of Elections Commissioner Louise Vandemark.

Vandemark said Orange County also uses the ImageCast Precinct machines and that she thinks voter-marked paper ballots contribute to a sense of confidence in the results.

“The process is much more secure this way,” she said. “After every election we do a random audit to make sure that the machine has read the ballots properly.”

“Most people were pleased,” Manzoni said of voter reaction. “They liked the fact that we had the paper record of their vote on hand that we can use to audit the results if we had to.”

“My confidence level in the old machines was 100 percent,” she said. “I know that they were given a bad rap with hacking, but they’re stand-alone inside the polling place and the only way to hack into those machines and be able to program it to flip votes or alter the result in any way was to physically break in.”

The old machines had no wireless capabilities, Manzoni said, which made hacking into them remotely an unlikely scenario.

New Jersey Republican State Committeeman, Don Katz, who serves on his county’s Board of Elections, said that most counties in New Jersey use electronic touchscreen voting machines.

“There’s a lot of pressure towards new machines because of security,” he said. “Whether it’s justified or not, there’s enough yelling and screaming that it’s happening.”

According to Katz, the likelihood of foreign actors hacking into voting machines to change the outcome of an election seems farfetched.

“I mean, I can’t say that if enough people are bribed that they can’t undo the programs that are downloaded onto each machine, but that posits a major conspiracy that involves any number of different election officials in different offices,” he said. “It’s extremely unlikely.”

There are a number of security measures in place in the state to safeguard the integrity of voting machines, Katz said.

Don’t get him wrong: Katz has no problem with voter-verifiable paper trail backups on electronic machines.

While the old electronic machines performed accurately during previous years in Pike County, Manzoni said, there’s something to be said for having a paper trail that can be audited post-election.

“We can actually prove now that the results are accurate because we have that paper ballot written in the voter’s own hand that we can then compare to the electronic results,” she said. “And that’s something that we didn’t have before.”

CLICK HERE to see the interactive map

“We can actually prove now that the results are accurate because we have that paper ballot written in the voter’s own hand that we can then compare to the electronic results,” she said. “And that’s something that we didn’t have before.”
- Pike County Director of Elections Nadeen Manzoni
A shift in the national consciousness
Electronic voting machines quickly became the new standard in the early 2000s, ushering in an era of perceived electoral progress – that is, until the 2016 presidential election.
Fears of foreign meddling in that election have helped push the pendulum back toward hard copy paper ballots.
To combat the possibility of foreign influence in our elections, DEFCON's Voting Village recommends mandatory post-election audits nationwide, the use of voter-marked paper ballot systems and dramatically increased funding and other resources to help local election officials protect their IT infrastructure from foreign state actors and other threats.
Our voting machines’ vulnerabilities as found by DEFCON’s Voting Village from 2017-2019:
ImageCast Precinct
How it works:
• Voters fill out a paper ballot and feed it into an optical scanner, which tabulates the votes. Once scanned, the ballot passes into a locked ballot box.
• The locking mechanism on the ballot box can be picked using common items like a standard trash picker and ballots could easily be stolen
• Easy access to the USB, RJ45 and CF ports on the machine, which would give an attacker entry to the machine
• File system was unencrypted and unprotected
• Machine runs Busybox Linux 1.7.4 as its operating system, which has 20 medium to high risk vulnerabilities, including the ability to allow remote access to the machine
How it works:
• A poll worker uses a device called a Personalized Electronic Ballot to turn the machine on and set it up for each voter. Voters make their selections using a touch screen.
• Personalized Electronic Ballots, which are used to allow each voter to vote, are able to be attacked. These devices are also used to store and aggregate final vote tallies from each machine. If exploited, this vulnerability means that voters could potentially not be able to cast their vote or could have their vote changed.