The fix is in for hackable voting machines: use paper

I voted

Want better security of election voting results? Use paper.

With the US almost halfway between the last national election and the 2018 mid-terms, not nearly enough has been done yet to improve the demonstrated insecurity of current electronic voting systems. Multiple experts say one obvious, fundamental move should be to ensure there is a paper trail for every vote.

That was a major recommendation at a panel discussion this past week that included representatives of the hacker conference DefCon and the Atlantic Council think tank, which concluded that while there is progress, it is slow.

The progress includes the designation of voting systems as critical infrastructure by the Department of Homeland Security, plus moves in Texas and Virginia to improve the security of their systems by using paper.

Most states already do that. But Lawrence Norden, co-author of a September 2015 report for the Brennan Center for Justice titled “America’s Voting Machines at Risk,” wrote in a blog post last May for The Atlantic that 14 states, “including some jurisdictions in Georgia, Pennsylvania, Virginia, and Texas – still use paperless electronic voting machines. These systems should be replaced as soon as possible.”

There is little debate about the porous nature of electronic voting systems – it has been reported for years. It was close to four years ago, in January 2014 that the bipartisan Presidential Commission on Election Administration (PCEA) declared:

There is an impending crisis … from the widespread wearing out of voting machines purchased a decade ago. … Jurisdictions do not have the money to purchase new machines, and legal and market constraints prevent the development of machines they would want even if they had funds.

A couple of years later the Brennan Center issued its report, which predicted that in the 2016 elections, 43 states would be using electronic voting machines that were at least 10 years old – “perilously close to the end of most systems’ expected lifespan.”

The biggest risk from that, the report said, was failures and crashes, which could lead to long lines at voting locations and lost votes. But it also said security risks were at unacceptable levels:

Virginia recently decertified a voting system used in 24 percent of precincts after finding that an external party could access the machine’s wireless features to “record voting data or inject malicious data.

Smaller problems can also shake public confidence. Several election officials mentioned “flipped votes” on touch screen machines, where a voter touches the name of one candidate, but the machine registers it as a selection for another.

Not to mention that with solely digital voting machines, there is no way to audit the results.

While there is still no documented evidence that hostile nation states – mainly Russia – have been able to tamper directly with election results, the risk is there. At this past summer’s DefCon conference, one of the most high-profile events was the so-called Voting Village, where Wired reported that, “hundreds of hackers got to physically interact with – and compromise – actual US voting machines for the first time ever.”

The reason it hadn’t been done before, at least publicly, was that it was illegal. But at the end of 2016, an exemption to the Digital Millennium Copyright Act finally legalized hacking of voting machines for research purposes.

Not surprisingly, hackers didn’t have all that much trouble – they found multiple ways to breach the systems both physically and with remote access. And according to Jake Braun, a DefCon Voting Village organizer and University of Chicago researcher, the results undermined the claim that the decentralized voting system in the US (there are more than 8,000 jurisdictions in the 50 states) would make it more difficult to hack.

With only a handful of companies manufacturing electronic voting machines, a single compromised supply chain could impact elections across multiple states at once, he noted.

It’s not just tampering with actual voting results that can damage the credibility of an election either. Norden told Wired that, “you can do a lot less than that and do a lot of damage… If you have machines not working, or working slowly, that could create lots of problems too, preventing people from voting at all.”

Norden doesn’t dismiss the need for technology improvements. “Among the wide variety of solutions being explored or proposed are use of encryption, blockchain, and open source software,” he wrote in his blog post.

But the most effective security measure, he contended in his blog post, is low-tech:

The most important technology for enhancing security has been around for millennia: paper. Specifically, every new voting machine in the United States should have a paper record that the voter reviews, and that can be used later to check the electronic totals that are reported.

This could be a paper ballot the voter fills out before it is scanned by a machine, or a record created by the machine on which the voter makes her selections—so long as she can review that record and make changes before casting her vote.

That kind of improvement doesn’t have to take a lot of time or cost big bucks either, he said, and would create, “software independent” voting systems, where an, “undetected change or error in its software cannot cause an undetectable change or error in an election outcome.”

Given what are sure to be continued attempts at foreign interference in US elections, “it is the least we can do,” he said.