Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/6/2020
10:00 AM
Ari Singer
Ari Singer
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How Can We Make Election Technology Secure?

In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.

November 5, 2019: In Northampton County, Pennsylvania, a candidate for judge, Abe Kassis, came up with just 164 votes out of 55,000 cast — a statistical absurdity. After hand scanning the ballots from the county's new ESS ExpressVoteXL machines, Kassis emerged as winner. This was no case of "disinformation warfare" — so what happened?

February 3, 2020: In Iowa, a smartphone app for reporting caucus results debuted. It did not go well.

Our elections have been menaced by social media deception, voter registration scandals, conspiracy theories, and polarization of the electorate. While these issues must be confronted, we can't ignore the growing threat posed by security gaps in the election equipment that records, counts, and transmits votes.

Even if we could solve the complex social engineering problems, we should all ask, "How secure are the physical machines being used in the 2020 American elections?" 

Vulnerability of Election Technology
Let's start with some common problems presented by modern-day election machines.

  • Single point of failure. A compromise or malfunction of election technology could decide a presidential election.
  • Between elections. Election devices might be compromised while they are stored between elections.
  • Corrupt updates. Any pathway for installing new software in voting machines before each election, including USB ports, may allow corrupt updates to render the system untrustworthy.
  • Weak system design. Without clear guidelines and thorough, expert evaluation, the election system is likely susceptible to many expected and unexpected attacks.
  • Misplaced trust. Technology is not a magic bullet. Even voting equipment from leading brands has delivered wildly wrong results in real elections. Election administrators need to safeguard the election without relying too heavily on third parties or technologies they don't control.

It takes a lot of work to lock down a complex voting system to the point where you'd bet the children's college fund — or the future of society — on its safety. Has that work been done? Not entirely, as shown by these not-so-fun facts about election devices in the US.

  • Many voting machines are 10 to 20 years old.
  • Voting machine manufacturers are not subject to any federally mandated security standards.
  • Federal testing standards have not been updated since 2005, when few machines were digital.
  • Many voting systems connect to the Internet or have open USB ports.
  • Some newer voting machines have failed to record voter choices correctly and have features that actually defeat accuracy tests.

A Quick Look at Modern Voting Systems

There are — in the typical case — four classes of election machines. The chain usually begins with the device where each election's new ballot is designed, usually as a set of instructions to the legions of voting machines, which print out each voter's ballot.  

The ballot is then placed in a scanner, which reads the bar code/Qcode on each ballot and sends the results upstream. After voters make their choices, the ballots are printed and then scanned. Finally, the scanners send their results to a tabulator of results. The tabulator is usually situated outside the polling place at a central location

Critical Security Needs
A few years ago, there was much excitement about ditching paper ballots in favor of new, digital-only voting machines. The deficiencies of paperless voting became evident, and in 2019 Congress passed the SAFE act, which mandates the use of paper as a backup. Many counties and states have recently purchased new voting machines, and some of these products have security gaps.

In evaluating election technology, officials need to consider these critical security needs:

Every ballot on paper. Digital-only election systems make it hard to detect when counted votes don't match what the voters selected.

Paper ballots must match digital results. Many voters do not scrutinize their paper ballot to be certain all their choices show up correctly. Some voting machines print the paper ballot too faintly to verify easily. Incorrect ballots (whether intentional or accidental) could go unnoticed if the distortion of results is subtle. If the paper ballot appears correct but the scannable code does not match, a hand recount of all ballots would reveal the hack.

Stop unauthorized device modification. Many election committees use tamper-proof seals to protect hardware in storage. That's not foolproof, according to Professor Steve Bellovin of Columbia University, who told us, "Even the seals used on nuclear devices can be non-destructively removed and replaced."

Check every election device. We asked J. Alex Halderman, a noted election cybersecurity expert, if election machines are checked when they are brought out of mothballs. He answered, "To my knowledge, no state has done rigorous forensics on their voting machines to see if they have been compromised."

What About Judge Kassis and his 164 votes?
In that 2019 Pennsylvania election with preposterous results, 30% of the touchscreens were
deemed "misconfigured," but there's no explanation of how an eventual winner was credited with just one-third of 1% of the votes cast in over 100 precincts. Possible causes include defective ballot design, scanning bugs, and/or final tabulation. The county's election board issued a no-confidence vote in the machines, but time is too short to replace them. The same machines will be used in other cities and key swing districts that will affect the outcome of the 2020 presidential election.

Ives Brant, former editor in chief of Tornado Insider and Oracle Integrator magazines, and head of marketing at TrustiPhi, also contributed to this article.

Part 2 in this series: 5 Measures to Harden Election Technology

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "C-Level & Studying for the CISSP."

 

Ari Singer, CTO at TrustiPhi and long-time security architect with over 20 years in the trusted computing space, is former chair of the IEEE P1363 working group and acted as security editor/author of IEEE 802.15.3, IEEE 802.15.4, and EESS #1. He chaired the Trusted Computing ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.