Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Ari Singer
Ari Singer
Connect Directly
E-Mail vvv

How Can We Make Election Technology Secure?

In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.

November 5, 2019: In Northampton County, Pennsylvania, a candidate for judge, Abe Kassis, came up with just 164 votes out of 55,000 cast — a statistical absurdity. After hand scanning the ballots from the county's new ESS ExpressVoteXL machines, Kassis emerged as winner. This was no case of "disinformation warfare" — so what happened?

February 3, 2020: In Iowa, a smartphone app for reporting caucus results debuted. It did not go well.

Our elections have been menaced by social media deception, voter registration scandals, conspiracy theories, and polarization of the electorate. While these issues must be confronted, we can't ignore the growing threat posed by security gaps in the election equipment that records, counts, and transmits votes.

Even if we could solve the complex social engineering problems, we should all ask, "How secure are the physical machines being used in the 2020 American elections?" 

Vulnerability of Election Technology
Let's start with some common problems presented by modern-day election machines.

  • Single point of failure. A compromise or malfunction of election technology could decide a presidential election.
  • Between elections. Election devices might be compromised while they are stored between elections.
  • Corrupt updates. Any pathway for installing new software in voting machines before each election, including USB ports, may allow corrupt updates to render the system untrustworthy.
  • Weak system design. Without clear guidelines and thorough, expert evaluation, the election system is likely susceptible to many expected and unexpected attacks.
  • Misplaced trust. Technology is not a magic bullet. Even voting equipment from leading brands has delivered wildly wrong results in real elections. Election administrators need to safeguard the election without relying too heavily on third parties or technologies they don't control.

It takes a lot of work to lock down a complex voting system to the point where you'd bet the children's college fund — or the future of society — on its safety. Has that work been done? Not entirely, as shown by these not-so-fun facts about election devices in the US.

  • Many voting machines are 10 to 20 years old.
  • Voting machine manufacturers are not subject to any federally mandated security standards.
  • Federal testing standards have not been updated since 2005, when few machines were digital.
  • Many voting systems connect to the Internet or have open USB ports.
  • Some newer voting machines have failed to record voter choices correctly and have features that actually defeat accuracy tests.

A Quick Look at Modern Voting Systems

Simplified view of the chain of voting devices.  
Graphic by Ives Brant, TrustiPhi
Simplified view of the chain of voting devices.
Graphic by Ives Brant, TrustiPhi

There are — in the typical case — four classes of election machines. The chain usually begins with the device where each election's new ballot is designed, usually as a set of instructions to the legions of voting machines, which print out each voter's ballot.  

The ballot is then placed in a scanner, which reads the bar code/Qcode on each ballot and sends the results upstream. After voters make their choices, the ballots are printed and then scanned. Finally, the scanners send their results to a tabulator of results. The tabulator is usually situated outside the polling place at a central location

Critical Security Needs
A few years ago, there was much excitement about ditching paper ballots in favor of new, digital-only voting machines. The deficiencies of paperless voting became evident, and in 2019 Congress passed the SAFE act, which mandates the use of paper as a backup. Many counties and states have recently purchased new voting machines, and some of these products have security gaps.

In evaluating election technology, officials need to consider these critical security needs:

Every ballot on paper. Digital-only election systems make it hard to detect when counted votes don't match what the voters selected.

Paper ballots must match digital results. Many voters do not scrutinize their paper ballot to be certain all their choices show up correctly. Some voting machines print the paper ballot too faintly to verify easily. Incorrect ballots (whether intentional or accidental) could go unnoticed if the distortion of results is subtle. If the paper ballot appears correct but the scannable code does not match, a hand recount of all ballots would reveal the hack.

Stop unauthorized device modification. Many election committees use tamper-proof seals to protect hardware in storage. That's not foolproof, according to Professor Steve Bellovin of Columbia University, who told us, "Even the seals used on nuclear devices can be non-destructively removed and replaced."

Check every election device. We asked J. Alex Halderman, a noted election cybersecurity expert, if election machines are checked when they are brought out of mothballs. He answered, "To my knowledge, no state has done rigorous forensics on their voting machines to see if they have been compromised."

What About Judge Kassis and his 164 votes?
In that 2019 Pennsylvania election with preposterous results, 30% of the touchscreens were deemed "misconfigured," but there's no explanation of how an eventual winner was credited with just one-third of 1% of the votes cast in over 100 precincts. Possible causes include defective ballot design, scanning bugs, and/or final tabulation. The county's election board issued a no-confidence vote in the machines, but time is too short to replace them. The same machines will be used in other cities and key swing districts that will affect the outcome of the 2020 presidential election.

Ives Brant, former editor in chief of Tornado Insider and Oracle Integrator magazines, and head of marketing at TrustiPhi, also contributed to this article.

Part 2 in this series: 5 Measures to Harden Election Technology

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "C-Level & Studying for the CISSP."


Ari Singer, CTO at TrustiPhi and long-time security architect with over 20 years in the trusted computing space, is former chair of the IEEE P1363 working group and acted as security editor/author of IEEE 802.15.3, IEEE 802.15.4, and EESS #1. He chaired the Trusted Computing ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
PUBLISHED: 2021-05-13
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
PUBLISHED: 2021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
PUBLISHED: 2021-05-13
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
PUBLISHED: 2021-05-13
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.