Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/6/2020
10:00 AM
Ari Singer
Ari Singer
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How Can We Make Election Technology Secure?

In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.

November 5, 2019: In Northampton County, Pennsylvania, a candidate for judge, Abe Kassis, came up with just 164 votes out of 55,000 cast — a statistical absurdity. After hand scanning the ballots from the county's new ESS ExpressVoteXL machines, Kassis emerged as winner. This was no case of "disinformation warfare" — so what happened?

February 3, 2020: In Iowa, a smartphone app for reporting caucus results debuted. It did not go well.

Our elections have been menaced by social media deception, voter registration scandals, conspiracy theories, and polarization of the electorate. While these issues must be confronted, we can't ignore the growing threat posed by security gaps in the election equipment that records, counts, and transmits votes.

Even if we could solve the complex social engineering problems, we should all ask, "How secure are the physical machines being used in the 2020 American elections?" 

Vulnerability of Election Technology
Let's start with some common problems presented by modern-day election machines.

  • Single point of failure. A compromise or malfunction of election technology could decide a presidential election.
  • Between elections. Election devices might be compromised while they are stored between elections.
  • Corrupt updates. Any pathway for installing new software in voting machines before each election, including USB ports, may allow corrupt updates to render the system untrustworthy.
  • Weak system design. Without clear guidelines and thorough, expert evaluation, the election system is likely susceptible to many expected and unexpected attacks.
  • Misplaced trust. Technology is not a magic bullet. Even voting equipment from leading brands has delivered wildly wrong results in real elections. Election administrators need to safeguard the election without relying too heavily on third parties or technologies they don't control.

It takes a lot of work to lock down a complex voting system to the point where you'd bet the children's college fund — or the future of society — on its safety. Has that work been done? Not entirely, as shown by these not-so-fun facts about election devices in the US.

  • Many voting machines are 10 to 20 years old.
  • Voting machine manufacturers are not subject to any federally mandated security standards.
  • Federal testing standards have not been updated since 2005, when few machines were digital.
  • Many voting systems connect to the Internet or have open USB ports.
  • Some newer voting machines have failed to record voter choices correctly and have features that actually defeat accuracy tests.

A Quick Look at Modern Voting Systems

Simplified view of the chain of voting devices.  
Graphic by Ives Brant, TrustiPhi
Simplified view of the chain of voting devices.
Graphic by Ives Brant, TrustiPhi

There are — in the typical case — four classes of election machines. The chain usually begins with the device where each election's new ballot is designed, usually as a set of instructions to the legions of voting machines, which print out each voter's ballot.  

The ballot is then placed in a scanner, which reads the bar code/Qcode on each ballot and sends the results upstream. After voters make their choices, the ballots are printed and then scanned. Finally, the scanners send their results to a tabulator of results. The tabulator is usually situated outside the polling place at a central location

Critical Security Needs
A few years ago, there was much excitement about ditching paper ballots in favor of new, digital-only voting machines. The deficiencies of paperless voting became evident, and in 2019 Congress passed the SAFE act, which mandates the use of paper as a backup. Many counties and states have recently purchased new voting machines, and some of these products have security gaps.

In evaluating election technology, officials need to consider these critical security needs:

Every ballot on paper. Digital-only election systems make it hard to detect when counted votes don't match what the voters selected.

Paper ballots must match digital results. Many voters do not scrutinize their paper ballot to be certain all their choices show up correctly. Some voting machines print the paper ballot too faintly to verify easily. Incorrect ballots (whether intentional or accidental) could go unnoticed if the distortion of results is subtle. If the paper ballot appears correct but the scannable code does not match, a hand recount of all ballots would reveal the hack.

Stop unauthorized device modification. Many election committees use tamper-proof seals to protect hardware in storage. That's not foolproof, according to Professor Steve Bellovin of Columbia University, who told us, "Even the seals used on nuclear devices can be non-destructively removed and replaced."

Check every election device. We asked J. Alex Halderman, a noted election cybersecurity expert, if election machines are checked when they are brought out of mothballs. He answered, "To my knowledge, no state has done rigorous forensics on their voting machines to see if they have been compromised."

What About Judge Kassis and his 164 votes?
In that 2019 Pennsylvania election with preposterous results, 30% of the touchscreens were deemed "misconfigured," but there's no explanation of how an eventual winner was credited with just one-third of 1% of the votes cast in over 100 precincts. Possible causes include defective ballot design, scanning bugs, and/or final tabulation. The county's election board issued a no-confidence vote in the machines, but time is too short to replace them. The same machines will be used in other cities and key swing districts that will affect the outcome of the 2020 presidential election.

Ives Brant, former editor in chief of Tornado Insider and Oracle Integrator magazines, and head of marketing at TrustiPhi, also contributed to this article.

Part 2 in this series: 5 Measures to Harden Election Technology

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "C-Level & Studying for the CISSP."

 

Ari Singer, CTO at TrustiPhi and long-time security architect with over 20 years in the trusted computing space, is former chair of the IEEE P1363 working group and acted as security editor/author of IEEE 802.15.3, IEEE 802.15.4, and EESS #1. He chaired the Trusted Computing ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2228
PUBLISHED: 2020-02-19
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
CVE-2014-2727
PUBLISHED: 2020-02-19
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
CVE-2015-2104
PUBLISHED: 2020-02-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2014-3622
PUBLISHED: 2020-02-19
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
CVE-2016-10000
PUBLISHED: 2020-02-19
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).