Their Title 1: These are 5 big vulnerabilities that could be exploited in our 2020 elections
Their Title 2:
Originally posted by URL1
by Steven Rosenfeld
August 15, 2019
The Las Vegas strip may be the foremost place in America to escape from everyday life. But this past weekend’s Def Con 27 conference—for hackers, programmers, technologists, security experts, and anyone else on the frontlines of cyberspace—was a sobering reckoning with America’s fraught voting systems.
In virtually every corner—in presentations, a “Voting Village” where college students took apart and reprogrammed currently used voting machines, hallway discussions with top government officials and cybersecurity experts—what emerged was a stark, layered sense that the efforts to make America’s election results more trustworthy for 2020 were, at best, barely playing offense against a spectrum of vulnerabilities and threats.
Focusing on the current state of voting systems at Def Con is like visiting a futuristic museum and finding oneself in a gallery of mechanical dinosaurs. When one hears about the latest trends in using and abusing data that flow online or over cell phone signal paths, one realizes that the best efforts to prevent disrupting the 2020 voting process or corrupting its reported results are akin to a cat-and-mouse game, where the best that defenders are doing is putting up spyware and walls to protect porous ancient systems.
Here are five takeaways that illustrate the landscape surrounding voting systems as 2020’s elections approach.
What does this mean? The bottom line with today’s digital devices and data landscape, whether or not the tools in one’s hands are new or built from old parts—as many voting systems are—is that there is nothing that can fully safeguard against bad actors targeting any electronic machine. The best that can be done is redesigning the voting around hand-marked paper ballots, and then creating the processes that can independently double-check results.
When top state election and Department of Homeland Security officials were asked if hackers—whether domestic or foreign—could get around these detection systems, they replied possibly. That’s because the internet and cell phone-based data systems have evolved to the point where basically everything—text, voice, even encrypted data—can be tracked, captured and manipulated without the person staring at the screen even knowing that is going on. Thus, digital defenses have become like a game of cat and mouse in cyberspace. This technological landscape has big implications for political disinformation, not just voting systems where many local officials report their election night results by cellular modems—so the media has fast results to report.
At Def Con, there was a remedy that was pushed by some of the computer scientists and election advocates who don’t trust any use of electronics in vote counts. That process, called a risk-limiting audit (RLA), which some states have begun to require, uses drawings of random ballots to estimate whether the vote counting is likely to be 95 percent accurate. In close elections, the sample size blows up and becomes a full manual hand recount. RLAs have many pluses, but one big downside is they won’t lead to quickly resolving close disputed results—and will conflict with pre-existing legal recount laws (which are already deficient). The bottom line is they will not expeditiously help resolve who won, should they be in the middle of 2020’s post-Election Day battles.
Moreover, the best new voting systems that are being designed now to get around these vulnerabilities are years away, at best, from being piloted, let alone deployed on a larger scale. That means, yet again, American elections are not well-positioned heading into 2020. That assessment has nothing to do with the dedicated efforts by many people and government agencies to harden computers and protect the vote. It’s just that the basic technical architecture of legacy and new voting remains porous, especially as the nation’s leading vendors are pushing computer-marked paper ballots (as opposed to hand-marked paper).
Just as the Department of Homeland Security will be helping states and counties to scan for any live attacks on their election computer systems, the most sophisticated political campaigners will be using much the same scanning tools to send countermeasure content to anyone who is targeted by dubious political ads and posts. Voters, who may not realize that they have been targeted from behind the screens of their devices, will end up in a partisan crossfire. Many voters will be left not knowing what’s true—a dynamic that will likely further erode public trust of election outcomes if the biggest 2020 races are not dominated by landslide turnout and wins.
What was missing from many of the voting-centered discussions at Def Con’s forums were assessments of the relative strengths and weaknesses of the varying analog and digital technologies used in different stages of the voting process, and how to combine their virtues. Instead, there’s narrower thinking in different silos:
Steven Rosenfeld is the editor and chief correspondent of Voting Booth, a project of the Independent Media Institute. He has reported for National Public Radio, Marketplace, and Christian Science Monitor Radio, as well as a wide range of progressive publications including Salon, AlterNet, the American Prospect, and many others.
This article was produced by Voting Booth, a project of the Independent Media Institute.
August 15, 2019
The Las Vegas strip may be the foremost place in America to escape from everyday life. But this past weekend’s Def Con 27 conference—for hackers, programmers, technologists, security experts, and anyone else on the frontlines of cyberspace—was a sobering reckoning with America’s fraught voting systems.
In virtually every corner—in presentations, a “Voting Village” where college students took apart and reprogrammed currently used voting machines, hallway discussions with top government officials and cybersecurity experts—what emerged was a stark, layered sense that the efforts to make America’s election results more trustworthy for 2020 were, at best, barely playing offense against a spectrum of vulnerabilities and threats.
Focusing on the current state of voting systems at Def Con is like visiting a futuristic museum and finding oneself in a gallery of mechanical dinosaurs. When one hears about the latest trends in using and abusing data that flow online or over cell phone signal paths, one realizes that the best efforts to prevent disrupting the 2020 voting process or corrupting its reported results are akin to a cat-and-mouse game, where the best that defenders are doing is putting up spyware and walls to protect porous ancient systems.
Here are five takeaways that illustrate the landscape surrounding voting systems as 2020’s elections approach.
- Voting machine hardware and software are vulnerable.
What does this mean? The bottom line with today’s digital devices and data landscape, whether or not the tools in one’s hands are new or built from old parts—as many voting systems are—is that there is nothing that can fully safeguard against bad actors targeting any electronic machine. The best that can be done is redesigning the voting around hand-marked paper ballots, and then creating the processes that can independently double-check results.
- The 2020 offense for 2020 is a porous defense.
When top state election and Department of Homeland Security officials were asked if hackers—whether domestic or foreign—could get around these detection systems, they replied possibly. That’s because the internet and cell phone-based data systems have evolved to the point where basically everything—text, voice, even encrypted data—can be tracked, captured and manipulated without the person staring at the screen even knowing that is going on. Thus, digital defenses have become like a game of cat and mouse in cyberspace. This technological landscape has big implications for political disinformation, not just voting systems where many local officials report their election night results by cellular modems—so the media has fast results to report.
- Finish-line protections are not well-positioned.
At Def Con, there was a remedy that was pushed by some of the computer scientists and election advocates who don’t trust any use of electronics in vote counts. That process, called a risk-limiting audit (RLA), which some states have begun to require, uses drawings of random ballots to estimate whether the vote counting is likely to be 95 percent accurate. In close elections, the sample size blows up and becomes a full manual hand recount. RLAs have many pluses, but one big downside is they won’t lead to quickly resolving close disputed results—and will conflict with pre-existing legal recount laws (which are already deficient). The bottom line is they will not expeditiously help resolve who won, should they be in the middle of 2020’s post-Election Day battles.
- The newest voting systems aren’t that much better.
Moreover, the best new voting systems that are being designed now to get around these vulnerabilities are years away, at best, from being piloted, let alone deployed on a larger scale. That means, yet again, American elections are not well-positioned heading into 2020. That assessment has nothing to do with the dedicated efforts by many people and government agencies to harden computers and protect the vote. It’s just that the basic technical architecture of legacy and new voting remains porous, especially as the nation’s leading vendors are pushing computer-marked paper ballots (as opposed to hand-marked paper).
- Voting will be targeted amid 2020’s disinformation wars.
Just as the Department of Homeland Security will be helping states and counties to scan for any live attacks on their election computer systems, the most sophisticated political campaigners will be using much the same scanning tools to send countermeasure content to anyone who is targeted by dubious political ads and posts. Voters, who may not realize that they have been targeted from behind the screens of their devices, will end up in a partisan crossfire. Many voters will be left not knowing what’s true—a dynamic that will likely further erode public trust of election outcomes if the biggest 2020 races are not dominated by landslide turnout and wins.
What was missing from many of the voting-centered discussions at Def Con’s forums were assessments of the relative strengths and weaknesses of the varying analog and digital technologies used in different stages of the voting process, and how to combine their virtues. Instead, there’s narrower thinking in different silos:
- The electronics cannot be trusted;
- The most aggressive new defenses are far from perfect;
- The finish-line voter verification tools will likely falter under existing state recount law;
- Even if Congress appropriates millions for new machinery, the vendors and many local election officials are pushing systems to make their lives easier—not the process more secure;
- And today’s data and disinformation landscape is poised to prey on the public, undermining the political process writ large.
Steven Rosenfeld is the editor and chief correspondent of Voting Booth, a project of the Independent Media Institute. He has reported for National Public Radio, Marketplace, and Christian Science Monitor Radio, as well as a wide range of progressive publications including Salon, AlterNet, the American Prospect, and many others.
This article was produced by Voting Booth, a project of the Independent Media Institute.