“Absolutely terrifying prospect”: How the midterms could weaken US election security

It’s “an absolutely terrifying prospect,” said J. Alex Halderman, a computer security expert and professor at the University of Michigan who did it deficiencies that have been identified time and time again in voting systems but also has debunked Trump’s claims over 2020 amounted.

For years, physical security devices like padlocks and cameras have prevented intruders from exploiting the digital vulnerabilities that security professionals routinely find in voting gear. But this year’s election could sweep away those safeguards in key battleground states, another example of the fallout from Trump’s baseless allegations of vote-rigging.

Larry Norden, senior director of the electoral and government program at New York University’s Brennan Center for Justice, said ongoing efforts to “prompt individuals in office to allow untrustworthy parties unauthorized access to voting equipment” are jeopardizing elections .

Among the Republican candidates espousing Trump’s election conspiracy theories is Pennsylvania’s gubernatorial candidate Doug Mastriano – who would appoint the Secretary of State and said he could order his choice “to decertify every machine in the state with the stroke of a pen” – and Kristina KaramoMark Finchem, Jim Marchant and Diego Morales, running for Secretary of State in Michigan, Arizona, Nevada and Indiana respectively.

POLITICO asked all of these candidates for interviews. A Karamo spokesman initially suggested that an interview might be possible, but did not arrange one. Efforts to reach out to Morales’ campaign were unsuccessful. Representatives for the other candidates did not respond to emails.

Authorities in several states, including Pennsylvania, Arizona and Michigan, have scramble to replace voting equipment after pro-Trump officials threatened their safety. In Colorado, a grand jury this year indicted a county clerk of conspiring to breach the security of her office’s voting systems. (Clerk Tina Peters later lost the GOP primary for Colorado Secretary of State.)

Polling bureaus routinely conduct official audits, examining paper records and electronic data to ensure vote counts are accurate, and these bureaus occasionally provide information to trusted outsiders access to their voting machines to conduct safety assessments. But the new right-wing “audits” — in which GOP-affiliated activists and advisers analyze voting machine code, ostensibly to look for evidence of voter fraud — fall far short of the rigor and rigor of this type of investigation. And they have already leaked confidential information about how voting machines are constructed and how polling agencies configure and use them.

Cybersecurity experts say voting system hacks can take many forms. Malware planted on voting machines can cause them to flip votes or simply freeze during an election. Malicious code could also damage the election management systems that are used to program the machines before each competition.

And violations in just a few states can jeopardize safety across the country because some models are so widespread: Just six voting machine models are used in more than 300 counties each, according to an analysis by POLITICO Data from nonprofit voting integrity group Verified Voting. Six models of scanners that count votes from paper ballots are equally popular.

So-called audits have already introduced compromised machines Maricopa County, Ariz.; Mesa County and Elbert County, Colorado.; Coffee County, Georgia.; several counties and parishes in Michigan; and Fulton County, Pa.

In some of these jurisdictions Lawyers close to Trump like Sidney Powell have adopted the code that powers voting machines and shared it with conspiracy theorists and right-wing extremistsreported the Washington Post.

Limiting physical access to voting equipment has historically been an important method of protecting voting machines and the computers used to program them, most of which are not connected to the Internet.

These voting machines contain their share of digital vulnerabilities, as Halderman and other researchers have documented in repeated studies. But voting technology vendors have consistently argued that their machines are secure because they are difficult to access and difficult to analyze.

A leading vendor, Election Systems & Software, says on his website that its machines are protected by “locks, restricted access, tamper evident seals, chain of custody protocols and voting machines locked to ensure limited access”. In a statement, ES&S spokeswoman Katina Granger said physical security “is vital to ensure critical infrastructure is not unknowingly accessed and tampered with.”

Security professionals have long been frustrated by the industry’s “hard to access, hard to hack” argument that vendors use to prevent legitimate researchers from freely testing their systems. But now conspiracy theorists are gaining access to these devices and copying, sharing and Reveal data about how they workwhich could make it easier for hackers to find and exploit vulnerabilities.

The risks have created logistical nightmares for election officials.

In July 2021, the Pennsylvania Secretary of State ordered Fulton County to do so replace their machines after local officials, under pressure from Mastriano, allowed right-wing activists access to them. Maricopa County, Arizona, nearly $3 million spent to replace its machines after its high-profile, state-mandated “audit.” Other Costly Violations have occurred in Michigan, where taxpayers in several municipalities and counties have had to pay for new ballot scanners after authorities investigating violations confiscated the original equipment.

These scattered local infractions could multiply significantly if election deniers win nationwide races in November.

In Michigan, Arizona and Pennsylvania, GOP candidates are running to replace Democrats who have opened investigations into voting machine violations and, in some cases, ordered them replaced.

Poll officials would likely try to mitigate the damage with a fringe check, but few are technically savvy enough to spot sabotage, security experts said. “It would probably take very little tact to make it appear like you’re just copying data, but actually manipulating the system,” Halderman said.

Allowing access to unchecked outsiders could also unwittingly allow for more sophisticated sabotage. Foreign spies could plant agents in the groups who gain access to voting machines to steal information or tamper with their machines, said Will Adler, a senior voting technologist at the Center for Democracy and Technology, a nonprofit digital politics research group.

Whether it’s domestic tampering or foreign intruders, security professionals worry about how little they know about the damage that security breaches have already done.

“We just don’t know to what extent devices may have been accessed or which jurisdictions were affected,” Halderman said. “Maybe we’ll never know.”

Halderman and other experts are pushing for new technologies and processes that would eliminate the need to simply trust polling officials and voting machines. so called risk-limiting tests, already in use in some states, use statistical methods to ensure vote counts are accurate. Experts are also calling for the adoption of open-source devices that anyone could debug to help citizen-friendly researchers stay ahead of malicious actors who may already be collecting this information illegally.

“Today’s elections are all about trust in the officials running them,” Halderman said. “But they don’t have to be like that.”

Comments are closed.