How vulnerable are US voting machines to foreign hackers?

Aug 10, 2016

How vulnerable are US voting machines to foreign hackers?

The recent hack of Democratic National Committee computers, attributed by authorities to Russia, has many Americans worried about foreign influence swaying the upcoming presidential election.

The DNC breach provides an excellent example of political doxing. This co-opted 1990s hacker revenge technique employs extra-legal methods to acquire and publish an individual's personal information on the internet, computer security expert Bruce Schneier explained in an article for Motherboard. What's more, according to Schneier​, political doxing is trending among cybercriminals.

Following the initial theft of DNC emails and opposition research on Republican Presidential Nominee Donald J. Trump, anti-secrecy website WikiLeaks issued approximately 20,000 internal DNC emails, Rebecca Hersher reported for NPR.

The emails, along with subsequently released stolen voicemails, indicated that high-level DNC staff actively favored Hillary Clinton during the primary election, Tom LoBianco and David Wright reported for CNN. In the wake of this leak, DNC Chairwoman Debbie Wasserman Schultz offered her resignation, an embarrassment on the eve of the Democratic National Convention where Clinton accepted the party's presidential nomination.

Fears that the Russian government may use cybercrime to ensure a Trump presidency are swirling after Trump's suggestion that Russian intelligence should similarly acquire missing emails from Clinton's tenure as Secretary of State, LoBianco and Wright reported. Trump later claimed the comment was sarcastic, and Russian authorities deny any involvement in the DNC hack. However, many still raise the question of whether Russia might look to cyberattacks to influence the 2016 U.S. presidential election.

Electronic voting technology

Political doxing represents an eye-catching weak point in the American electoral system, but a quieter risk to ballot security lies in the age of voting machines. While electronic voting technology is hardly a new concept - the 2002 Help America Vote Act mandated that each county make a minimum of two electronic ballot boxes available to residents - most people might expect to find the most up-to-date technology when they head to the polls.

However, the reality disappoints. A 2015 report by the Brennan Center for Justice warned that modern voting machines differ from their predecessors in that they are not intended to function for decades. According to the report, equipment purchased after 2000 is expected to last between 10 and 20 years. Most electronic ballot boxes that debuted at the turn of the century were designed in the 1990s, creating several problems: Chiefly, the report asserted, as of 2016 43 states are using machines 10 or more years old, and 14 states are using machines at least 15 years old.

Not only is the technology more than a decade behind current innovations, but because of the equipment's age, finding replacements for damaged or worn-out parts can be difficult, the Brennan Center report noted. As the technology nears the end of its life expectancy, voting machines are at increasing risk of crashing.

Such errors can affect elections, Richard Forno reported in a recent Government Technology article. Forno noted that in 2004 North Carolina voting machines deleted 4,438 votes, for which there was no backup record. In the end, fewer than 2,000 votes determined the results of that same election, Cory Bennett noted in a 2014 article for The Hill.

Yet another trouble that surrounds electronic ballot boxes is the lack of funding for states to purchase updated technology. As the functionality of electronic voting machines begins to deteriorate across the country, the Brennan Center reported, 22 out of 31 states seeking to purchase new equipment in the next five years reported lacking the necessary funds. The national cost of replacing all outdated voting machines may be upward of $1 billion, the Brennan Center calculated.

What else could go wrong?

Beyond voting machine age and political doxing, U.S. elections face other technology issues. In an opinion article in The Washington Post, Schneier argued that directly influencing electronic ballots is not the only way foreign governments might tamper with a U.S. election. Schneier expressed concerns about electronic voter records, stating that foreign cybercriminals could access and delete such information.

In a May 2016 article on election fraud, The Hill's Cory Bennett also cited the security of voter data as an important issue to address. Quoting the CEO of secure digital election system advocate group Free & Fair, Joseph Kiniry, Bennett made the case that by deleting select voter registration data, hackers have the power to easily wreak havoc on elections and noted that stolen voter information is somewhat valuable in of itself, with packages of 5 to 10 million records selling for $1,350 to $2,250 on the dark web, providing a further motive to potential cyber criminals.

What's more, Bennett asserted, security guidelines are not consistent between states, and some categorize voter information as "public record." This classification means that states are not mandated to meet the federal security standards placed upon "personally identifiable information" for voter data, which is not viewed as such.

In his Government Technology article, Forno explained that electronic ballot boxes face security risks due to the voting process itself. In order to successfully serve each precinct, voting machines are spread out across their county's municipal gird. Furthermore, votes must be transferred to a higher voting office to be tallied, creating vulnerable junctures that hackers could attack, Forno noted.

In order to ensure accurate election results, Forno concluded, the hardware and the network connection linking electoral machines must be secure. In addition, the electronic ballot boxes' software and the states' local tabulating software must be able to resist cyberattacks.

What is the alternative?

Some states have opted to return to traditional paper ballots, citing security concerns. In fact, Bennett asserted, more than half the states have begun to revert to paper ballots.

A more high-tech alternative to cybercrime risks is to invest in securing and updating electronic voting machines. While Forno made it clear that he does not believe that any given piece of electoral equipment is likely to be sabotaged by a foreign government, he maintained the importance of securing voting machines to ensure the legitimacy and accuracy of U.S. elections.

The best solution seems to come when paper and digital meet in the middle. Other states can take their cue from Ohio, which passed legislation requiring all precincts to use only voting machines that generate a voter-verified paper trail, according to Bennett.

In addition, allocating funds to meet the impending costs of upgrading electrical equipment, as estimated by the Brennan Center, is also a necessary step for states to take, should they wish to maintain electronic voting machines.

In the face of election security concerns, state governments are wise to update their voting machines.

 



Tags:
Category: Cybersecurity

Add Pingback

Please add a comment

You must be logged in to leave a reply. Login »

Category List


Tag List

REXX (2)
WebSphere (1)
Multi-Mode (4)
customs and trade (1)
Document Management and Delivery (163)
Product Compliance (1)
appliance servers (2)
Copper (11)
Power Switch (8)
Automated Data Compression (5)
Application Deployment (3)
z/VSE (132)
Content Management (32)
NVMe (1)
Storage Management (8)
Expansion Card (3)
Voice (5)
servers (1)
Speed Leveling (5)
Print Management (136)
solutions development (1)
Diagnostic (3)
ProGen Plus Interface (3)
Smartphone (9)
GCS (7)
JES Administration (10)
VROC (1)
video data storage (2)
Video Surveillance (2)
ntel Xeon Scalable Processor Family (1)
QuickAssist (1)
Tablet (9)
Fault Analysis and Testing (62)
Hybrid (8)
CICS Applications (11)
Loop Detection (3)
External (20)
Cellular (11)
Telephony (10)
Low Profile PCI (10)
Dell Platforms (1)
IBM i (91)
Softmodem (5)
Security (12)
Card Reader (3)
Disk Management (8)
Aggregation (11)
SSD (1)
Issue Tracking (4)
gold (1)
ISC West (1)
Linux (30)
VTAM (33)
eReader (4)
Asset Management (2)
GSM (8)
CA 2E (4)
Gigabit (14)
DellTechWorld (1)
Administration (1)
Data Management (67)
Library Management (10)
deep technology (1)
IoT (8)
VSAM (27)
Web Access (7)
Automated Messaging (8)
AI (1)
ATCA (1)
TSO (3)
OEM (6)
purpose built hardware (1)
Intel Xeon Scalable Processor Family (2)
Compression (4)
Wireless Mesh (4)
Network Attached Storage (6)
Document Processing (124)
Technology Transitions (3)
Automated Job Scheduling (6)
Performance Management (81)
Intel® Atom® C3000 (2)
Windows (63)
storage and networking (1)
Cable (18)
Code Path Analysis (11)
electronic recycling (1)
Analysis (8)
Line Probing (15)
Web-Enablement (11)
PIE/TSO Suite (15)
PCIe (10)
Atom C3000 (1)
Modemulator (6)
Database (24)
Code Editor (10)
silver (1)
SDHC (3)
Business Intelligence (15)
Regeneration (2)
Centralized Control (1)
SDXC (3)
appliance (1)
30 Pin (5)
electronic waste (1)
architecture (2)
software (1)
PowerEdge (1)
3270 Terminals (7)
Intel Xeon Scalable Processors (6)
Deployment Partner (2)
Forward Stocking Locations (1)
Independent Software Vendors (1)
V.Everything (5)
Application Lifecycle (2)
Embedded (5)
J2EE (2)
Stand (9)
ISO Standards (1)
Tape Management (8)
File Delivery (1)
Accounting (6)
PIE/CICS Suite (13)
Singlemode (3)
Performance Analysis (5)
Debugging (30)
File Management (20)
56K (45)
Cloud Computing (2)
Console Management (19)
HSPA+ (5)
Skylake Purley (1)
Session Management (36)
System Performance Monitoring (5)
Help Desk (2)
Cyber Security (2)
Remote Access (8)
Compact Flash (3)
VSE (7)
V.Everywhere (5)
Columbus Suite (139)
e-recycling (1)
Problem and Incident Management (2)
IMS (10)
Extension (4)
System Integration (3)
Cost Accounting Standards (1)
FPGA (1)
Cloud Storage (2)
purpose-built hardware (1)
UNIX/Linux (18)
server architecture (1)
CICS Print (1)
Controller (25)
Dell EMC (4)
Automated (2)
z/VM (16)
edge servers (1)
bronze (1)
Solaris (3)
Optane (1)
Internal (25)
RSA Conference (5)
Message Console Management (8)
Half Duplex (9)
Lewisburg (1)
Java, PC, and Web Version Control (3)
digital transformation (2)
Intel® (2)
Console Server (8)
Synon (4)
NAB (1)
LANSA (3)
Online Help (11)
VSAM Forward Data Recovery (5)
WCDMA (5)
Transitioning to Haswell (1)
Consolidation (2)
Application Lifecycle Management (38)
Line Sharing (10)
iDRAC with Quick Sync 2 mobile-based management (1)
Dell (1)
e-waste (1)
Advance Replacement Support Program (1)
Dell 14G (1)
Network (1)
RSA 2018 (1)
Data Backup (12)
Sandy Bridge (4)
product lifecycle support (1)
PCI (20)
Batch Schedule (6)
Dell OEM (1)
Autonomous Driving (1)
Performance Monitoring (5)
Data File Management (4)
DIP switches (5)
Ethernet (11)
USB (51)
certifications (1)
IoT Challenges (1)
recycle electronics (1)
Firewall (4)
VMware vSAN cluster1 (1)
Help Management (4)
Dell EMC OEM PowerEdge 14th Generation Servers (1)
Datacenter, NetApp, DCOI, Compliance, data center optimization (1)
Systems Management (16)
microarchitecture (1)
Automated Operations (64)
computing (2)
UNICOM Engineering Products (1)
Serial (36)
AIX (6)
File Processing (8)
ExpressCard (5)
Terminal Emulation (10)
Global Expansion Partners (1)
Advance Replacement Services (1)
TAP (18)
Backup (4)
trade rules and regulations (2)
Knowledge base (2)
Macro-Level Interpreter (2)
Content Transformation (1)
Gateway (9)
Line Consolidation (4)
z/OS (305)
Dell EMC Titanium OEM (1)
Intel (3)
trade compliance (2)
Security Management (6)
Skylake (1)
SCM (27)
File Sharing (10)
Mac (5)
Internet of Things (6)
Intel Atom C3000 (4)
Portfolio Management (5)
Modem (48)
Data Center (1)
low-power (1)
PDQ (4)
NAS (6)
Edge computing (1)
Dashboard (4)
Production Printing (1)
Flash ROM (25)
Reporting (68)
Omni-Path (3)
Menu Management (11)
Purley (2)
Document Composition (13)
Carrier Loss Redial (5)
Global (15)
Capacity Planning (21)
Reliability (4)
Skylake (2)
Software Change Management (27)
V.22 (15)
Port Server (8)
Intel Atom (1)
communications (1)
QAT (1)
data storage (4)
RAID (1)
Enterprise Content Management (1)
Application Development (7)
Intel Xeon Scalable (3)
Lewisburg PCH (1)
Batch Processing (6)
virtualization (1)
Whitepaper (1)
Intel Xeon Scalable Based Platforms (1)
Statement of Conformance (1)
InSync Suite (34)
5G (4)
Transparent Supply Chain (2)
ECM (1)
Full Duplex (16)
TeamBLUE (5)
Artificial Intelligence (3)
PowerEdge 14G Servers (3)
Productivity (38)
memory (1)
Spool File Management (8)
CICS (85)
Virtual OEM (1)
5G Network (1)
Resource Management (7)
Output Management (141)
Modem Emulation (6)
Eclipse (30)
UNICOM Engineering (4)
Web-Based (1)
trade restrictions (1)
Optane memory (1)
Accessory (5)
platinum (1)
Java (10)
SD (3)
CDMA (5)
Hub (4)
database IOPS1 (1)
VM (7)
ALM (27)
Application Modernization (12)
Job Accounting (5)
GPS (8)
CARTS Suite (10)
Window Management (4)
4GL (5)
golf classic, humanitarian, charity, philanthropy, engineering, (2)
Fiber (7)
Dial-up (65)
Synchronization (1)
Fleet Management (1)
Helpdesk (2)
Micro (5)
USB 3.0 (30)
Advanced Job Scheduling (8)
EVDO (5)
Business (5)
Global Expansion (1)
Systems Monitoring (2)

Tag Cloud

InternalDatabaseAnalysisEclipseFPGAPurleySynchronizationdata storagee-recyclingSDHCTAPTechnology TransitionsAggregationSinglemodeWeb-BasedHelp DeskUSBPerformance AnalysisEnterprise Content ManagementSSDIoT Challengesz/OSStorage Managementpurpose built hardwareEdge computingDiagnosticIntel AtomAutomated Job SchedulingCyber SecurityDellTechWorld56KSecurityTSOCDMAWeb Accessappliance serversResource Managementserver architectureHelp ManagementATCACellularDebuggingExpressCardSpool File ManagementDatacenter, NetApp, DCOI, Compliance, data center optimizationAtom C3000solutions developmentLewisburgNetwork Attached StoragevirtualizationarchitectureCICS PrintHSPA+Wireless MeshMacro-Level InterpreterAdvance Replacement Support ProgramDocument ProcessingLibrary ManagementgoldProGen Plus InterfaceInSync SuitePort ServerAccessoryIntel Xeon Scalable Processor FamilySystem IntegrationData File ManagementProductivityMicroPrint ManagementCloud StorageIoTAsset ManagementFlash ROMPDQAutomatedvideo data storageDell EMC OEM PowerEdge 14th Generation ServersOnline HelpTeamBLUEUNICOM EngineeringModem EmulationUSB 3.0Tabletdeep technologyIssue TrackingPIE/TSO SuiteApplication Lifecycle ManagementGigabitDell PlatformsProduct ComplianceIntel Atom C3000Autonomous DrivingIntel Xeon Scalable Based PlatformsVMApplication DevelopmentApplication LifecycleEmbeddedPerformance ManagementbronzePortfolio ManagementV.EverythingStatement of ConformanceContent TransformationNVMeAIReliabilityPCIReportingcertificationsGlobal ExpansionGSMpurpose-built hardwareSystem Performance MonitoringWhitepaperProblem and Incident ManagementiDRAC with Quick Sync 2 mobile-based managementV.EverywhereRegenerationTerminal EmulationV.223270 TerminalsCost Accounting StandardsConsolidationJava, PC, and Web Version Controlrecycle electronicsRAIDCode EditorExternal4GLVMware vSAN cluster1Advance Replacement Services5G NetworkFile Deliverytrade restrictionsWCDMADell OEMSmartphoneInternet of ThingsSandy BridgeSystems MonitoringDisk ManagementDell 14GGlobal Expansion PartnersAutomated Data CompressionOptaneIntel Xeon Scalable ProcessorsLoop DetectionBusiness IntelligenceLine ProbingIndependent Software VendorsJ2EEFile ProcessingserversDell EMC Titanium OEMCloud Computingproduct lifecycle supportSoftware Change ManagementGlobalIMSOmni-PathData ManagementStandPowerEdge 14G ServersAdvanced Job SchedulingCompact FlashMulti-ModeSkylakeAutomated Operationscustoms and tradeAIXISC WestBatch SchedulePowerEdgePIE/CICS SuiteSoftmodemRSA 2018Javaelectronic recyclingVSAM Forward Data RecoveryModemulatorSkylakeLow Profile PCImicroarchitectureJob AccountingmemoryUNIX/LinuxControllerTelephonyz/VMCA 2ETransparent Supply ChainHybridUNICOM Engineering Products5GModemtrade complianceDell EMCCarrier Loss RedialMacKnowledge baseeReaderCentralized ControlLANSAVoiceWebSphereDellsoftwareSpeed LevelingIntel®QATOEMQuickAssistHalf DuplexplatinumNASOptane memorycomputingEthernetgolf classic, humanitarian, charity, philanthropy, engineering,Line ConsolidationECMelectronic wasteRemote AccessContent ManagementWindowsFile Sharinglow-powerMessage Console ManagementIntel® Atom® C3000Batch ProcessingFiberConsole ManagementSystems ManagementALMFleet ManagementCableIntel Xeon ScalableVROCFile ManagementArtificial IntelligenceDeployment PartnerDashboardCompressionApplication DeploymentREXXCopperData BackupCode Path AnalysisSCMCICS ApplicationsJES Administrationntel Xeon Scalable Processor FamilyFault Analysis and TestingSession ManagementSerialSynonGCSPerformance MonitoringAdministrationSDForward Stocking LocationsTape ManagementProduction PrintingColumbus SuiteGatewayISO Standardsz/VSEDial-upConsole ServerDIP switchesVTAMsilverVirtual OEMSecurity ManagementEVDONetworkVSAMcommunicationse-wasteLinuxApplication ModernizationMenu ManagementTransitioning to HaswellVSESkylake PurleyExtensiontrade rules and regulationsIntelDocument CompositionFirewallCard ReaderAutomated MessagingCICSCARTS Suiteedge serversPCIeBusinessWindow ManagementLewisburg PCHWeb-Enablementdigital transformationVideo SurveillanceExpansion CardCapacity PlanningPower SwitchSDXCHelpdeskIBM idatabase IOPS1Data CenterFull DuplexNABBackupAccountingSolarisOutput ManagementRSA ConferenceLine SharingDocument Management and DeliveryapplianceHub30 PinGPSstorage and networking


Archive