Alabama Supreme Court Okays Destruction of Digital Voting Records

Dec 13, 2017 by

Alabama’s special election for Jeff Sessions’ vacated Senate seat is underway today, but state courts are still battling over whether or not digital records from the vote should be preserved in case of a recount or a hack.
On Monday, a judge ordered local election officials to save digital images of ballots, AL.com reports. However, his decision was quickly reversed by the Alabama Supreme Court, which stayed his order Monday evening.
Alabama uses paper ballots in its elections, which is considered more secure than many digital voting machines. Once voters mark their choices on paper, the ballots are scanned by computers to tally the votes. This system isn’t set up properly for audits, according to Verified Voting, an election integrity organization.
“If the race goes to a recount following the election, Alabama’s recount laws won’t do enough to protect voters’ votes because it has no audit structure in place and relies on re-tabulation—where ballots that were tabulated by optical scanners are now re-tabulated by machine,” Verified Voting president Marian Schneider said in a statement. “If a recount occurs, it cannot be relied on to detect and correct a potential error in the computerized count unless it is done manually.”
Four Alabama voters sued in an effort to get ballot images preserved, according to AL.com, arguing that state and federal law requires election officials to preserve the digital ballot images for six months. In Alabama, the digital images are typically destroyed after an election.
“After hearing arguments and reviewing the filings, it appears that Plaintiffs and similarly situated voters would suffer irreparable and immediate harm if digital ballot images are not preserved,” Montgomery County Circuit Judge Roman Ashley Shaul wrote in his order requiring ballot images to be preserved.
However, the state Supreme Court overruled his decision, which Verified Voting says will limit the state’s ability to do election audits or catch hacking attempts.
“If every state’s election systems provided voter-verified paper ballots and post-election audits, we would be able to detect and correct errors or election tampering. But without the proper procedures in place, Alabama will be unable to do this,” Schneider said.

Every Voting Machine at This Hacking Conference Got Totally Pwned

 

14
A noisy cheer went up from the crowd of hackers clustered around the voting machine tucked into the back corner of a casino conference room—they’d just managed to load Rick Astley’s “Never Gonna Give You Up” onto the WinVote, effectively rickrolling democracy.

The hack was easy to execute. Two of the hackers working on the touchscreen voting machine, who identified only by their first names, Nick and Josh, had managed to install Windows Media Player on the machine and use it to play Astley’s classic-turned-trolling-track.
The rickroll stunt was just one hack at the security conference DEF CON, which ran a three-day Voting Machine Hacking Village to test the security of various machines and networks used in US elections. By the end of the weekend, every one of the roughly 30 machines at the village, including those used to tabulate votes and to check voters in when they go to the polls, had been hacked. Even though several of the exploits ended up paying tribute to Astley, they’re not jokes—they also present a serious lesson about the security vulnerabilities in voting machines that leave them open to tampering and manipulation. And the more vulnerable our voting infrastructure is shown to be, the less confidence voters may feel.
“The real takeaway is that you can install any software on this,” Nick told Gizmodo. “There’s no control.” Nick had simply connected a keyboard to an exposed USB port at the back of the WinVote, which was used in elections as recently as 2014, and was able to install whatever software he wanted from there.
The voting village is the brainchild of a who’s-who list of security experts: DEF CON founder Jeff Moss, cryptographer Matt Blaze, computer programmer Harri Hursti (whose hack of Diebold voting machines in 2005 bears the name “the Hursti Hack”), and others. Researchers have been uncovering problems with voting systems for more than a decade, but the 2016 presidential election catapulted their work into the national spotlight. Now the entire country, and maybe the world, is paying attention. But poll workers and former campaign officials say that their primary security concerns still aren’t with voting machines themselves but with protecting voter registration systems and defending against basic phishing attacks like the ones used to gain entry to the Democratic National Committee’s network.

Meet the machines

“This is the great Satan,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology, gesturing dismissively at the WinVote.
The machine contains a cellular modem chip that allows its software to be updated remotely. “Unfortunately, it also means that you can log into the damn thing from across the street if you know the right credentials,” Hall explained. “What’s hundreds of miles between networked friends?”
The WinVote was the first machine to fall, with a hacker achieving remote code execution on the machine within the first hours of the village. WinVotes were decertified by Virginia’s election board in 2015 because of their security vulnerabilities.
American voting systems are largely cobbled together with antiquated technology. Voting machines can vary by state and county, and have to be certified by the Election Assistance Commission. But other devices, like the electronic poll books used in some jurisdictions to check in voters at their polling stations, aren’t subject to the certification process. Add in the voter registration databases themselves—which were reportedly breached in 39 stateslast year—and you have a convoluted and vulnerable system ripe for attack.
The machines are mostly new to the hackers at DEF CON. “They’re not very much fun, they’re like very boring ATMs,” Hall joked. It’s obvious that election systems aren’t very secure, but it’s important to understand why the security problems exist in the first place, and why they’re so hard to fix.
The security industry encourages regular software updates to patch bugs and keep machines as impenetrable as possible. But updating the machines used in voting systems isn’t as easy as installing a patch because the machines are subject to strict certification rules.
Any major software update would require the state to redo its certification process. “It costs over $1 million to get certified,” Joshua Franklin, a security specialist with the National Institute of Standards and Technology’s cybersecurity and privacy application unit, explained to attendees. Franklin said that even though the Election Assistance Commission’s most recent election security standards were released in 2015, most state’s machines are only compliant with standards from 2002 because of the prohibitive costs of updates.
The cost breaks down to about $30-$40 per voter, estimates Tom Stanionis, an IT manager for a county election agency in California who attended the village in his personal capacity. Most states just don’t have the money.

                    “What’s hundreds of miles between networked friends?”

“The reality is, we’ve known about issues with voting machines for a long time,” Stanionis told Gizmodo. Since purchasing brand new systems is out of the question, Stanionis said most states do their best to protect the systems they have, walling them off from the internet and storing them securely when they’re not being used.
The rat king of decentralized state vendors and machines might actually be a good defense during a general election—it would force hackers to successfully target many disparate systems. “It would be really hard in most jurisdictions to do anything to affect the voting machines,” Stanionis said.
Difficult doesn’t mean impossible, though, and that’s what DEF CON’s hackers have set out to prove. If a hacker tucked away in a corner of a Las Vegas casino can alter a vote count, then surely a nation-state attacker can too.
“The thing you have to ask about any new technology is, compared with the technology that proceeded it, does this make that threat easier or harder? Does it make us better off or worse off?” Blaze told attendees. “Does whatever the technology we’re using make this threat an easier threat or a tougher threat? That’s the question we haven’t really been sharply asking for very long.”

Email security and beyond

Robby Mook, the former manager of Hillary Clinton’s presidential campaign, is at DEF CON for the first time, and you can kind of tell—he looks a bit too clean cut for a conference often filled with hoodie-wearing hackers. But he’s got experience being targeted by nation-state hackers that few other attendees can claim.
Although hackers were hard at work down the hall figuring out how to alter vote tallies, Mook said he was still mostly worried about getting campaign workers to secure their email accounts with two-factor authentication and stop retaining data for longer than necessary.
“It’s much more a matter of culture and education than it is of spending enormous resources,” Mook told Gizmodo. “People in the security community know a lot of things instinctually that a campaign professional has never had exposure to, ever.”

                    “Public confidence in elections is what gives government legitimacy.”

Mook, along with former Mitt Romney campaign manager Matt Rhoades and former Assistant Secretary of Defense Eric Rosenbach, launched an initiative at Harvard University earlier this summer focused on providing security resources to campaigns and election officials. The Defending Digital Democracy project received a founding investment from Facebook, and executives from the social network as well as Google and CrowdStrike are helping establish an information sharing organization that will give political committees and campaigns quick access to threat intelligence.
“If you pull aside any campaign manager and say, ‘Do you want to get hacked?’ they’d say no,” Mook told DEF CON attendees. “If you asked them, ‘Have you done everything you can?’ they’d say, ‘No, but I don’t really know.’”
Campaigns, along with voter registration databases, are softer targets for hackers—the events of the last year demonstrate that. And as exciting as it is to tear a voting machine apart, the goal of securing elections might be reached faster through educating election officials about cybersecurity best practices.
“The voter registration databases are becoming a more obvious target,” Stanionis said. Altering the voter roll to show an incorrect polling location for just a few voters could drastically slow down the voting process for many, he explained. If a voter isn’t believed to be in their correct polling station, she’ll be asked to fill out a provisional ballot, slowing down the line for everyone. Some might get sick of waiting and leave.
“That’s hacking the election but doesn’t look illegal from the outside,” he said.
These kinds of softer attacks strike at public trust in election systems. There’s an amount of error that’s to be expected in any election—a voter might circle the name of a candidate on their ballot instead of checking the box next to it, or a machine might malfunction on its own—but without voter confidence, all errors start to look nefarious.
“Perception and reality are linked here. Public confidence in elections is what gives government legitimacy,” Blaze said.
Without fixing simple problems like two-factor implementation and more complex ones like vulnerabilities in vote-tallying machines, that legitimacy is at risk of being lost for good.
“The Voting Hacking Village was just the start. This is one conversation that needs to leave Vegas,” said Jake Braun, the CEO of Cambridge Global Advisors and one of the organizers of the event. “There are ways to secure our democracy, but we need an organized advocacy campaign. We need to take these lessons back to DC, to state capitals, and to local election boards around the country to invoke change.”
Update 3:30 p.m.: This story was updated to include credit for a second hacker, Josh, who helped rickroll the WinVote machine.

Leave a Reply

Your email address will not be published. Required fields are marked *