Voting machines without safeguards

Computer Scientist who prefers paper. That is how the American magazine The Atlantic described her earlier this year. Having worked at IBM for long, Barbara Simons (76) is among the pioneers in computer science. When, therefore, she began saying that electronic voting was not safe, people took her to be a ‘crank’. But undeterred, Simons became one of the founders of American organization Verified Voters, which has been in the forefront of the movement to replace machines with paper ballots in American elections.

The idea that software can be manipulated to rig elections is still neither popular nor widely accepted. But the election of Donald Trump in 2016 as the US President and the cloud cast by allegations of Russian interference in the electoral process, has overnight changed the usually cold reception that Simons was used to from public officials and citizens alike. People are now more curious to hear her and more willing to accept that she may actually be talking sense.

US Department of Homeland Security reported Russian attempts to meddle with the electoral process in 21 states. It also reported successful attempts to hack computer systems at Sony, US Office of Personnel Management and Equifax. The attacks underlined the vulnerability of all computerised systems, very few of which are said to be truly secure.

But Simons does not seem to grudge the ignorance and pig-headedness of officials for whom the vulnerability of electronic voting machines was a fringe occupation. “They didn’t know what they were talking about,” she told The Atlantic, “but (and) I did.”

In late July 2017, she addressed hackers assembled at an annual event in Las Vegas. The hackers were there to stage an attack on voting machines while the voting took place. Four different types of voting machines, three still in use in the United States, had been placed before them and as the voting was staged, the hackers were to try and manipulate the machines. “I lose sleep over this; I hope you will too,” she told them.

“One team of hackers used radio signals to eavesdrop on a machine as it recorded votes. Another found a master password online. Within hours of getting their hands on the machines, the hackers had discovered vulnerabilities in all four,” reported The Atlantic.

Everything that was happening in front of their eyes at the hackers’conference, she told the media, would have been done by groups intent on undermining the integrity of the American electoral system.

Because of sustained efforts and campaigning by Verified Voters and Simons,

• League of Women Voters in the US no longer insists on paperless voting
• The state of Virginia stopped using voting machines
• More states in the US are now paying attention to what Simons has been saying and toying with the idea of switching to paper ballots.

The Atlantic report quoted her as saying, “It’s not that I don’t like computing or I don’t like computers. I mean, I am a computer scientist,” she said. “Many of the leading opponents of paperless voting machines were, and still are, computer scientists, because we understand the vulnerability of voting equipment in a way most election officials don’t. The problem with cybersecurity is that you have to protect against everything, but your opponent only has to find one vulnerability.”

Simons is skeptical about steps taken by tech companies to enhance cyber security. Pointing out that all 50 states in the USA use computerised scanners for vote counting, she claimed that few states had a system of post-editing auditing to detect manipulation. “Mandatory audits, in the form of hand counts of randomized samplings of ballots, are essential to protect against invisible vote theft,” Simons said, adding, “in an unaudited system, malicious code could easily go unnoticed. “It’s not rocket science,” she said. “Any halfway-decent programmer could do it.”

“In 2002, Congress passed the Help America Vote Act, and states were awash in money to invest in new systems ... Security was a secondary concern—even though many of the new machines had wireless features and left no paper trail. They were viewed as easier to use, and seemed to have little downside. Each state “wanted to get the newest and greatest shiny object,” said Simons. It was “a gold-rush mentality.”

The secret ballot presents a paradox: How can the validity of each vote be confirmed without being traceable to any individual voter? Ballots must be “anonymous and yet verifiable, secret and yet accountable,” says Eric Hodge of CyberScout, a security-services company.

“Paper, Simons said, is the best answer to this riddle. Marked clearly and correctly, it’s a portable and transparent record of voter intent, one that voters themselves can verify, at least while the ballot is still in their possession. It’s also a permanent record, unlike computer memory, which can always be overwritten. “There’s no malware that can attack paper,” Simons said. “We can solve this. We know how to do it.”

“The technical community has a responsibility to inform policy makers of the limitations as well as the benefits of technology,” she said. “That is part of engineering.”

It is not just Simons who is critical of voting machines. Cyber security experts in the United States say not enough is being done to secure the machines, ensure manufacturers follow security norms and to conduct a proper post-election audit. The weekly newsletter of Verified Voters reported the following and many more developments around security of voting machines. A sampling will give an idea of the intense debate on the question in the United States. Not enough is happening evidently in India.

• A number of recommendations have been made to a Congressional Committee on how to secure election infrastructure, including paper ballot voting systems, post -lection audits, federal certification for voting equipment and training of election officials, and the regulation of voting systems manufacturers.
• Oregon Senator Rod Wyden sent a questionnaire to six manufacturers of voting machines. After receiving their response, he issued a statement which read, “These responses suggest the voting machine industry has severely underinvested in cybersecurity. It’s cause for alarm that [ES&S] refused to answer a single question about whether it is securing its systems,” Wyden said. “Given what happened during the 2016 election, voting technology companies must move aggressively to secure their products.”
• A New York Times report investigated the purging of voter rolls. The report noted, “ Conservative groups and Republican election officials in some states say the poorly maintained rolls invite fraud and meddling by hackers, sap public confidence in elections and make election workers’ jobs harder
• The Christian Science Monitor concluded a three-part series on voting issues with a focus on security. The article covered the security breach in Georgia, risk-limiting audits in Colorado, and the aging fleet of voting equipment fielded in many states. The article acknowledges the consensus among computer security experts that the best defense against the potential of election hacking, as well as computer malfunction, is the use of voter marked paper ballots coupled with robust routine post-election audits.
• The Associated Press reported that a computer server crucial to a lawsuit against Georgia election officials was ‘quietly wiped clean’ by technicians at the Center for Elections Systems at Kennesaw State University, which runs the state’s election system. The erasure took place on July 7, just three days after the filing of a lawsuit questioning the security and accuracy of Georgia’s election infrastructure. Secretary of State Brian Kemp, the chief state election official in the state has denied ordering the erasure and blamed “the undeniable ineptitude” at the Kennesaw State elections center. For their part, a spokesman for Kennesaw attributed the server wiping to “standard operating procedure” amidst questions whether the move was evidence of “incompetence or a cover-up”.