We are less than nine months away from the 2018 national midterm elections and states and local municipalities are still scrambling to understand the threat to their infrastructure and to have in place the most secure voting methodologies. What is known is that the U.S. intelligence apparatus has warned congress that Russian meddling in our elections can be expected to continue. Additionally, the Department of Homeland Security recently provided expansive detail on the previous sojourn into 21 states’ election infrastructure by the Russian Federation’s intelligence apparatus. Follow that with the content of the indictment of 13 Russian citizens/operatives, some of whom traveled to the United States (Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, Georgia and New York). Every state should be concerned. And other countries should be going to school on what is occurring in the United States.
The Voting Machines
The information security adage, “If man can create it, man can defeat it,” remains valid. For this reason, all states using electronic voting machines are hypersensitive to the possibility that their results may be skewed in some fashion. Kate Rabinowitz, a freelance data journalist, recently wrote an article that details how thin budgets are for new voting equipment across the United States. Many voting machines are more than a decade old, she wrote, and susceptible to both failure and compromise.
Rabinowitz cited a survey published by The New York University School of Law’s Brennan Center for Justice, which showed 33 states recognize the need to replace their voting machines. The most chilling quote came from Orange County, California’s Registrar of Voters Neal Kelley: “The sky really is falling. We’re taking systems out of service because we can’t repair them anymore.” How many systems does Kelley’s team support? About 11,000 machines.
Last summer, a number of voting machines were publicly compromised during the DefCon conference by security researchers. The event was an unambiguous signal to voting officials across the country that those using voting machines should make sure there is an accompanying paper trail.
Parts, We Need Parts
When machines hit end of life, spare parts become scarce and cannibalization occurs. Thus, it isn’t surprising to learn that election officials have resorted to buying spare parts on eBay.
Now, from a purely counterintelligence and OpSec perspective, knowing that states are buying spare parts out of channel—via eBay or other online retailers—is a juicy opportunity for those interested in compromising the integrity of the machines or the results they produce. Given the warnings from the intelligence community, it is not beyond the pale to process a potential scenario in which spare parts being sold via these gray channels are modified to fail or to act in an unexpected manner to the detriment of the voters. Will states have the resources to validate parts when they are needed yesterday and the election is tomorrow? Seeding supply chains is not new to the Russian Federation, China or any other potential adversary of the United States.
What To Do?
Is it time that voting machines fall under a national mandate and thus are provided to municipalities, rather than having each individual municipality independently determine what machines will be used for vote counting or collecting? Legislatures (both federal and state) demanding change but not funding change are simply spitting into the wind.
If federal funding is not forthcoming and given, we have only nine months to put in place a solution. Perhaps stepping back in time may be the right step.
Paper ballots are to voting machines like one-time-pad is to machine encryption: It might be most secure means to ensure the 2018 vote is secure, especially when we know the U.S. elections are under attack by foreign adversaries.
Additional reading: “America’s Voting Machines at Risk” (2015)