After Russian hackers made extensive efforts to infiltrate the American voting apparatus in 2016, some US states moved to restrict Internet access to their vote-counting systems. Colorado got rid of barcodes used to electronically read ballots. California tightened its rules for electronic voting machines that can go online. Ohio bought new voting machines that deliberately excluded wireless capabilities.
Michigan went in a different direction, authorizing as much as US$82 million for machines that rely on wireless modems to connect to the Internet. State officials justified the move by saying it is the best way to satisfy an impatient public that craves instantaneous results, even if they are unofficial.
The problem is, connecting election machines to the public Internet, especially wirelessly, leaves the whole system vulnerable, according to cybersecurity experts.
Illustration: Yusha
So Michigan’s new secretary of state is considering using some of the state’s US$10 million in federal election funds to rip out those modems before the presidential primary in March.
“The system we inherited is not optimal for security, since our election equipment can and has connected to the Internet,” said Jocelyn Benson, who won election as secretary of state and took office in January last year.
Benson convened a committee of cybersecurity experts to evaluate the state election system’s vulnerabilities.
“If that’s what the committee recommends, we’ll take them out,” she said.
Michigan’s experience illustrates a thorny challenge for state and local election officials as they try to update old and insecure equipment: Technology that has evolved over two decades to quickly transit election results from precincts to news organizations projecting winners has now been labeled a cybersecurity risk.
Michigan says its votes are safe from hackers, as its election system connects to the Internet only after votes have been counted. Cybersecurity experts differ.
Even brief exposure to the Internet can leave states vulnerable to infiltration and an attack on the credibility of their results, said Eddie Perez, global director of technology at the Open Source Election Technology Institute.
Part of the challenge of protecting this year’s vote is convincing localities to prioritize security over familiarity, convenience and accessibility.
Cybersecurity experts maintain that connecting election systems to the Internet, even briefly, exposes these machines to malicious attackers who might be intent on derailing or discrediting an election. It is not just voting machines that are vulnerable, but any piece of the election apparatus, including wireless-enabled printers, digital check-in tablets, tabulators and even the registration database, they said.
And yet, some local and state election officials remain committed to wireless-enabled machines, which allow them to quickly provide results to the public and more easily accommodate disabled voters. Heading into the US presidential election, Rhode Island, Wisconsin, Georgia and Florida are among at least 11 states that still allow voting jurisdictions to use wireless-enabled voting equipment.
“Connecting for a millisecond is enough to propagate malware through a system,” said Rich DeMillo, a computer science professor at the Georgia Institute of Technology and a member of Michigan’s election security panel. “Every weak link in the chain of network security is a problem, so opening the door to the Internet is just a bad idea in every conceivable scenario.”
In 2016, Russian hackers attempted to infiltrate most, if not all, state election systems, and downloaded voter data in Illinois, federal authorities have said.
However, there is no evidence that the hackers attempted to change the vote. Furthermore, while cybersecurity experts and some election officials fear that wireless connectivity exposes voting systems to hackers, there is no evidence that such an attack has occurred in the US.
Hacking the vote through wirelessly connected voting machines is one of several potential risks from foreign agents going into the elections in November. As it did in 2016, Russia could deploy an extensive disinformation campaign on social media to try to sway the vote — as could other adversaries. Hackers could penetrate voter registration databases and alter or delete information — potentially sowing chaos on election day.
However, remote election machinery hacks are almost certainly the easiest to prevent — by simply not allowing the equipment to connect to the public Internet.
The Cybersecurity and Infrastructure Security Agency, which is responsible for defending Americans from cyberattacks, has already advised local election authorities to avoid wireless connections altogether. In July, the US Senate Intelligence Committee issued a report on Russian meddling, saying states should remove any wireless networking capability.
Wireless connectivity of voting systems is such a bad idea that the US National Institute of Standards and Technology on Dec. 18 recommended restricting voting machines from connecting to external networks through cellular modems. The recommendation would allow cellular connectivity if individual machines are “air gapped” — isolated from unsecured networks.
An advisory committee of the US Election Assistance Commission could vote on the recommendations by next month, the first step in what is likely to be at least a year-long procedure to restrict the use of wireless modems in voting systems.
However, there is a catch: even if the Election Assistance Commission, the federal agency responsible for enforcing these non-binding voting machine guidelines, does approve such a prohibition, they will have no material impact on this year’s election.
Voting machine vendors have stated that it could take them as long as four years to build machines compliant with the new standards.
That means the Nov. 3 vote, starting with primaries in March, will occur across the US using some machines that cybersecurity experts do not trust.
“The added risk is just unnecessary,” said Andrew Appel, a computer science professor at Princeton University. “The only purpose of these modems is to call in results to the news media in seconds rather than minutes.”
The pressure to promptly transmit results to news organizations — and ultimately voters — is so great that election officials have no choice but to briefly connect voting systems to the Internet at the end of the night, said Paul Lux, the elections supervisor of Okaloosa County, Florida, and a member of the Election Assistance Commission advisory committee that develops technical guidelines.
“If everyone would just be patient on election night and let us produce the results, then there’s no real debate here about wireless transmission,” Lux said.
Election Systems & Software LLC, provider of more than half of the country’s voting machines, contends that these systems reduce wait time for results and are secure.
Still, Katina Granger, a spokeswoman, said that the company does “not promote the use of modems. If customers request it, we provide cellular modem transmittal capability on a secure and encrypted network.”
Election Systems & Software also said the number of its election machines with wireless modems is relatively minuscule: 14,420 across 11 states. That would be almost two per jurisdiction, if spread across the entire country.
Another election machine manufacturer, Hart InterCivic Inc, which has the only wireless-enabled system to receive Election Assistance Commission certification, did not return messages seeking comment.
There is another group advocating for wireless connectivity of voting machines: accessibility groups. While cybersecurity experts are clamoring for less Internet connectivity, voters with disabilities are vying for more, including the ability to vote online.
Remote access to ballots “is just not going to be a priority as long as all of this attention is on security instead,” said Diane Golden, a member of a federal committee on voting standards and a voting rights advocate for citizens with disabilities. “Every step you take to increase security basically screws accessibility.”
For all the warnings about wireless-enabled voting machines from federal officials, the safety of elections is mostly the responsibility of more than 7,000 local voting jurisdictions, ranging from Los Angeles County with more than 5.5 million voters to small towns with just a few hundred.
In recent years, the federal government has provided US$300 million to improve state and local electoral security. Some states and cities have used the money to buy new voting machines and hire cybersecurity experts.
However, many believe that effort has fallen short of what is needed, leaving some election authorities preparing for the election with minimal technical and financial support.
Some election officials maintain that Internet access can be crucial in keeping election machinery functioning properly.
In Georgia, six counties ran a pilot program alongside municipal elections in November last year to test their new voting system, including new digital check-in machines — iPads used to identify voters — but when voters entered precincts on Nov. 5, the system failed.
To fix the glitch, state election officials connected the tablets to the Internet, using the same Wi-Fi found in polling places.
They figured, “if we turn on Wi-Fi for a minute, we’ll load the correct data and it will work like a dream,” said Gabriel Sterling, chief operating officer for the Georgia Secretary of State, who is overseeing the pilot project. “And it did.”
It is the kind of episode that gives cybersecurity officials heartburn, even if there is no evidence that anything went wrong in Georgia.
“It’s easy to use wireless in a bad way,” said Dan Wallach, a computer science professor at Rice University and a member of the Election Assistance Commission’s technical guidelines committee. “To configure it in a way that works and isn’t a security nightmare is just asking for a lot.”
In Michigan, Benson’s predecessor, Ruth Johnson, said the reason for investing in Internet-enabled machines was to transmit “pre-preliminary” results as quickly as possible.
She said the decision was not made in isolation. The state also chose to procure machines with a paper trail to audit their results to provide additional security.
The state might have to live with that decision if Benson’s panel determines that the modems cannot be ripped out without harming the rest of the hardware.
Benson hopes to know more by the end of this month, with the state’s primary looming in a little more than a month.
“If nothing else, these capabilities create a sense of insecurity in our results,” she said. “Until we have technology that can be completely secure, yes, we should be taking steps to get away from the Internet in our machines.”
The term “assassin’s mace” originates from Chinese folklore, describing a concealed weapon used by a weaker hero to defeat a stronger adversary with an unexpected strike. In more general military parlance, the concept refers to an asymmetric capability that targets a critical vulnerability of an adversary. China has found its modern equivalent of the assassin’s mace with its high-altitude electromagnetic pulse (HEMP) weapons, which are nuclear warheads detonated at a high altitude, emitting intense electromagnetic radiation capable of disabling and destroying electronics. An assassin’s mace weapon possesses two essential characteristics: strategic surprise and the ability to neutralize a core dependency.
Chinese President and Chinese Communist Party (CCP) Chairman Xi Jinping (習近平) said in a politburo speech late last month that his party must protect the “bottom line” to prevent systemic threats. The tone of his address was grave, revealing deep anxieties about China’s current state of affairs. Essentially, what he worries most about is systemic threats to China’s normal development as a country. The US-China trade war has turned white hot: China’s export orders have plummeted, Chinese firms and enterprises are shutting up shop, and local debt risks are mounting daily, causing China’s economy to flag externally and hemorrhage internally. China’s
During the “426 rally” organized by the Chinese Nationalist Party (KMT) and the Taiwan People’s Party under the slogan “fight green communism, resist dictatorship,” leaders from the two opposition parties framed it as a battle against an allegedly authoritarian administration led by President William Lai (賴清德). While criticism of the government can be a healthy expression of a vibrant, pluralistic society, and protests are quite common in Taiwan, the discourse of the 426 rally nonetheless betrayed troubling signs of collective amnesia. Specifically, the KMT, which imposed 38 years of martial law in Taiwan from 1949 to 1987, has never fully faced its
When a recall campaign targeting the opposition Chinese Nationalist Party (KMT) legislators was launched, something rather disturbing happened. According to reports, Hualien County Government officials visited several people to verify their signatures. Local authorities allegedly used routine or harmless reasons as an excuse to enter people’s house for investigation. The KMT launched its own recall campaigns, targeting Democratic Progressive Party (DPP) lawmakers, and began to collect signatures. It has been found that some of the KMT-headed counties and cities have allegedly been mobilizing municipal machinery. In Keelung, the director of the Department of Civil Affairs used the household registration system
RSS