After Russian hackers made extensive efforts to infiltrate the American voting apparatus in 2016, some states moved to restrict internet access to their vote-counting systems. Colorado got rid of barcodes used to electronically read ballots. California tightened its rules for electronic voting machines that can go online. Ohio bought new voting machines that deliberately excluded wireless capabilities.
Michigan went in a different direction, authorizing as much as $82 million for machines that rely on wireless modems to connect to the internet. State officials justified the move by saying it is the best way to satisfy an impatient public that craves instantaneous results, even if they’re unofficial.
The problem is, connecting election machines to the public internet, especially wirelessly, leaves the whole system vulnerable, according to cybersecurity experts. So Michigan’s new secretary of state is considering using some of the state’s $10 million in federal election funds to rip out those modems before the March presidential primary.
“The system we inherited is not optimal for security since our election equipment can and has connected to the internet,” said
Michigan’s experience illustrates a thorny challenge for state and local election officials as they try to update old and insecure equipment: Technology that’s evolved over two decades to quickly transit election results from precincts to news organizations projecting winners has now been labeled a cybersecurity risk.
Michigan says its votes are safe from hackers since its election system only connects to the internet only after votes have been counted. Cybersecurity experts differ. Even brief exposure to the internet can leave states vulnerable to infiltration and an attack on the credibility of their results, said Eddie Perez, Global Director of Technology at the Open Source Election Technology Institute.
Part of the challenge of protecting the 2020 vote is convincing localities to prioritize security over familiarity, convenience and accessibility.
Cybersecurity experts maintain that connecting election systems to the internet, even briefly, exposes these machines to malicious attackers who may be intent on derailing or discrediting an election. It’s not just voting machines that are vulnerable but any piece of the election apparatus, including wireless-enabled printers, digital check-in tablets, tabulators and even the registration database, they said.
And yet, some local and state election officials remain committed to wireless-enabled machines, which allow them to quickly provide results to the public and more easily accommodate disabled voters. Heading into the 2020 presidential election, Rhode Island, Wisconsin, Georgia and Florida are among at least 11 states that still allow voting jurisdictions to use wireless-enabled voting equipment.
“Connecting for a millisecond is enough to propagate malware through a system,” said
In 2016, Russian hackers attempted to infiltrate most, if not all, state election systems, and downloaded voter data in Illinois, federal authorities have said. However, there is no evidence that the hackers attempted to change the vote. Furthermore, while cybersecurity experts and some election officials fear that wireless connectivity exposes voting systems to hackers, there’s no evidence that such an attack has occurred in the U.S.
Hacking the vote through wirelessly connected voting machines is one of several potential risks from foreign agents going into the 2020 election. As it did in 2016, Russia could deploy an extensive disinformation campaign on social media to try to sway the vote -- as could other adversaries. Hackers could penetrate voter registration databases and alter or delete information -- potentially sowing chaos on Election Day.
Remote election machinery hacks, however, are almost certainly the easiest to prevent -- by simply not allowing the equipment to connect to the public internet.
The Cybersecurity and Infrastructure Security Agency, which is responsible for defending Americans from cyber-attacks, has already advised local election authorities to avoid wireless connections altogether. In July, the U.S. Senate Intelligence Committee issued a report on Russian meddling, saying states should remove any wireless networking capability.
Wireless connectivity of voting systems is such a bad idea that the
An advisory committee of the
But there’s a catch: even if the EAC, the federal agency responsible for enforcing these non-binding voting machine guidelines, does approve such a prohibition, they’ll have no material impact on the 2020 election. Voting machine vendors have stated that it could take them as long as four years to build machines compliant with the new standards.
That means the 2020 vote, starting with primaries in March, will occur across the country using some machines that cybersecurity experts don’t trust.
“The added risk is just unnecessary,” said Andrew Appel, a computer science professor at Princeton University. “The only purpose of these modems is to call in results to the news media in seconds rather than minutes.”
The pressure to promptly transmit results to news organizations –- and ultimately voters -- is so great that election officials have no choice but to briefly connect voting systems to the internet at the end of the night, said Paul Lux, the elections supervisor of Okaloosa County, Florida and a member of the EAC advisory committee that develops technical guidelines.
“If everyone would just be patient on election night and let us produce the results, then there’s no real debate here about wireless transmission,” Lux said.
ES&S also said the number of its election machines with wireless modems is relatively minuscule: 14,420 across 11 states. That would be almost two per jurisdiction, if spread across the entire country.
Another election machine manufacturer,
There is another group advocating for wireless connectivity of voting machines: accessibility groups. While cybersecurity experts are clamoring for less internet connectivity, voters with disabilities are vying for more, including the ability to vote online.
Remote access to ballots “is just not going to be a priority as long as all of this attention is on security instead,” said Diane Golden, a member of a federal committee on voting standards and a voting rights advocate for citizens with disabilities. “Every step you take to increase security basically screws accessibility.”
For all the warnings about wireless-enabled voting machines from federal officials, the safety of elections is mostly the responsibility of more than 7,000 local voting jurisdictions, ranging from Los Angeles County with more than 5.5 million voters to small towns with just a few hundred.
In recent years, the federal government has provided $300 million to improve state and local electoral security. Some states and cities have used the money to buy new voting machines and hire cybersecurity experts. But many believe that effort has fallen short of what is needed, leaving some election authorities preparing for the 2020 election with minimal technical and financial support.
Some election officials maintain that internet access can be crucial in keeping election machinery functioning properly.
In Georgia, six counties ran a pilot program alongside municipal elections in November to test their new voting system, including new digital check-in machines -- iPads used to identify voters. But when voters entered precincts on Nov. 5, the system failed.
To fix the glitch, state election officials decided to connect the tablets to the internet, using the same Wi-Fi found in polling places. They figured, “if we turn on Wi-Fi for a minute, we’ll load the correct data and it will work like a dream,” said Gabriel Sterling, chief operating officer for the Georgia Secretary of State, who is overseeing the pilot project. “And it did.”
It’s the kind of episode that gives cybersecurity officials heartburn, even if there’s no evidence that anything went wrong in Georgia.
“It’s easy to use wireless in a bad way,” said Dan Wallach, a computer science professor at Rice University and a member of the EAC’s technical guidelines committee. “To configure it in a way that works and isn’t a security nightmare is just asking for a lot.”
In Michigan, Benson’s predecessor,
The state may have to live with that decision if Benson’s panel determines the modems can’t be ripped out without harming the rest of the hardware. Benson hopes to know more by the end of January, with the state’s primary looming in a little more than a month.
“If nothing else, these capabilities create a sense of insecurity in our results,” she said. “Until we have technology that can be completely secure, yes, we should be taking steps to get away from the internet in our machines.”
(Updates to mention transmitted results are unofficial in second paragraph)
To contact the reporter on this story:
To contact the editors responsible for this story:
© 2020 Bloomberg L.P. All rights reserved. Used with permission.