SPRINGFIELD, Ill. (AP) — With the Illinois primary just days away, state election officials are beefing up cyber defenses and scanning for possible intrusions into voting systems and voter registration rolls.
They have good reason to be on guard: Two years ago, Illinois was the lone state known to have its state election system breached in a hacking effort that ultimately targeted 21 states. Hackers believe to be connected to Russia penetrated the state’s voter rolls, viewing data on some 76,000 Illinois voters, although there is no indication any information was changed.
Since then, Illinois election officials have added firewalls, installed software designed to prevent intrusions and shifted staffing to focus on the threats. The state has been receiving regular cyber scans from the federal government to identify potential weak spots and has asked the U.S. Department of Homeland Security to conduct a comprehensive risk assessment. That assessment is scheduled but will not happen before Tuesday’s second-in the-nation primary.
“It’s not something where you ever feel completely safe,” Matt Dietrich, spokesman for the Illinois State Board of Elections. “It’s something where you feel like you’re doing your best to protect against what could happen in a cyberattack.”
Federal intelligence agencies determined that the attempted hacking of state elections systems in 2016 primarily targeted voter registration systems, not actual voting machines or vote tallying.
Gaining access to electronic voter rolls can do as much damage, giving hackers the ability to change names, addresses or polling places. Confusion, long lines and delays in reporting election results would follow, all of which undermines confidence in elections.
Cybersecurity experts say it’s crucial for states to shore up vulnerabilities in those systems now, with this year’s midterm elections underway and the 2020 presidential election on the horizon.
J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, said many of the same weaknesses present in 2016 remain.
“I think it’s only a matter of time before we suffer a devastating attack on our election systems unless our federal and state governments act quickly,” he said.
The federal Help America Vote Act, passed two years after the messy presidential recount in Florida, requires states to have a centralized statewide voter registration list, but states vary in how they implement it.
Most collect voter data at the state level and then provide it to local election officials, according to the U.S. Election Assistance Commission. Illinois and five other states do the opposite, collecting voter registration data at the local level and sending it to the state elections office. A few others have a hybrid system.
The chief concern surrounding voter registration systems and the growing use of electronic poll books to check in voters at polling places is how they interact with other internet-connected systems.
Electronic poll books allow polling place workers to verify a person’s registration and related information electronically, rather than having to rely on large paper files.
A downside is that the e-poll books might use a network to connect to a voter registration system, providing a potential opening for hackers.
In other cases, the voter data is transferred from a computer and placed on a device not connected to the internet. That computer is the potential weak link. Security experts said it must be secured and not subject to tampering.
Experts with The Belfer Center for Science and International Affairs at the Harvard Kennedy School said network-connected election systems are vulnerable to attacks and urged officials to take several steps to shore up security, including making sure the underlying server is not connected to the internet and that all changes are logged. Experts say a key component is that election systems can recover quickly in the event of an attack or even an equipment failure, limiting public disruption.
Larry Norden, an expert in elections technology with The Brennan Center for Justice at the NYU School of Law, said the network connections make voter registration systems more vulnerable to hacking than voting machines, which are not directly connected to the internet.
In many states, the department of motor vehicles or some other state agency provides information to the voter registration system as a way to keep the records current. Some states allow voters to register and edit their information on a state website that is connected to the voter database.
All of those provide possible access points that can open the door to hackers.
“Just understanding where the risks are is critical,” Norden said.
___
Cassidy reported from Atlanta.
Sorry guys, simply having your voting systems off of the internet won’t protect you from Nation-state caliber hackers. It’s called crossing the “air gap”… malicious software hitching a ride on USB drives, etc during updates or whatever. Governments like our own do this every day. Google “STUXNET” for a case study, and secure our systems accordingly.
Hint: A lot of paper and pencils aren’t a bad idea, and MANDATORY hand recounts of the paper to “certify” an election are a must.
These data breaches are the equivalent of pissing in the communion cup at church. If we can’t believe in what we are taking part of, even through one cycle, we wind up with Dump’s vision of a president-for-life. I wonder if Mitch and the GOPuke secretaries of state who opposed ballot security to get their man selected can enjoy it at this point.
Thank goodness they jumped right on this problem as soon as they could. They don’t let the grass grow in Illinois, do they? /s
Let’s just go back to everything being done with a paper trail…ballots, voter rolls in paper books, paper, paper, paper…and probably a lot of No. 2 pencils.
At this point, I’m starting to look back at paper chads with nostalgia for the good ole bad days. At least we had actual human beings looking at those stupid things to determine some kind of intent…and boy-howdy was that fucked up by those people in Brooks Brothers suits. I don’t know. Right now we’re at the mercy of people that aren’t being given adequate resources to combat this shit, and some, probably willing to look the other way if it benefits their own personal party preferences.
All technology lends itself to potential chicanery. The voting systems seem to have advanced beyond some strict legal measures to deal with actual problems of interference when they arise…but mostly out of complacency, political monkey-business, last minute fixes, and a serious lack of will by people attempting to corrupt the system to gain advantage in the first place.
I really think few people understand what we’re up against in the grand scheme of things. Those that do, that could determine a viable solution, are rarely getting the kind of important attention needed as to how menacing this problem is in determining election outcomes. Most people in the general public don’t have a very good understanding of how fraught all these systems are, or how easily they can be hijacked on a multitude of levels, at all stages of the process, from voter registration to actual casting of a ballot. A lot of people ignored any serious concern over actual voter tallies going back to the days when Diebold was in the news. Its so much worse now with Russia’s meddling (and a few too many American plutocrat billionaires) in our elections. Now that its at the registration level and the actual voter rolls being altered, we are sure to experience a far greater fuckup, with no relief in sight.
Republicans are scum in allowing this to continue without serious attention being paid to this problem.