Pressure to examine voting machines used in the 2016 election grows daily as evidence builds that Russian hacking attacks were broader and deeper than previously known. And the Department of Homeland Security has a simple response:
DHS officials from former secretary Jeh Johnson to acting Director of Cyber Division Samuel Liles may be adamant that machines were not affected, but the agency has not in fact opened up a single voting machine since November to check.
Asked about the decision, a DHS official told TPM: “In a September 2016 Intelligence Assessment, DHS and our partners determined that there was no indication that adversaries were planning cyber activity that would change the outcome of the coming US election.”
According to the most recent reports, 39 states were targeted by Russian hackers, and DHS has cited–without providing details–domestic attacks in its own reports as well.
“Although we continue to judge all newly available information, DHS has not fundamentally altered our prior assessments,” the department told TPM.
Computer scientists have been critical of that decision. “They have performed computer forensics on no election equipment whatsoever,” said J. Alex Halderman, who testified before the Senate Intelligence Committee last week about the vulnerability of election systems. “That would be one of the most direct ways of establishing in the equipment whether it’s been penetrated by attackers. We have not taken every step we could.”
Voting machines, especially the electronic machines still used in several states, are so insecure that an attack on them is likely to be successful, according to a report from NYU’s Brennan Center for Justice out Thursday morning. David Dill, a voting systems expert and professor of computer science at Stanford University quoted in the report, said hackers can easily breach election systems regardless of whether they’re able to coordinate widely enough to alter a general election result.
“I don’t know why they wouldn’t try to hack voting machines and I don’t know what would stop them,” Dill told TPM. “Any statement that says ‘We haven’t see evidence of X’ also means ‘We haven’t lifted a finger to investigate.’”
DHS told TPM Wednesday afternoon it was confident in “multiple checks and redundancies in US election infrastructure” and referred to the testimony of Liles and Jeannette Manfra, DHS undersecretary for cybersecurity, who said US electoral systems were fortified by “diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results.”
The new Brennan Center report, however, details the dangers of voting machines that aren’t properly secured, particularly the effect on public confidence of a very public successful hack, whether or not it managed to swing an election. “In the current hyper-partisan environment,” the authors noted, “evidence of this kind of hack could lead to accusations by each side that the other is rigging the election.”
While forensic examinations would answer many questions vital to researchers trying to improve voting systems, the potential for eroded confidence in those systems may help to explain DHS’ reluctance to seek out hard evidence. The department said most attacks were simple scanning, rather than attempts to alter tallies or poll books.
Evidence always seems to stop with “we don’t know:” An NSA report leaked to The Intercept in June detailed a phishing operation by the Russian military intelligence agency GRU on voting hardware maker VR Systems that in turn targeted voting officials. Like DHS, the NSA said it was unclear whether those officials’ machines had been compromised.
Some of the paralysis around how to move forward is a result of tensions between DHS and states angry about the designation of their election systems as “critical infrastructure” in January, just before President Trump took office. Then-secretary Johnson even acknowledged at the time that the designation was controversial to many state election officials, who see the offer of federal assistance, often with strings attached, as an attempted takeover (Johnson testified last week that when a critical infrastructure designation was first floated to state officials in August, the reaction “ranged from neutral to negative”).
“They’re in this strange position where they had a lot of pushback from election officials over federal overreach and in some ways they’re in a little bit of a bind,” said the Brennan Center’s Larry Norden, one of the authors of its report.
Everyone knows what has to be fixed, Norden says, but no one wants to go first. “The states want the counties to act, the counties want the state to pay for things, the states may want the money but they don’t want any of the mandates that come with the money,” he says. “There are investigations but there are no positive solutions yet.”
Current auditing processes, which vary wildly from state to state, are frequently arduous and sometimes nonsensical. In Virginia, where the margin of victory is often very shallow, it is illegal to audit the vote except when the margin is more than 10 percent—and only then if the local election official agrees, and after the election has been certified. When that audit takes place, it can’t change the outcome of the election, even if the audit reveals a completely different tally.
Cybersecurity expert Jeremy J. Epstein says the Virginia rule illustrates why widespread changes to voting standards are so difficult: Every place has different rules. In many states, “localities have almost no ability to raise funds,” Epstein observes. “Even if the state wants to do something, getting 130 localities in Virginia to do something that requires action at a local level is very hard to do.”
The dangers are real: Some voting machines still use Windows XP, which Microsoft hasn’t updated in years. Epstein has personally demonstrated huge security flaws in others. In 2015, he successfully campaigned to decertify the AVS WinVote machine, a touchscreen device that used a woefully outdated and insecure wireless protocol called WEP, which can be hacked in three minutes. Epstein pulled off the hack successfully and was able to retrieve the WinVote’s factory-set passwords: “abcde” and “admin.”
Halderman, too, has dramatically demonstrated how easy it is to take over voting machines, in one case simply by loading a voting machine with a memory card filled with malicious software that can then hitch a ride on that machine back to the central location where the votes are tallied (Machines are left unguarded so often that Ed Felten, who worked in the Obama White House as a deputy chief technology officer, used to make a tradition of posting pictures of them to his and Halderman’s blog, Freedom to Tinker).
In fact, Halderman testified before the Senate Intelligence panel that not only could he successfully breach voting machines himself, but he had made the process part of his assigned coursework.
“I know firsthand how easy it can be to manipulate computerized voting machines,” he told the Senate. “As part of security testing, I’ve performed attacks on widely used voting machines, and I’ve had students successfully attack machines under my supervision.”
These computer scientists agree the problem is urgent and nonpartisan, and no less a Trump ally than Rudy Giuliani said Wednesday that he believed the problem was serious, too. Even in the polarized post-election environment, Norden says he thinks legislators may be able to agree on the issue need to secure voting systems.
“The intelligence community has been pretty clear that while [the Russian hacking teams] may have favored Trump in the election, their interest is in undermining our democracy,” said Norden. “Regardless of party, I think we all share the idea that democracy is essential to the country.”
Read More →