New election, same risks

Share this article:

In November, Americans will head to the polls to cast ballots in a presidential election. However, the technology used in voting machines has changed little since the last contest, and security risks are still an ever-present danger.

One type of voting system that's commonly deployed is the Direct Recording Electronic (DRE) machine, a touchscreen device that records votes and processes the data through a computer program. Just as with any internet-enabled computing system, there are inherent vulnerabilities.

Even though the applications used in DREs offer software security measures, such as cryptographic signing keys and anti-virus software, they can still be hacked, said John Sebes, CTO of the TrustTheVote Project, a nonprofit technology think tank.

“DREs share the basic hardware architecture of most PCs, where carefully crafted inputs can cause modifications to the software as it executes memory,” he said. “Attacks can, in turn, be used to modify the software or data, including votes.”

In the 2010 Election and Administration Voting Survey, conducted by the U.S. Election Assistance Commission (EAC), an independent, bipartisan agency, 18 states reported deploying DREs, which produce a voter-verified paper audit trail (VVPAT). DREs are also available that do not offer a VVPAT. In Georgia, Maryland, Louisiana, South Carolina and New Jersey, nearly all voting equipment used in 2010 were DREs without VVPATs.

“There has been a lot more scrutiny in terms of procedures and what jurisdictions are doing to ensure that the chain of custody is maintained for the machines.”

– Marcus MacNeill, vice president of products at Hart InterCivic
Three major providers – Election Systems and Software, Sequoia Voting Systems and Hart InterCivic – supply the electronic voting systems in the United States. Each vendor's technology has gone through the federal and state certification process, as well as passed the Voting System Testing and Certification Program, developed by EAC.

But, while guidelines and procedures on the federal and state level aid in the overall security, there is still potential for insider attacks in the manufacturing process, Sebes said. As well, hardware or vote-counting software could be altered before it gets to election officials.

Although voting equipment may have vulnerabilities, perhaps an even bigger concerns involves physical security, said Marcus MacNeill, vice president of products at Hart InterCivic, a provider of election voting systems.

“There has been a lot more scrutiny in terms of procedures and what jurisdictions are doing to ensure that the chain of custody is maintained for the machines,” he said.
Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.