Russian Hacking Fuels Return To Paper Ballots

After the “hanging chad” fiasco during the 2000 presidential recount, many states and counties switched to electronic-only voting machines to modernize their systems. Now, amid security concerns over Russian hackers targeting state voting systems in last year’s election, there’s a renewed focus on shifting to paper ballots.

In Virginia in the US, election officials decided in September to stop using paperless touch-screen machines, in an effort to safeguard against unauthorised access to the equipment and improve the security of the state’s voting system.

In Georgia, which uses electronic voting machines with no paper record, legislators are discussing getting rid of their aging equipment and using paper ballots instead. In a municipal election this November, officials will test a hybrid electronic-paper system.

“States and counties were already moving toward paper ballots before 2016,” said Katy Owens Hubler, a consultant to the National Conference of State Legislatures (NCSL). “But the Russian hacking incident has brought the spotlight to this issue.”

In September, the US Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election.

While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.
 
The National Association of Secretaries of State said would-be attackers tried to “scan” state computer systems last year, looking for open doors into networks. The secretaries of state, who serve as chief election officials in most states, said no voter information was altered or deleted, and the intruders did not access actual voting machines or devices that tabulate results.

Electronic vs. Paper

In 2002, two years after the hanging chad debacle in Florida, Congress passed the Help America Vote Act, which provided funding to state and local officials to upgrade their voting equipment.

Many areas replaced punch card machines like those used in Florida as well as old-fashioned lever equipment with direct recording electronic (DRE) machines, which frequently are touch screens. They record the vote within the machine’s memory, and many use no paper at all.

“Lots of election officials saw the nightmare of 2000 and said, ‘I don’t want to live through a recount,’ ” said Lawrence Norden of the Brennan Center for Justice, a public policy institute at New York University Law School. “When you have a DRE, you just ask the machine to print it out again. It does away with hand recounts and the controversy.”

But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.

Over the last decade, many states and counties have abandoned their electronic voting machines and turned to paper, often with equipment that tabulates the ballots using optical or digital scanners.

“It isn’t as old fashioned as people picture,” said Owens Hubler, the NCSL consultant. “It’s not a move back to hand-counting paper ballots.”

A Pew Research Center analysis of data from the Verified Voting Foundation, a nonprofit that advocates for paper ballots and election integrity, found that in 2014, nearly half of registered voters lived in jurisdictions ballots that were tabulated electronically (The Pew Research Center is funded by The Pew Charitable Trusts, which also funds Stateline).

More than a quarter lived in jurisdictions that used only electronic voting machines, most of which don’t provide a paper trail. The remaining jurisdictions used a mix of optical scanners and DRE equipment, voting by mail, or hand counting paper ballots.

Paperless Systems

Five states, Delaware, Georgia, Louisiana, New Jersey and South Carolina, still use only electronic voting machines, according to the Brennan Center’s Norden. In eight other states, including Pennsylvania and Virginia, paperless systems are used in some counties and cities, including Philadelphia.

In Virginia, one of the states Russian hackers targeted last year, that’s about to change.

In September, the state elections board decided that the 12 remaining counties and cities that still use electronic machines will no longer be able to do so.

Virginia Department of Elections Commissioner Edgardo Cortés said the board was concerned there was no independent means to validate election results with a paperless system. The Russian hacking incident, which didn’t breach Virginia’s voter registration database and only scanned public websites, was a confirmation of why beefing up security is so important, he added.

“The fact that there is an ongoing attempt to undermine the election process was a big factor in our determination to get rid of paperless equipment,” he said.

Cortes said it would cost local governments in the ballpark of $1.9 million to switch to paper and optical scanners, not including startup costs, printing ballots and training election workers.

In many states and counties, money has been the biggest impediment to switching voting equipment from electronic to paper.

The Brennan Center estimates it would cost $130 million to $400 million to replace all paperless machines.

“Funding is a huge problem. The question is who is responsible for paying for elections in the United States?” Norden said. “The counties don’t have the money. The states are saying it’s not our job to fund new equipment. And the federal government is saying it’s not our responsibility either.”

That attitude may be changing on Capitol Hill, however. Bipartisan proposals in Congress that would provide funding to help pay for new voting equipment are being seriously discussed for the first time in years, said Norden, who authored a June report outlining how election officials can protect voting technology from foreign interference.

“The Russian hacking incidents in 2016 have made a difference,” he said. “There’s more interest in Congress in this issue than there has been in a decade.”

PEW:

You Might Also Read:

Russian Hacking Went Far Beyond US Election:

Was The German Election Hacked?:


 
 

« News E-models For Quality Journalism
Insurance Will Reduce Cyber Losses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

GuardSquare

GuardSquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.

AKIPS

AKIPS

AKIPS develops the world's most scalable network and infrastructure monitoring software, delivered as a turn-key software appliance.