Russian Hacking Fuels Return To Paper Ballots

Uploaded on 2017-11-10 in FREE TO VIEW, GOVERNMENT-National, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

After the “hanging chad” fiasco during the 2000 presidential recount, many states and counties switched to electronic-only voting machines to modernize their systems. Now, amid security concerns over Russian hackers targeting state voting systems in last year’s election, there’s a renewed focus on shifting to paper ballots.

In Virginia in the US, election officials decided in September to stop using paperless touch-screen machines, in an effort to safeguard against unauthorised access to the equipment and improve the security of the state’s voting system.

In Georgia, which uses electronic voting machines with no paper record, legislators are discussing getting rid of their aging equipment and using paper ballots instead. In a municipal election this November, officials will test a hybrid electronic-paper system.

“States and counties were already moving toward paper ballots before 2016,” said Katy Owens Hubler, a consultant to the National Conference of State Legislatures (NCSL). “But the Russian hacking incident has brought the spotlight to this issue.”

In September, the US Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election.

While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.
 
The National Association of Secretaries of State said would-be attackers tried to “scan” state computer systems last year, looking for open doors into networks. The secretaries of state, who serve as chief election officials in most states, said no voter information was altered or deleted, and the intruders did not access actual voting machines or devices that tabulate results.

Electronic vs. Paper

In 2002, two years after the hanging chad debacle in Florida, Congress passed the Help America Vote Act, which provided funding to state and local officials to upgrade their voting equipment.

Many areas replaced punch card machines like those used in Florida as well as old-fashioned lever equipment with direct recording electronic (DRE) machines, which frequently are touch screens. They record the vote within the machine’s memory, and many use no paper at all.

“Lots of election officials saw the nightmare of 2000 and said, ‘I don’t want to live through a recount,’ ” said Lawrence Norden of the Brennan Center for Justice, a public policy institute at New York University Law School. “When you have a DRE, you just ask the machine to print it out again. It does away with hand recounts and the controversy.”

But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.

Over the last decade, many states and counties have abandoned their electronic voting machines and turned to paper, often with equipment that tabulates the ballots using optical or digital scanners.

“It isn’t as old fashioned as people picture,” said Owens Hubler, the NCSL consultant. “It’s not a move back to hand-counting paper ballots.”

A Pew Research Center analysis of data from the Verified Voting Foundation, a nonprofit that advocates for paper ballots and election integrity, found that in 2014, nearly half of registered voters lived in jurisdictions ballots that were tabulated electronically (The Pew Research Center is funded by The Pew Charitable Trusts, which also funds Stateline).

More than a quarter lived in jurisdictions that used only electronic voting machines, most of which don’t provide a paper trail. The remaining jurisdictions used a mix of optical scanners and DRE equipment, voting by mail, or hand counting paper ballots.

Paperless Systems

Five states, Delaware, Georgia, Louisiana, New Jersey and South Carolina, still use only electronic voting machines, according to the Brennan Center’s Norden. In eight other states, including Pennsylvania and Virginia, paperless systems are used in some counties and cities, including Philadelphia.

In Virginia, one of the states Russian hackers targeted last year, that’s about to change.

In September, the state elections board decided that the 12 remaining counties and cities that still use electronic machines will no longer be able to do so.

Virginia Department of Elections Commissioner Edgardo Cortés said the board was concerned there was no independent means to validate election results with a paperless system. The Russian hacking incident, which didn’t breach Virginia’s voter registration database and only scanned public websites, was a confirmation of why beefing up security is so important, he added.

“The fact that there is an ongoing attempt to undermine the election process was a big factor in our determination to get rid of paperless equipment,” he said.

Cortes said it would cost local governments in the ballpark of $1.9 million to switch to paper and optical scanners, not including startup costs, printing ballots and training election workers.

In many states and counties, money has been the biggest impediment to switching voting equipment from electronic to paper.

The Brennan Center estimates it would cost $130 million to $400 million to replace all paperless machines.

“Funding is a huge problem. The question is who is responsible for paying for elections in the United States?” Norden said. “The counties don’t have the money. The states are saying it’s not our job to fund new equipment. And the federal government is saying it’s not our responsibility either.”

That attitude may be changing on Capitol Hill, however. Bipartisan proposals in Congress that would provide funding to help pay for new voting equipment are being seriously discussed for the first time in years, said Norden, who authored a June report outlining how election officials can protect voting technology from foreign interference.

“The Russian hacking incidents in 2016 have made a difference,” he said. “There’s more interest in Congress in this issue than there has been in a decade.”

PEW:

You Might Also Read:

Russian Hacking Went Far Beyond US Election:

Was The German Election Hacked?:


 
 

« News E-models For Quality Journalism
Insurance Will Reduce Cyber Losses »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.