Russian Hacking Fuels Return To Paper Ballots

Uploaded on 2017-11-10 in FREE TO VIEW, GOVERNMENT-National, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

After the “hanging chad” fiasco during the 2000 presidential recount, many states and counties switched to electronic-only voting machines to modernize their systems. Now, amid security concerns over Russian hackers targeting state voting systems in last year’s election, there’s a renewed focus on shifting to paper ballots.

In Virginia in the US, election officials decided in September to stop using paperless touch-screen machines, in an effort to safeguard against unauthorised access to the equipment and improve the security of the state’s voting system.

In Georgia, which uses electronic voting machines with no paper record, legislators are discussing getting rid of their aging equipment and using paper ballots instead. In a municipal election this November, officials will test a hybrid electronic-paper system.

“States and counties were already moving toward paper ballots before 2016,” said Katy Owens Hubler, a consultant to the National Conference of State Legislatures (NCSL). “But the Russian hacking incident has brought the spotlight to this issue.”

In September, the US Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election.

While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.
 
The National Association of Secretaries of State said would-be attackers tried to “scan” state computer systems last year, looking for open doors into networks. The secretaries of state, who serve as chief election officials in most states, said no voter information was altered or deleted, and the intruders did not access actual voting machines or devices that tabulate results.

Electronic vs. Paper

In 2002, two years after the hanging chad debacle in Florida, Congress passed the Help America Vote Act, which provided funding to state and local officials to upgrade their voting equipment.

Many areas replaced punch card machines like those used in Florida as well as old-fashioned lever equipment with direct recording electronic (DRE) machines, which frequently are touch screens. They record the vote within the machine’s memory, and many use no paper at all.

“Lots of election officials saw the nightmare of 2000 and said, ‘I don’t want to live through a recount,’ ” said Lawrence Norden of the Brennan Center for Justice, a public policy institute at New York University Law School. “When you have a DRE, you just ask the machine to print it out again. It does away with hand recounts and the controversy.”

But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.

Over the last decade, many states and counties have abandoned their electronic voting machines and turned to paper, often with equipment that tabulates the ballots using optical or digital scanners.

“It isn’t as old fashioned as people picture,” said Owens Hubler, the NCSL consultant. “It’s not a move back to hand-counting paper ballots.”

A Pew Research Center analysis of data from the Verified Voting Foundation, a nonprofit that advocates for paper ballots and election integrity, found that in 2014, nearly half of registered voters lived in jurisdictions ballots that were tabulated electronically (The Pew Research Center is funded by The Pew Charitable Trusts, which also funds Stateline).

More than a quarter lived in jurisdictions that used only electronic voting machines, most of which don’t provide a paper trail. The remaining jurisdictions used a mix of optical scanners and DRE equipment, voting by mail, or hand counting paper ballots.

Paperless Systems

Five states, Delaware, Georgia, Louisiana, New Jersey and South Carolina, still use only electronic voting machines, according to the Brennan Center’s Norden. In eight other states, including Pennsylvania and Virginia, paperless systems are used in some counties and cities, including Philadelphia.

In Virginia, one of the states Russian hackers targeted last year, that’s about to change.

In September, the state elections board decided that the 12 remaining counties and cities that still use electronic machines will no longer be able to do so.

Virginia Department of Elections Commissioner Edgardo Cortés said the board was concerned there was no independent means to validate election results with a paperless system. The Russian hacking incident, which didn’t breach Virginia’s voter registration database and only scanned public websites, was a confirmation of why beefing up security is so important, he added.

“The fact that there is an ongoing attempt to undermine the election process was a big factor in our determination to get rid of paperless equipment,” he said.

Cortes said it would cost local governments in the ballpark of $1.9 million to switch to paper and optical scanners, not including startup costs, printing ballots and training election workers.

In many states and counties, money has been the biggest impediment to switching voting equipment from electronic to paper.

The Brennan Center estimates it would cost $130 million to $400 million to replace all paperless machines.

“Funding is a huge problem. The question is who is responsible for paying for elections in the United States?” Norden said. “The counties don’t have the money. The states are saying it’s not our job to fund new equipment. And the federal government is saying it’s not our responsibility either.”

That attitude may be changing on Capitol Hill, however. Bipartisan proposals in Congress that would provide funding to help pay for new voting equipment are being seriously discussed for the first time in years, said Norden, who authored a June report outlining how election officials can protect voting technology from foreign interference.

“The Russian hacking incidents in 2016 have made a difference,” he said. “There’s more interest in Congress in this issue than there has been in a decade.”

PEW:

You Might Also Read:

Russian Hacking Went Far Beyond US Election:

Was The German Election Hacked?:


 
 

« News E-models For Quality Journalism
Insurance Will Reduce Cyber Losses »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

Axoflow

Axoflow

Axoflow helps organizations to consolidate their existing solutions for logs, metrics, and traces, and evolve them into a cloud native observability infrastructure.