Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday July 16 2019, @04:01AM   Printer-friendly
from the open-source dept.

New Election Systems Use Vulnerable Software:

Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems.

But there's a problem: Many of these new systems still run on old software that will soon be outdated and more vulnerable to hackers.

An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.

That's significant because Windows 7 reaches its "end of life" on Jan. 14, meaning Microsoft stops providing technical support and producing "patches" to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023.

Critics say the situation is an example of what happens when private companies ultimately determine the security level of election systems with a lack of federal requirements or oversight. Vendors say they have been making consistent improvements in election systems. And many state officials say they are wary of federal involvement in state and local elections.

It's unclear whether the often hefty expense of security updates would be paid by vendors operating on razor-thin profit margins or cash-strapped jurisdictions. It's also uncertain if a version running on Windows 10, which has more security features, can be certified and rolled out in time for primaries.

"That's a very serious concern," said J. Alex Halderman, a University of Michigan professor and renowned election security expert. He said the country risks repeating "mistakes that we made over the last decade or decade-and-a-half when states bought voting machines but didn't keep the software up-to-date and didn't have any serious provisions" for doing so.

The AP surveyed all 50 states, the District of Columbia and territories, and found multiple battleground states affected by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona and North Carolina. Also affected are Michigan, which recently acquired a new system, and Georgia, which will announce its new system soon.

"Is this a bad joke?" said Marilyn Marks, executive director of the Coalition for Good Governance, an election integrity advocacy organization, upon learning about the Windows 7 issue. Her group sued Georgia to get it to ditch its paperless voting machines and adopt a more secure system. Georgia recently piloted a system running on Windows 7 that was praised by state officials.

If Georgia selects a system that runs on Windows 7, Marks said, her group will go to court to block the purchase. State elections spokeswoman Tess Hammock declined to comment because Georgia hasn't officially selected a vendor.

The election technology industry is dominated by three titans: Omaha, Nebraska-based Election Systems and Software LLC; Denver, Colorado-based Dominion Voting Systems Inc.; and Austin, Texas-based Hart InterCivic Inc. They make up about 92% of election systems used nationwide, according to a 2017 study . All three have worked to win over states newly infused with federal funds and eager for an update.

[...] Of the three companies, only Dominion's newer systems aren't touched by upcoming Windows software issues — though it has election systems acquired from no-longer-existing companies that may run on even older operating systems.

[...] After the AP began making inquiries, Sen. Ron Wyden, D-Ore., wrote McCormick asking what EAC, which has no regulatory power, is doing to address a "looming election cybersecurity crisis" that essentially lays the "red carpet" out to hackers.

"Congress must pass legislation giving the federal government the authority to mandate basic cybersecurity for election infrastructure," Wyden told the AP in a statement.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DeathMonkey on Tuesday July 16 2019, @05:59PM (1 child)

    by DeathMonkey (1380) on Tuesday July 16 2019, @05:59PM (#867634) Journal

    Whose demand, tho'?

    People who value fair elections.

    So, everybody but the Republicans, basically.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday July 17 2019, @06:10PM

    by Anonymous Coward on Wednesday July 17 2019, @06:10PM (#868127)

    So, everybody but the Republicans, basically.

    Or the DNC!

    You are so... tribal!