New Election Systems Use Vulnerable Software:
Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems.
But there's a problem: Many of these new systems still run on old software that will soon be outdated and more vulnerable to hackers.
An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.
That's significant because Windows 7 reaches its "end of life" on Jan. 14, meaning Microsoft stops providing technical support and producing "patches" to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023.
Critics say the situation is an example of what happens when private companies ultimately determine the security level of election systems with a lack of federal requirements or oversight. Vendors say they have been making consistent improvements in election systems. And many state officials say they are wary of federal involvement in state and local elections.
It's unclear whether the often hefty expense of security updates would be paid by vendors operating on razor-thin profit margins or cash-strapped jurisdictions. It's also uncertain if a version running on Windows 10, which has more security features, can be certified and rolled out in time for primaries.
"That's a very serious concern," said J. Alex Halderman, a University of Michigan professor and renowned election security expert. He said the country risks repeating "mistakes that we made over the last decade or decade-and-a-half when states bought voting machines but didn't keep the software up-to-date and didn't have any serious provisions" for doing so.
The AP surveyed all 50 states, the District of Columbia and territories, and found multiple battleground states affected by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona and North Carolina. Also affected are Michigan, which recently acquired a new system, and Georgia, which will announce its new system soon.
"Is this a bad joke?" said Marilyn Marks, executive director of the Coalition for Good Governance, an election integrity advocacy organization, upon learning about the Windows 7 issue. Her group sued Georgia to get it to ditch its paperless voting machines and adopt a more secure system. Georgia recently piloted a system running on Windows 7 that was praised by state officials.
If Georgia selects a system that runs on Windows 7, Marks said, her group will go to court to block the purchase. State elections spokeswoman Tess Hammock declined to comment because Georgia hasn't officially selected a vendor.
The election technology industry is dominated by three titans: Omaha, Nebraska-based Election Systems and Software LLC; Denver, Colorado-based Dominion Voting Systems Inc.; and Austin, Texas-based Hart InterCivic Inc. They make up about 92% of election systems used nationwide, according to a 2017 study . All three have worked to win over states newly infused with federal funds and eager for an update.
[...] Of the three companies, only Dominion's newer systems aren't touched by upcoming Windows software issues — though it has election systems acquired from no-longer-existing companies that may run on even older operating systems.
[...] After the AP began making inquiries, Sen. Ron Wyden, D-Ore., wrote McCormick asking what EAC, which has no regulatory power, is doing to address a "looming election cybersecurity crisis" that essentially lays the "red carpet" out to hackers.
"Congress must pass legislation giving the federal government the authority to mandate basic cybersecurity for election infrastructure," Wyden told the AP in a statement.
(Score: 3, Insightful) by fustakrakich on Tuesday July 16 2019, @04:33AM (14 children)
We can get paper ballots if the demand is strong enough.
La politica e i criminali sono la stessa cosa..
(Score: 2) by c0lo on Tuesday July 16 2019, @04:40AM (4 children)
Whose demand, tho'?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: -1, Offtopic) by Anonymous Coward on Tuesday July 16 2019, @05:21AM (1 child)
Won't happen in California, wouldn't want to disenfranchise all those illegal motor voters they signed up when they gave drivers licenses to criminals.
(Score: 0, Informative) by Anonymous Coward on Tuesday July 16 2019, @06:27AM
FTFY. No thanks necessary, you destroyer of Democracies! All hail the Bush dynasty! Regime change begins at home! Send Trump back to where he was running away from, a concrete foundation of a Huge building.
(Score: 2) by DeathMonkey on Tuesday July 16 2019, @05:59PM (1 child)
People who value fair elections.
So, everybody but the Republicans, basically.
(Score: 0) by Anonymous Coward on Wednesday July 17 2019, @06:10PM
So, everybody but the Republicans, basically.
Or the DNC!
You are so... tribal!
(Score: 3, Interesting) by mhajicek on Tuesday July 16 2019, @04:51AM (2 children)
If your voting machine uses software you're doing it wrong.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @05:34AM (1 child)
I prefer the hand crank slot machine voting booth.
(Score: 2) by kazzie on Tuesday July 16 2019, @11:48AM
Do they use those in Vegas?
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @12:39PM
Paper ballots are definitely a bare minimum for a possibly secure election system. But I think they might be including parts that are going to always be computerized: printing the ballots and handling the voter rolls. Attacking those is less direct than changing the vote totals, but they're still an avenue for attacking an election.
(Score: 2) by JoeMerchant on Tuesday July 16 2019, @12:40PM (4 children)
Newsflash: paper ballots are vulnerable to hacking too, and the number of people with the skill and experience to do so is much larger.
🌻🌻 [google.com]
(Score: 1) by fustakrakich on Tuesday July 16 2019, @05:17PM (3 children)
Still more secure than anything else. The system has to be transparent to everybody, not just the technological mystics. I'm not asking for anything more.
La politica e i criminali sono la stessa cosa..
(Score: 2) by JoeMerchant on Tuesday July 16 2019, @06:41PM (2 children)
Transparency is ideal. Then we get into the right to vote anonymously, which throws a wrench in the whole thing. You can never have perfect transparency in combination with perfect anonymity.
🌻🌻 [google.com]
(Score: 1) by fustakrakich on Tuesday July 16 2019, @06:53PM (1 child)
Still, paper ballots are human legible through the entire chain. You don't even need electricity to continue the process. Paper ballots are by far the best option, without exception.
La politica e i criminali sono la stessa cosa..
(Score: 2) by JoeMerchant on Tuesday July 16 2019, @08:14PM
I'd say they are the most familiar, well understood, and easily manipulated (honestly, and dishonestly) by your existing pool of poll workers.
The software and hardware in electronic voting machines should be fully open source, until that is the case I'll come down on the side that paper ballots are better by at least some slim margin. Vendors wishing to sell electronic vote collection and counting systems should be competing based on transparency and simplicity - the lack of transparency in the existing e-voting systems has been a major red flag for me.
In that ideal universe which we forked off from roughly when the first grains were grown domestic / agriculturally... anyone who completed low-standard high school math and computer science courses would be able to fully understand and explain how the e-voting system works, as well as verify that the system has been used honestly and accurately. Unfortunately, as soon as there was no need for everyone to actively contribute to the community's survival every waking hour of the day, in our universe, we started growing parasitic components in society which strive to do ever less while benefiting ever more and they almost never care how that affects the rest of society - so lying, cheating and stealing is simply a part of the landscape that we always have to guard against.
🌻🌻 [google.com]
(Score: 3, Insightful) by Rosco P. Coltrane on Tuesday July 16 2019, @04:43AM (1 child)
But it's okay, it already is.
(Score: -1, Troll) by Anonymous Coward on Tuesday July 16 2019, @01:21PM
All hail the Orange Clown!
(Score: 2, Troll) by Some call me Tim on Tuesday July 16 2019, @05:30AM (1 child)
California is seriously lax in cleaning up their voter rolls and Ballot harvesting is the fraud of the day here. https://dailycaller.com/2018/12/01/ballot-harvesting-california-dems-gop/ [dailycaller.com]
Questioning science is how you do science!
(Score: 4, Informative) by slob who just suffers in silence on Tuesday July 16 2019, @06:08AM
That liberal rag </sarcasm>, the San Diego Union Tribune writes:
"There have been no credible reports of “ballot harvesting” being employed illegally or systematically to amount to election fraud. "
Further down in the same article:
“To say we were caught flat-footed by this is just not true,” California GOP spokesman Matt Fleming told Fox News. “We were well aware of this, we even did it ourselves, we pay attention to election laws.”
(Score: 2, Funny) by aristarchus on Tuesday July 16 2019, @08:01AM
No one else see a problem with this? Couldn't just submit in plain html, like a normal Linux distro?
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @12:44PM (2 children)
First, I haven't seen a substitute for paper ballots, only improved methods for using them, so there should be a paper trail even if the W7 system is compromised.
If there is not, the W7 is the least of the problems.
Second, W7 is only a problem if it is hooked to the Internet, but for an election system, why would you do that?
If the precincts need to be networked, then hide them behind a VPN and let W7 live long and prosper.
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @01:25PM (1 child)
You might want to read this and rethink your strategy https://en.wikipedia.org/wiki/Air_gap_(networking) [wikipedia.org]
Protip: e.g. Stuxnet
(Score: 1, Insightful) by Anonymous Coward on Tuesday July 16 2019, @02:50PM
One doesn't have to run faster than the lion, only faster that the competition.
The article was about W7 being old and out of support.
To address this, one should only have to make it work as well as the 'new' stuff/junk.
Paper is the ultimate protection for this issue.
Granted, a VPN would not protect from a Stuxnet like attack, but upgrading from W7 seems unlikely to as well.
Isn't most OS patching in response to things that happen over the Internet?
Patching seems less likely to help if the attacker has physical access to the machine.
(Or is able to trick a human to do same.)
(Score: 3, Interesting) by loic on Tuesday July 16 2019, @12:48PM (1 child)
Please cut the FUD.
These machine are usually build on Windows Embedded POSReady 7 which is a special version of Windows with a different end of support date. So surely, it is not perfect, but it still has 2 years of support.
(Score: 2) by Sourcery42 on Tuesday July 16 2019, @04:43PM
POS Ready? Egads! What marketing drone let this out the door.
(Score: 2) by Rupert Pupnick on Tuesday July 16 2019, @03:25PM
In an electronic voting system, how do recounts work? Aren’t you guaranteed to get the same result?
I agree that paper ballots are the only way to go.
(Score: 2) by Gaaark on Tuesday July 16 2019, @05:05PM
FUCK!
I know, let's buy machines almost out of date, then pay the vendor (MS) more money to update it! I'm brilliant! (Microsoft, please hire me now).
Gods people are fucking dumb.
Stupid is as stupid does.... stupid stupid stupid.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @08:10PM
Well any involvement beyond paying for it.
(Score: 0) by Anonymous Coward on Wednesday July 17 2019, @03:04AM
https://www.xkcd.com/2030/ [xkcd.com]