Two weeks ago the DEF CON 26 Voting Village workshop demonstrated several ways for non-experts to hack into voting machines and related computer systems. You may recall, for example, that an 11-year-old named Audrey used SQL injection to penetrate a web server simulating the Florida secretary of state’s vote-reporting website.
Makers of voting machines are not amused. Election Systems & Software (ES&S), a leading manufacturer, not only refused to cooperate with Voting Village, but even threatened event organizers that unauthorized use of its software during the hackathon would violate ES&S’s license agreements. Voting-machine makers have also lobbied against the Secure Elections Act, a bipartisan Senate bill intended to improve election security in part by using paper ballots — a bill that the Trump administration reportedly has killed.
Last week a bipartisan group of senators wrote ES&S asking about its obstruction of voting-security research, and mentioning the not-so-veiled legal threats against Voting Village. ES&S responded that its obstruction is due to — wait for it — national security concerns. In their response late last week, ES&S argued against hacking conferences, writing “We believe that exposing technology in these kinds of environments makes hacking elections easier, not harder.”
An article by Shaun Nichols in the trade publication The Register sums up the technical community’s reaction to ES&S’s assertion, namely, skepticism and even hilarity from those not employed by a voting-machine maker. Prof. Matt Blaze, a University of Pennsylvania computer security researcher and co-organizer of the DEF CON 26 Voting Village, tweeted:
We bought a bunch of surplus voting machines on eBay and put them in a room. I believe many of our foreign adversaries already have eBay capability, so perhaps it would be prudent to use election equipment that can withstand eBay-based threats. https://t.co/SYsVEH2etX
Reaction from lawmakers was also negative. A spokesperson for Sen. Kamala Harris (D-CA) said it was “unacceptable that ES&S continues to dismiss the very real security concerns that DEF CON raised.”
If you’re concerned about election security and are a constituent of one of the senators in question, it would be helpful to write them a brief note of support now, while the issue is hot. You can write to:
If you’re not in any of those states, you can write to your own senator. In America, election security should truly be a nonpartisan issue.