Though researchers discovered a fundamental security flaw in voting machines months ago, the company behind the machines may still be advertising them to states in a way that allows the vulnerability to persist, according to a letter sent to the US Election Assistance Commission and reported by NBC News.
In Aug 2019, a team of independent security experts found that, contrary to popular belief, many digital voting machines were connected to the internet, sometimes for months on end, Motherboard reported. This, the experts feared, could give hackers a window through which to manipulate votes.
The company that makes the machines that the researchers found to be flawed is called Election Systems & Software (ES&S) (company officials disputed this characterization of its systems). About 70 million Americans’ votes are counted using one of ES&S’ machines, which make up about half of the election equipment market, according to ProPublica.
ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.
The US Election Assistance Commission (EAC) is a federal organization that acts as a clearinghouse for voting equipment. According to a letter sent to the EAC on Jan 7, though only models without the modem are approved by the EAC, ES&S continues to market one model of its machines, the DS200, in ways that obfuscate the fact that modem-equipped models are not EAC-approved.
The letter writers—representatives from Free Speech for People, a nonprofit focused on campaign finance reform, along with Susan Greenhalgh, the vice president of policy and program at the National Election Defense Coalition—ask that the EAC “investigate this misconduct, require corrective action, and determine whether to suspend ES&S’ manufacturer registration.”
Since the report broke, several states, such as North Carolina and Florida (pdf), have either adopted or continue to use ES&S equipment, despite warnings of the machines’ security vulnerabilities. Some believe the EAC, an agency that is consistently understaffed and underfunded, lacks the authority to protect voters in this year’s election. “Perhaps not surprisingly, the last two major meetings of the EAC and local election officials about the certification process have resulted in screaming matches over the slow pace of progress,” according to a ProPublica story published on Oct 28.
Many experts have noted that just because a voting machine is disconnected from the internet doesn’t mean it’s immune to security breaches—that there’s no such thing as a hacker-proof voting machine. But that doesn’t mean we shouldn’t work to close up the gaps we’ve already found.
As November’s presidential election looms, there is a lot for Americans to be concerned about. From the spread of misinformation on sites like Facebook to leaking candidates’ hacked secrets, most Americans know that the processes by which we have fair elections are under attack, despite the Trump administration’s assurances that steps are being taken to counteract these threats. But at the end of the day, secure vote-counting systems are a basic requirement. The question is: do our leaders have the will to make sure we get that? There’s still time, though it’s quickly running out.