Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Election security isn't that hard

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 12 Sep 2019 11:05:15 +0000 (UTC)
https://www.politico.com/agenda/story/2019/09/10/election-security-000954

By Kevin Shelley and Wayne Williams
The Agenda
Politico.com
09/10/2019

Intelligence experts warn that hostile nation-states, criminals and political
partisans are preparing attacks on our election systems in 2020. We’ve set
ourselves up for this: In the course of modernizing our voting systems, our
country has introduced computers into many layers of our election process,
including the recording and tallying of our votes. In fact, 99 percent of votes
cast in 2020 will be counted either by the computerized voting machines on which
the voters cast their ballots or – in the case of voter-marked paper ballots –
by scanners, which also are computers.

As former secretaries of state from both parties, we know that it’s possible to
devise tangible solutions needed to validate our elections. In fact, we can tell
you how to do it.

That’s not to say that it’s easy, particularly given the decentralized nature of
our election administration system. Most states administer elections locally and
only a few states have uniform equipment in each locality. For many years,
election administration has been woefully underfunded, leading to wide
variability in capacity and resources. But, as long as the equipment
incorporates a voter-marked paper ballot, officials can adjust existing
processes to instill confidence in elections, regardless of the equipment in
place.

First, we need to dispel one misconception. Many people (including many election
officials) believe that if a voting system or scanner is never connected to the
internet, it will always be safe. Alas, that’s not the case. For each new
election a file is prepared that contains the candidate and issue names and
their placements on the ballot. This file is created by another computer that
may be connected either directly or indirectly to the internet. If that computer
is infected with malware, it can pass on that infection when the file containing
the election information is fed into the voting machine or scanner.

[...]

Kevin Shelley, a Democrat, is the former California secretary of state and
serves on the board of directors for Verified Voting, a nonpartisan, nonprofit
organization that promotes verifiable voting practices. Wayne Williams, a
Republican, is the former secretary of state for Colorado and also serves on the
board of advisers for Verified Voting.


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: