There is no evidence, despite partisan claims to the contrary, that mail-in ballots are rife with voting fraud but there are parts of the election system that security researchers say are at far greater risk for malicious activity.
National elections like the one in November, when Americans will decide whether Donald Trump or Joe Biden will lead the country for the next four years, are really thousands of smaller elections administered by state and county governments. And each of those governments has its own procedures for ensuring ballot and information security, and for purchasing, maintaining and testing the equipment that it uses to conduct its election.
For instance, even though more than 30 states allow overseas voters to cast their ballots by email, fax or through other electronic means, there are no standards for even basic security measures like encryption.
Encryption? We dont do that, Cochise County, Ariz., Recorder David Stevens told Arizona Mirror about the ballots his office accepts by email. We probably should.
The Cochise County Recorders Office accepts only federal ballots not those with state or local contests via email, Stevens said, and only in specific circumstances, such as voters who are in the military and stationed overseas.
Most overseas and military voters use a secure online portal provided by the Secretary of State, though some counties told the Mirror that they still accept ballots via fax or email.
Lax or nonexistent security on those systems, as well as the physical machines used to cast or count ballots, open the door to election hacking.
Hackers and security researchers at the annual DEFCON conference have in recent years made a point of looking at how secure or insecure the nations voting infrastructure is, known as the DEFCON Voting Village.
This year, instead of the hands-on hacking of election machines that have grabbed headlines in years past, the Voting Village focused on in-depth discussions about the integrity and security of our election infrastructure. Among the topics of discussion were the vulnerabilities to election systems presented by fax machines, email voting and more.
Hack the vote
Earlier this month, a Russian newspaper reported that the personal information of 7.5 million Michiganders was posted on a Russian hacker site. It appeared to show the their voter identification number and polling places. The paper claimed the site had been hacked in an attempt to solicit money from the U.S. government.
But Michigans Department of Statedenied that this was a data breach of any sort, as the information being posted is already publicly available.
Public voter information in Michigan and elsewhere is accessible to anyone through a FOIA [Freedom of Information Act] request. Our system has not been hacked, secretary of State spokesperson Jake Rollow told Michigan Advance in an email.
That focus on infosec was a big part of DEFCON talk this year by Forrest Senti, director of government and business affairs for the National Cybersecurity Center, and Caleb Gardner, a fellow with Secure the Vote.
The talk focused on how certain fax machines that are used to accept ballots can present a vulnerability to election offices, with election officials frequently unaware of the security issues stemming from a fax number that is often posted online.
Without proper security, all a hacker would need is the phone number to take over an election officials fax machine, allowing them to search other computers that are on the same network or install a malicious program to steal documents.
Even if you dont get any ballots through a fax machine, it still represents a vulnerability, Senti said to the Mirror.
Thirty-one states and the District of Columbia allow voters to return ballots by email and fax, according to the National Conference of State Legislatures. In Maryland, when voters receive an emailed ballot and return it by email, it is printed out by elections officials and counted by hand.
In the 2016 election, 455 ballots were cast by overseas voters in Cochise County, according to data by the United States Election Assistance Commission. That includes votes cast via the countys un-encrypted email system, faxed or through an online portal run by the Arizona Secretary of States Office.
In 2018, some 29,000 ballots were cast across the country by voters overseas using some form of online portal, email or fax, according to the data.
While Senti and others say this number is not statistically significant, the shortcomings pose an outsized risk.
The greater fear is that the ballots themselves could be compromised.
In the DEFCON Voting Villages 2019 report, hackers and researchers found that voting machines had a number of vulnerabilities. Some had security features turned off when they were shipped, some had voter data easily accessible, some had no passwords set and one even had an unencrypted hard drive.
Several states across the country use those machines.
The ES&S Automark is used in many states to help voters with disabilities mark their ballots. The machines have been in use for years, and the Voting Village found some concerning vulnerabilities.
Immediate root access to the device was available simply by hitting the Windows key on the keyboard, the report states. A user who gains root access on the device can see and potentially change any files or other systems.
The ES&S Automark obtained by the Voting Village was using software from 2007 and appeared to have last been used in a 2018 special election. The PIN code to replace the firmware on the entire device was listed as 1111.
But there are no national guidelines for how election officials conduct these sorts of audits or tests on electronic voting devices; instead, it is up to each jurisdiction to develop its own methods of checking the devices.
For example, in Colorado, election officials roll a series of 10-sided die on a webcast in order to generate a random number that determines which machine-tallied election results will be checked for discrepancies.
These jurisdictions have a lot of autonomy in what they do, Mattie Gullixson, program manager for Secure the Vote, said.
Some of the jurisdictions may also not have the manpower needed to institute the changes required to ensure safe election procedures.
Its estimated that a nationwide vote by mail effort could cost up to $1.4 billion, compared to $272 million for in-person voting. Localities could get monies from the Help America Vote Act or the CARES Act to offset costs associated with voting this election cycle, but election hacking and its interplay with COVID-19 will present an acute financial impact, according to Gullixson and Senti.
And hacking isnt limited to computer systems: Disinformation from foreign actors is commonly referred to as social hacking for its manipulation of social behavior.
How do you (fight) against messages that say, because of COVID, this voting center has been shut down? Gullixson said. Those levels of mis- or disinformation could be one of the stronger negative drivers in people voting this year.
Gullilxsons background is in election administration and shortly after the 2016 election, she said that mis- or disinformation led many voters to call the elections office confused, asking questions that were fueled by disinformation circulating on social media.
The FBI and the Cybersecurity and Infrastructure Security Agency has already issued an alert urging Americans to be on the lookout for new websites or changes to existing websites made by foreign or malicious actors with the intention of spreading such misinformation.
Information warfare has been around as long as warfare has been around, Gullixson said.
In fact, in 1985, the Russians started a disinformation campaign dubbed Operation INFEKTION that aimed to make the world believe the United States had created AIDS, a conspiracy theory that is still active today.
So far in 2020, Russian, Chinese and Iranian hackers have been caught by Microsoft in attempts to target both the campaigns of Trump and Biden.
China has also been caught by Facebook using fake accounts to speak on election matters. And just this month, Facebook and Twitter removed dozens of Russian accounts aimed at dissuading left-leaning voters from voting for Biden.
So how does one combat this type of warfare?
It starts with voters.
There are growing efforts to try to tackle that but it starts with the voter realizing they could be manipulated in that way, Gullixson said.
The FBI has shared similar advice, saying that voters should make sure to get their election information from their state and county officials instead of Facebook pages, as they could very well be hacked or fake pages.
Despite what may seem like a lot of doom and gloom, Gullixson and her colleagues are hopeful that the attention these issues have been getting will help shape policy around voting for the next 15 years for the better.
We just have to make sure we can get through it unscathed, she said.
Jerod-MacDonald-Evoy is a reporter at the Arizona Mirror. Michigan Advance reporter Laina G. Stebbins, Maine Beacon reporter Evan Popp and Colorado Newsline reporter Chase Woodruff contributed to this report.
- What Is the Signal Encryption Protocol? - WIRED - November 30th, 2020
- Data Protection | The Pros and Cons of End-to-End Encryption - DIGIT.FYI - November 30th, 2020
- Encryption Software Market Overview, Growth, Types, Applications, Dynamics, Companies, Regions, & Forecast to 2026 - The Haitian-Caribbean News... - November 30th, 2020
- Encryption Software Market to Witness Astonishing Growth by 2027 | Dell , Eset , Gemalto and more - Cheshire Media - November 30th, 2020
- EU targets end-to-end encryption tools after rise in terror attacks - DIGIT.FYI - November 30th, 2020
- European Legislators Move to Eliminate End-to-End Encryption in Messaging Services Following Terror Attacks - Digital Information World - November 30th, 2020
- Facebook urged to end encryption to help cops stop paedophiles using app - The Sun - November 30th, 2020
- Inside the French governments mission to develop an encrypted messaging platform - NS Tech - November 30th, 2020
- Hardware-based Full Disk Encryption Market Size, Key Manufacturers, Demand, Application And Opportunities By 2027 - The Haitian-Caribbean News Network - November 30th, 2020
- The tech and security backends that keep your data safe - Business MattersBusiness Matters - November 30th, 2020
- Encryption Software Market Expected to Boost the Global Industry Growth in the Near Future - Cheshire Media - November 30th, 2020
- Commercial Encryption Software Market Will Generate Record Revenue by 2025 - The Haitian-Caribbean News Network - November 30th, 2020
- Symmetric Encryption Algorithms: Live Long & Encrypt - Hashed Out by The SSL Store - Hashed Out by The SSL Store - November 24th, 2020
- Google plans to test end-to-end encryption in Android messages - TechCrunch - November 24th, 2020
- Google Messages Set to Roll Out End-to-End Encryption - Infosecurity Magazine - November 24th, 2020
- Did they crack the code? The importance of encryption for protest movements - OpenGlobalRights - November 24th, 2020
- The EU's muddled approach to encryption - The Spectator US - November 24th, 2020
- AES Encryption Software Market 2020 Global Industry Size, Demand, Growth Analysis, Share, Revenue and Forecast 2022 - The Think Curiouser - November 24th, 2020
- How to recover data from a Mac with T2 or FileVault encryption and without a password - Macworld - November 24th, 2020
- Security flaws in smart doorbells may open the door to hackers - We Live Security - November 24th, 2020
- Document Encryption Software Market 2020 - Impact of COVID-19 Pandemic, Future Development, Top Manufacturers Analysis, Trends and Demand discussed in... - November 24th, 2020
- U.S. Hardware Encryption Market is expected to reach $259.12 billion by 2026 | CAGR 32.4% - WhaTech - November 24th, 2020
- Data Encryption Market: Global Industry Analysis, Size, Share, Trends, Growth and Forecast 2020 2026 - The Think Curiouser - November 24th, 2020
- Arrests and raids in Essex as police crackdown on encrypted criminal networks - Gazette - November 24th, 2020
- 2020 and Beyond: Homomorphic Encryption Market Trends and Outlook Study to 2027 - The Haitian-Caribbean News Network - November 24th, 2020
- US Department of Justice reignites the Battle to Break Encryption - Naked Security - October 17th, 2020
- Five Eyes Call for Tech World to Weaken Encryption - ClearanceJobs - ClearanceJobs - October 17th, 2020
- Zoom Begins Rollout of End-To-End Encryption - My TechDecisions - TechDecisions - October 17th, 2020
- Could homomorphic encryption be the solution to big data's problem? - Siliconrepublic.com - October 17th, 2020
- U.S., UK and other countries warn tech firms that encryption creates 'severe risks' to public safety - CNBC - October 17th, 2020
- Is Signal secure? How the messaging app protects privacy - Business Insider - Business Insider - October 17th, 2020
- AeroVironment and Viasat to aim to improve radio encryption for Puma AE - Flightglobal - October 17th, 2020
- Encryption Backdoor? The Trump Administration Wants It. - The National Interest - October 17th, 2020
- How to use private conversations on Skype to send encrypted calls and messages - Business Insider India - October 17th, 2020
- AES Encryption Software Industry Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top... - October 17th, 2020
- Trustifi Named Overall Encryption Solution Provider of the Year in 2020 CyberSecurity Breakthrough Awards Program - GlobeNewswire - October 17th, 2020
- ACLU and EFF Call DOJ's Encryption Dream a Nightmare - L.A. Weekly - October 17th, 2020
- Global Database Encryption Market Expected to reach highest CAGR in forecast period : International Business Machines Corporation, Symantec... - October 17th, 2020
- Feds, 'Five Eyes' Allies Take Another Swing at Encryption Policy Changes - MeriTalk - October 13th, 2020
- Homomorphic encryption tools find their niche - CSO Online - October 13th, 2020
- Mission Impossible: 7 Countries Tell Facebook To Break Encryption - Forbes - October 13th, 2020
- Dutton pushes against encryption yet again but oversight at home is slow - ZDNet - October 13th, 2020
- Western governments double down efforts to curtail end-to-end encryption - The Daily Swig - October 13th, 2020
- Fuse Analytics integration with StrongSalt offers Enterprise Information Archiving with GDPR protections - PR Web - October 13th, 2020
- Is Signal Safe? What to Know About the New Encrypted Messaging App - Parentology - October 13th, 2020
- Five Eyes alliance warning: 'Encryption creates severe risks to public safety' - New Zealand Herald - October 13th, 2020
- Privateness or youngster safety? 7 governments, together with US & UK, argue Fb's new encryption plan would profit PEDOPHILES - Editorials 360 - October 13th, 2020
- Optical Encryption Market Analysis And Demand With Forecast Overview To 2025 - Express Journal - October 13th, 2020
- Encrypted messages don't always stay private. Here's what that means for you - CNET - October 11th, 2020
- EARN IT Act a Dire Threat to Encryption, Speech Online, Critics Say - Decrypt - October 11th, 2020
- Analyzing Impacts of Covid-19 on Cloud Encryption Software Market Effects, Aftermath, Global Industry Challenges, Business Overview and Forecast To... - October 11th, 2020
- WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist - ComputerWeekly.com - October 6th, 2020
- Global Encryption Software Market 2020 Industry Size, Shares and Upcoming Trends 2025 - Reported Times - October 6th, 2020
- Encryption Software Market 2020 2027: Recent Trends, Growth Opportunities and Business Development Strategies By IBM, Trend Micro, Symantec, McaFee,... - October 6th, 2020
- Encryption Key Management Market Research By Growth, Competitive Methods And Forecast To 2026 - The Daily Chronicle - October 6th, 2020
- Global Hardware-based Full Disk Encryption Market Size, Share, Trends, CAGR by Technology, Key Players, Regions, Cost, Revenue and Forecast 2020 to... - October 6th, 2020
- Global Encryption Software Market 2020 | Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Top Companies:... - October 6th, 2020
- Stay Tuned with the Epic Battle in the Encryption Key Management Market - The Daily Chronicle - October 6th, 2020
- Hardware-based Full Disk Encryption Market To Drive Highest Growth By 2027 With Leading Key Players: Seagate Technology PLC, Western Digital Corp,... - October 6th, 2020
- Encrypted USB flash drive you can unlock with your smartphone (or Apple Watch) - ZDNet - October 6th, 2020
- Global Mobile Encryption Market is slated to grow rapidly in the coming years: McAfee(Intel Corporation), Blackberry, T-Systems International, ESET,... - October 6th, 2020
- Cloud Encryption Software Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2026 - The Daily Chronicle - October 6th, 2020
- Best Encryption Software in 2020 - Latest Quadrant Ranking Released by 360Quadrants - PRNewswire - September 30th, 2020
- 4 Reasons Why Encryption Is a Must for Data Protection - CIOReview - September 30th, 2020
- Prospective Node Operators Stake $125M in ETH to Participate in NuCypher Encryption Network - CoinDesk - Coindesk - September 30th, 2020
- Fortanix Partners with VMware to Enable Cloud Service Providers to Deliver Data Security as a Service - GlobeNewswire - September 30th, 2020
- SanDisks latest portable SSDs have boosted speed and security - The Verge - September 30th, 2020
- What Facebook users need to know about end-to-end encryption - Fast Company - September 30th, 2020
- Whats really up with your secure WhatsApp chats - Mint - September 30th, 2020
- Hardware Encryption Technology Market Trends Together With Growth Forecast To 2026 - The Daily Chronicle - September 30th, 2020
- Global Cloud Encryption Market- Industry Analysis and forecast 2020 2027: By Industrial verticals, Services, and Region. - Unica News - September 30th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market to Witness a Pronounce Growth During 2020-2026 - The Daily Chronicle - September 30th, 2020
- Global Cloud Encryption Technology Market with (Covid-19) Impact Analysis: Growth, Latest Trend Analysis and Forecast 2026 - The Daily Chronicle - September 30th, 2020
- Global Email Encryption Software Market Report 2020-2027: Production Capacity and Consumption Analysis by Regions and Country Wise - Crypto Daily - September 30th, 2020
- Cloud Encryption Service Market 2020 | Detailed Analysis, Growth, Research and Forecast - The Daily Chronicle - September 30th, 2020
- Database Encryption Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - September 30th, 2020
- Optical Encryption Industry 2020 Includes The Major Application Segments And Size In The Global Market To 2026 - The Daily Chronicle - September 30th, 2020
- Hardware Based Encryption Market Projected to Be Resilient During 2020-2025 - The Market Records - September 30th, 2020
- Hardware Encryption Market (2020-2026) | Where Should Participant Focus To Gain Maximum ROI | Exclusive Report By DataIntelo - Crypto Daily - September 30th, 2020
- Ring plans to offer end-to-end encryption by the end of the year - The Verge - September 29th, 2020