Russian Hacking Fuels Return To Paper Ballots

After the “hanging chad” fiasco during the 2000 presidential recount, many states and counties switched to electronic-only voting machines to modernize their systems. Now, amid security concerns over Russian hackers targeting state voting systems in last year’s election, there’s a renewed focus on shifting to paper ballots.

In Virginia in the US, election officials decided in September to stop using paperless touch-screen machines, in an effort to safeguard against unauthorised access to the equipment and improve the security of the state’s voting system.

In Georgia, which uses electronic voting machines with no paper record, legislators are discussing getting rid of their aging equipment and using paper ballots instead. In a municipal election this November, officials will test a hybrid electronic-paper system.

“States and counties were already moving toward paper ballots before 2016,” said Katy Owens Hubler, a consultant to the National Conference of State Legislatures (NCSL). “But the Russian hacking incident has brought the spotlight to this issue.”

In September, the US Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election.

While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.
 
The National Association of Secretaries of State said would-be attackers tried to “scan” state computer systems last year, looking for open doors into networks. The secretaries of state, who serve as chief election officials in most states, said no voter information was altered or deleted, and the intruders did not access actual voting machines or devices that tabulate results.

Electronic vs. Paper

In 2002, two years after the hanging chad debacle in Florida, Congress passed the Help America Vote Act, which provided funding to state and local officials to upgrade their voting equipment.

Many areas replaced punch card machines like those used in Florida as well as old-fashioned lever equipment with direct recording electronic (DRE) machines, which frequently are touch screens. They record the vote within the machine’s memory, and many use no paper at all.

“Lots of election officials saw the nightmare of 2000 and said, ‘I don’t want to live through a recount,’ ” said Lawrence Norden of the Brennan Center for Justice, a public policy institute at New York University Law School. “When you have a DRE, you just ask the machine to print it out again. It does away with hand recounts and the controversy.”

But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.

Over the last decade, many states and counties have abandoned their electronic voting machines and turned to paper, often with equipment that tabulates the ballots using optical or digital scanners.

“It isn’t as old fashioned as people picture,” said Owens Hubler, the NCSL consultant. “It’s not a move back to hand-counting paper ballots.”

A Pew Research Center analysis of data from the Verified Voting Foundation, a nonprofit that advocates for paper ballots and election integrity, found that in 2014, nearly half of registered voters lived in jurisdictions ballots that were tabulated electronically (The Pew Research Center is funded by The Pew Charitable Trusts, which also funds Stateline).

More than a quarter lived in jurisdictions that used only electronic voting machines, most of which don’t provide a paper trail. The remaining jurisdictions used a mix of optical scanners and DRE equipment, voting by mail, or hand counting paper ballots.

Paperless Systems

Five states, Delaware, Georgia, Louisiana, New Jersey and South Carolina, still use only electronic voting machines, according to the Brennan Center’s Norden. In eight other states, including Pennsylvania and Virginia, paperless systems are used in some counties and cities, including Philadelphia.

In Virginia, one of the states Russian hackers targeted last year, that’s about to change.

In September, the state elections board decided that the 12 remaining counties and cities that still use electronic machines will no longer be able to do so.

Virginia Department of Elections Commissioner Edgardo Cortés said the board was concerned there was no independent means to validate election results with a paperless system. The Russian hacking incident, which didn’t breach Virginia’s voter registration database and only scanned public websites, was a confirmation of why beefing up security is so important, he added.

“The fact that there is an ongoing attempt to undermine the election process was a big factor in our determination to get rid of paperless equipment,” he said.

Cortes said it would cost local governments in the ballpark of $1.9 million to switch to paper and optical scanners, not including startup costs, printing ballots and training election workers.

In many states and counties, money has been the biggest impediment to switching voting equipment from electronic to paper.

The Brennan Center estimates it would cost $130 million to $400 million to replace all paperless machines.

“Funding is a huge problem. The question is who is responsible for paying for elections in the United States?” Norden said. “The counties don’t have the money. The states are saying it’s not our job to fund new equipment. And the federal government is saying it’s not our responsibility either.”

That attitude may be changing on Capitol Hill, however. Bipartisan proposals in Congress that would provide funding to help pay for new voting equipment are being seriously discussed for the first time in years, said Norden, who authored a June report outlining how election officials can protect voting technology from foreign interference.

“The Russian hacking incidents in 2016 have made a difference,” he said. “There’s more interest in Congress in this issue than there has been in a decade.”

PEW:

You Might Also Read:

Russian Hacking Went Far Beyond US Election:

Was The German Election Hacked?:


 
 

« News E-models For Quality Journalism
Insurance Will Reduce Cyber Losses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.