Russian Hacking Fuels Return To Paper Ballots

After the “hanging chad” fiasco during the 2000 presidential recount, many states and counties switched to electronic-only voting machines to modernize their systems. Now, amid security concerns over Russian hackers targeting state voting systems in last year’s election, there’s a renewed focus on shifting to paper ballots.

In Virginia in the US, election officials decided in September to stop using paperless touch-screen machines, in an effort to safeguard against unauthorised access to the equipment and improve the security of the state’s voting system.

In Georgia, which uses electronic voting machines with no paper record, legislators are discussing getting rid of their aging equipment and using paper ballots instead. In a municipal election this November, officials will test a hybrid electronic-paper system.

“States and counties were already moving toward paper ballots before 2016,” said Katy Owens Hubler, a consultant to the National Conference of State Legislatures (NCSL). “But the Russian hacking incident has brought the spotlight to this issue.”

In September, the US Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election.

While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.
 
The National Association of Secretaries of State said would-be attackers tried to “scan” state computer systems last year, looking for open doors into networks. The secretaries of state, who serve as chief election officials in most states, said no voter information was altered or deleted, and the intruders did not access actual voting machines or devices that tabulate results.

Electronic vs. Paper

In 2002, two years after the hanging chad debacle in Florida, Congress passed the Help America Vote Act, which provided funding to state and local officials to upgrade their voting equipment.

Many areas replaced punch card machines like those used in Florida as well as old-fashioned lever equipment with direct recording electronic (DRE) machines, which frequently are touch screens. They record the vote within the machine’s memory, and many use no paper at all.

“Lots of election officials saw the nightmare of 2000 and said, ‘I don’t want to live through a recount,’ ” said Lawrence Norden of the Brennan Center for Justice, a public policy institute at New York University Law School. “When you have a DRE, you just ask the machine to print it out again. It does away with hand recounts and the controversy.”

But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.

Over the last decade, many states and counties have abandoned their electronic voting machines and turned to paper, often with equipment that tabulates the ballots using optical or digital scanners.

“It isn’t as old fashioned as people picture,” said Owens Hubler, the NCSL consultant. “It’s not a move back to hand-counting paper ballots.”

A Pew Research Center analysis of data from the Verified Voting Foundation, a nonprofit that advocates for paper ballots and election integrity, found that in 2014, nearly half of registered voters lived in jurisdictions ballots that were tabulated electronically (The Pew Research Center is funded by The Pew Charitable Trusts, which also funds Stateline).

More than a quarter lived in jurisdictions that used only electronic voting machines, most of which don’t provide a paper trail. The remaining jurisdictions used a mix of optical scanners and DRE equipment, voting by mail, or hand counting paper ballots.

Paperless Systems

Five states, Delaware, Georgia, Louisiana, New Jersey and South Carolina, still use only electronic voting machines, according to the Brennan Center’s Norden. In eight other states, including Pennsylvania and Virginia, paperless systems are used in some counties and cities, including Philadelphia.

In Virginia, one of the states Russian hackers targeted last year, that’s about to change.

In September, the state elections board decided that the 12 remaining counties and cities that still use electronic machines will no longer be able to do so.

Virginia Department of Elections Commissioner Edgardo Cortés said the board was concerned there was no independent means to validate election results with a paperless system. The Russian hacking incident, which didn’t breach Virginia’s voter registration database and only scanned public websites, was a confirmation of why beefing up security is so important, he added.

“The fact that there is an ongoing attempt to undermine the election process was a big factor in our determination to get rid of paperless equipment,” he said.

Cortes said it would cost local governments in the ballpark of $1.9 million to switch to paper and optical scanners, not including startup costs, printing ballots and training election workers.

In many states and counties, money has been the biggest impediment to switching voting equipment from electronic to paper.

The Brennan Center estimates it would cost $130 million to $400 million to replace all paperless machines.

“Funding is a huge problem. The question is who is responsible for paying for elections in the United States?” Norden said. “The counties don’t have the money. The states are saying it’s not our job to fund new equipment. And the federal government is saying it’s not our responsibility either.”

That attitude may be changing on Capitol Hill, however. Bipartisan proposals in Congress that would provide funding to help pay for new voting equipment are being seriously discussed for the first time in years, said Norden, who authored a June report outlining how election officials can protect voting technology from foreign interference.

“The Russian hacking incidents in 2016 have made a difference,” he said. “There’s more interest in Congress in this issue than there has been in a decade.”

PEW:

You Might Also Read:

Russian Hacking Went Far Beyond US Election:

Was The German Election Hacked?:


 
 

« News E-models For Quality Journalism
Insurance Will Reduce Cyber Losses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.