Could e-voting machines in Election 2012 be hacked? Yes.
Security experts say a specific kind of electronic-voting machine is vulnerable to being hacked. Influencing a national election would be difficult, but the advance of malware makes it possible.
(Page 2 of 3)
In fact, Dr. Halderman quips, he has a paperless e-voting machine in his office now. It plays the University of Michigan fight song “on command because I hacked it," he says.Skip to next paragraph
Subscribe Today to the Monitor
Such exploits have not gone unnoticed. States rushed to adopt e-voting machines after the contentious 2000 presidential vote recount in Florida, but now they are backpedaling. All but 17 have already mandated a return to paper ballots or paper verification for e-voting, including electronic optical scan or other equipment. Other states, like Florida, have gotten rid of most, but not quite all, paperless voting machines. Yet other battleground states, like Pennsylvania and Virginia, continue to use the vulnerable machines widely.
Some of the security improvements states are taking are obvious. In past years, poll workers were sometimes sent home with voting machines they were to set up the next day. But because access to a machine for even a minute can be enough to modify software, these "sleepover" practices have been largely abandoned, voting machine experts say.
Moreover, machines once sitting unmonitored in school gymnasium closets are today stored in locked rooms with surveillance equipment watching them, say officials in some states. Local officials also conduct pre- and postelection audits to check the accuracy of machines.
Colorado, which still uses paperless e-voting machines in Jefferson County, is among the states stepping up its protocols to make sure all its machines remain secure.
"Our machines are not connected to networks," says Andrew Cole, a spokesman for the Colorado Secretary of State's office. "They're sealed. The logs are sealed. There's a chain of custody requirement. We know when our office or county clerk installed the software, when it was sealed, and these machines are kept in places where they're monitored by video. Without those rules you could say they would be vulnerable. But we have safeguards in place to eliminate those vulnerabilities."
Manufacturers, too, see big security improvements.
"There's been a lot of improvement in the new equipment, and local jurisdictions and states are doing a lot more to ensure our machines are accurate," says Chris Riggall, a spokesman for Domnion Voting Systems in Denver. "We still provide maintenance and support for a lot of this equipment. We can't ever say that security is a thing of the past with election technology. It's an area where continuous improvement is essential."
"So often e-voting machine vote flipping appears to be deliberate, but it's not," he says. "Someone thinks someone has tampered with this machine, but it’s just the screen calibration that's at fault and not anything malicious…. That's the major thing wrong with touch-screen voting machines today. They get out of calibration – or local officials don't go through calibration at the beginning of the day."
Some early voters in North Carolina’s Guilford County reported vote-flipping this week when electronic voting machines changed the votes they cast for Mitt Romney to Barack Obama instead. Local election official, George Gilbert reassured them, "it's not a conspiracy, it's just a machine that needs to be corrected."