Legacy voting machines ripe for tampering, breakdowns

As America preps for the next presidential election, its voting machines are in need of a serious update. Almost every state is using electronic touchscreen and optical-scan voting machines that are at least 10 years old, according a recent Wired article, with Florida, Kentucky, Massachusetts, New Hampshire, Texas and Virginia are all using voting machines that are at least 15 years old. When these machines were introduced, dial-up Internet was used by most of the country, and the voting technology was equally primitive.

These outdated machines have a litany of problems including degrading touchscreens, worn-out modems and failing memory cards. And this is before one considers the cybersecurity issues.

Earlier this year, Jeremy Epstein, the senior computer scientist at SRI International, wrote an article on why the AVS WinVote touchscreen Direct Recording Electronic voting machines were decertified by the Virginia State Board of Elections.

According to Epstein, the decertification was sparked on Election Day in November 2014, when machines in one precinct crashed repeatedly because, according to rumors, a volunteer was trying to download music onto his iPhone. The Virginia Information Technology Agency (VITA) was tasked with investigating the problems and published a report saying the machines had a host of problems.

Some of the issues with the machines included:

The wireless connection used wired equivalent privacy. After a few minutes of wireless monitoring, VITA noticed that the encryption key was “abcde” and that key is unchangeable.

The system hadn’t been patched since 2004, and it was running open ports with active and unpatched services.

The system had a weak set of controls – making it easy to get to a DOS prompt. The report also showed the administrator password was hardwired to “admin.”

The USB ports and other physical connections were only marginally physically protected from tampering. There also were no protections once something was plugged into one of these ports, meaning anyone could tamper with the software or the results.

The decertification forced Arlington, Va., to re-issue paper ballots, which hadn’t been used since 1950.

Now some companies have created updated systems and protections to help citizens sign-in and vote faster and more securely.

Blockchain Technologies Corp. hopes to replace existing machines with secure, open-source voting machines that use block chain, the distributed-ledger technology behind Bitcoin.

On a block chain voting system, as explained in an article on MotherBoard, voters would “fill out a ballot that looks roughly like a traditional election ballot. This ballot, however, features three small QR codes sit at the bottom: one representing a block chain address, which is like a unique cryptographic number; one representing the ballot ID; and one for the election ID.”

As the votes are scanned into the machine, each "vote unit" is transferred to the appropriate candidate, Motherboard explained. With this system users can look up the candidate's address to see the number of votes received, with a block chain explorer that can pull up the information from each section of the distributed ledger.

Advocates of the technology say block chain is secure and transparent, and it has been successfully tested in Europe and Denmark. Blockchain Tech also plans to open source its voting machine software and will use commodity hardware so that the machines can be fixed and updated.

Microsoft is using its cloud technology and tablets in the election process.

In the lead-up to the presidential election, Microsoft Azure is playing a key role in the 2016 Iowa caucuses. A new, mobile-enabled system built on Azure will be used by Iowa precincts to accurately, efficiently, securely and reliably report their voting results on caucus night next year.

The New York City Board of Elections will use 3,000 Surface Pro 3 and Surface 3 tablets to enable communications among its polling station team, and in Orange County, Fla., the Office of the Supervisor of Elections gave voters an easier sign-in experience by replacing its aging laptops with Windows tablets. This move has cut average voter sign-in time by 70 percent, greatly simplifying the job of poll workers and increasing the speed and accuracy of election reporting.

Democracy Live is migrating over 100 state and county balloting portals to Microsoft’s Azure Government cloud. Its flagship product, LiveBallot Online, will use the Microsoft cloud to deliver ballots to overseas U.S. voters -- including military personnel -- so that they can access customized blank absentee ballots and submit their ballot in a timely fashion for vote tabulation.