By Laura Haight
GCDP Communications Coordinator
Liz Howard, an attorney with the Brennan Center for Social Justice, and former Deputy Commission for Elections in the state of Virginia, warned that election security in South Carolina is at significant risk.
Howard was speaking to a group of about 25 at an event organized by the League of Women Voters focused on cyber security and voting infrastructure She noted that the Center for American Progress gave South Carolina a D in a comprehensive nationwide study and analysis of election security. Howard also noted that the administrator password to the Ivotronic voting machines used exclusively in South Carolina (while other states have some of these machines in use, we are the only state that has this machine in every voting place) had been hacked and exposed on social media but white-hat hackers at Defcon last year.
Although that exposure puts hundreds of voting machines in a dozen states at risk, Howard could not offer assurance that Election Systems and Software, the manufacturer of the equipment, had taken the logical step to change that password. While the machines themselves are not connected to the Internet, the offices of the manufacturer almost certainly are. A major vulnerability could come from hacking the ES&S system and embedding malicious code into an upcoming firmware update that would be manually installed on all devices prior to the election.
Howard and the Brennan Center advocate for a system that relied more on paper ballots and optical scanners, as opposed to the digital touch-screens we currently use. Barring that, she recommended that we challenge election officials to prove they are following backup procedures that could be required in any situation – power failure, flooding, or hacking.
- Print enough emergency and provisional ballots so there are enough for 2-3 hours of peak voting.
- Plan for and drill on backup procedures for equipment failures.
- Train and drill poll workers on how to handle common problems that can occur with the Ivotronics. When do you do a reboot? When do you have to shut it down. Ensure recorded votes are retained before a controlled shutdown.
- Ensure electronic poll books are not be connected to the internet (ever) and should be encrypted.
- Ensure all voting machines fully patched immediately before the election.
She also urged we push legislators to support a hearing for a bill in Congress (The Secure Voting Act) that would require reporting of cyber incidents and mandate post election audits (which would require all states have some paper backup). Lindsey Graham is a co-sponsor of this bill.