The nation’s three largest voting system vendors told a congressional committee that they would welcome closer partnerships with the federal government on probing cybersecurity threats, but pushed back against independent investigators examining the electronics inside their wares.
“We have not involved academics who haven’t been pre-screened with the coordinated vulnerability disclosure program that we are working on with our colleagues,” said Tom Burt, president and CEO of Elections Systems and Software (ES&S). “The idea is to have a firm be able to manage a network of white-hat ethical hackers, to broaden the access to our firm’s systems without making this information open to the public.”
“Congressman, we have done that in the past, as far back in New York as 2009, and we found that the exercise was useful,” said John Poulos, president and CEO of Dominion Voting Systems, to Rep. Jamie Raskin, D-Maryland. “We are looking forward to doing more of that within the confines of a reality-based scenario of testing.”
“We would support the appropriate disclosure of that information,” said Julie Mathis, president and CEO of Hart InterCivic. “It’s important that we not undermine voter confidence in ensuring that we actually evaluate and assess the types of disclosures necessary.”
The CEOs’ comments welcoming controlled collaborations on detecting security vulnerabilities in their voting systems — while dismissing outside assessments as often unhinged — was indicative of the stance put forth by the nation’s top voting system vendors in their first joint testimony in Congress.
The CEOs welcomed closer partnerships with federal agencies, including a wider role in the testing and regulation of voting infrastructure — not just the machines recording a voter’s ballot. But the CEOs downplayed security and transparency concerns raised by public-interest critics who had prodded the Committee on House Administration to hold the hearing on whether more vendor oversight was necessary as new systems are being deployed.
For example, the three CEOs repeatedly said that there was no evidence that any of their products had been hacked in the 2016 election, even as Russian agents accessed statewide voter rolls in a few states. They said they would welcome new federal security standards for electronic precinct poll books and voter registration databases (which are not their primary products).
In short, their message was that their systems were very secure, their efforts were vigilant and they — not their critics in academia — should be trusted. That schism and narrative are not new in the election world, even as the congressional testimony by the three CEOs was unprecedented.
“Our effort is as strong as we are capable of,” said ES&S’s Burt. “We are always looking to find ways to improve our effort and to partner with other agencies to improve our ability to mitigate any risks that might be there.”
But when North Carolina’s Rep. G.K. Butterfield, a Democrat, pushed into more detailed questioning about security risks, all three CEOs said that they sold a key piece of machinery — the devices that count votes at precincts — which used modems, either connected to internet or cell phone bands, to report their “unofficial” results on election night. (That pathway could be targeted to disrupt or corrupt the reporting of results, academics and activists have said.)
However, there was no follow-up on that line of questioning or further responses, just as other potentially dicey topics were broached and quickly bypassed. Those topics were the ownership of the three biggest voting system manufacturers by private equity firms, the fact that those companies’ executives are barred from contributing to local officials’ political campaigns while their lobbyists aren’t restricted, and other questions probing their earnings strategies.
Two panels, two views
The hearing was promoted as a likely grilling of the CEOs, but that was not what transpired. Instead, the critical comments were confined to witnesses on a second panel that followed the CEOs and didn’t interact with them.
Matt Blaze, a Georgetown University law professor, picked up the thread that Butterfield referred to by explaining that modems on precinct tabulators — which were designed to quickly report results to election officials in central offices and the press — were a weak link and thus a security risk. Stepping back, he noted that tabulation systems, which are where local results are compiled into overall totals, have escaped the scrutiny paid to voting stations used by the public.
“We give most of the attention to vulnerabilities in voting machines, but that’s not the whole story,” Blaze said. “Each of the more than 5,000 jurisdictions responsible for running elections across the nation must maintain a number of critical information systems that are attractive targets for disruption by adversaries. Most important of these are voter registration databases, [and] the systems that report final results, and so forth. Unfortunately, there are even fewer standards for how to secure these systems.”
“Their [voter rolls and counting systems] administration varies widely. And the threats against these systems are even more acute than the threats against individual voting systems,” he continued. “Just as we don’t expect the local sheriff to single-handedly defend against military ground invasions, we shouldn’t expect county election IT managers to defend against cyberattacks by foreign intelligence services. But that’s exactly what we’ve been asking them to do.”
The comments made by the CEOs and critics like Blaze were not just talking past each other like ships in the night. Blaze is a co-organizer of the DefCon hacking convention’s “Voting Village,” where computer scientists and their students have taken apart commercial voting machines to highlight how they can be hacked to manipulate reported outcomes.
In other words, Blaze is the kind of academic that the CEOs said they would not want to work with to identify security vulnerabilities because they could not be controlled by confidentiality agreements when security issues arise. Instead, the voting systems CEOs said they would work with government agencies in more closeted settings to test and improve their systems.
That stalemate is not new in the voting technology world. The vendors don’t trust that academics and other experts will help them quietly improve their systems — because, as history has shown, some of these experts are publicity hounds. On the other hand, academic critics — including advocacy groups such as Verified Voting—are extremely frustrated that vendors keep on retrofitting their systems with older and less-secure technology as a profit-making strategy, and then the vendors claim that their critics are peddling conspiracy theories.
This stalemate, as seen by reading between the lines at the House hearing, takes on a new urgency as 2020’s federal and state elections loom. When asked by the committee chairwoman, California Democrat Zoe Lofgren, what was the best that could be done in preparation for voting this year, the CEOs cited their partnerships with federal security agencies and their programs.
The public-interest activists had their to-do lists as well—from using more paper ballots, to deploying enough precinct voting machines to avoid delays and lines, to conducting audits of various ballot records to double-check the initially reported results. But realistically, several said that those remedies were not likely to be as widespread as they would like to see in 2020. They counseled more public education for voters using new voting systems.
“What do we do?” asked Congresswoman Lofgren, as the hearing neared its conclusion.
“The best thing we can do is voter education,” said Blaze. “It’s simply a reminder of instructions given to voters, whether they are given a personal reminder to check their ballot selection [on the systems where computers print out a ballot summary card]. Those appear to make a significant — not sufficient — but significant difference in how well they’re verified.”
“The [most recent] studies are saying the people did not verify their ballot. They are not saying that people could not verify their ballot,” said Dr. Juan Gilbert, chair of the computer and information science and engineering department at the University of Florida. “Well, try this [instead]: ‘Would you please verify that your ballot selections were not changed?’ Rather than, ‘Review your ballot.’ Let’s try that.”