There’s a reason why I’ve been ranting about the insecurity of computerized voting and tabulation for nearly 15 years: Every single system in all 50 states can be hacked and results manipulated, with little or no possibility of detection. And it doesn’t take a foreign power like Russia to do it.
DEF CON, an annual computer security conference in Las Vegas, introduced a Voting Machine Hackers Village this year. The three-day event allowed attendees to tinker with the 30 electronic voting and e-poll book systems that organizers had primarily purchased on eBay.
The public spectacle was quite a contrast to the cloak-and-dagger days of 2005 or so, when folks like me had to surreptitiously obtain such systems in order to share them with independent cyber – security investigators. Those voting systems—the intellectual property of private entities that sold or leased them for billions in taxpayer dollars—were so sensitive that nobody, not even election officials, were allowed to test them for vulnerabilities.
Companies like Diebold, ES&S and Sequoia insisted that We the People couldn’t examine their machines, but it wasn’t because they were intellectual property. As we discovered a dozen years ago, it was because their voting systems were crap. They could be manipulated by virtually any moderately skilled “hacker”—and, of course, by the insiders who programmed and operated them.
At DEF CON 25 that point was again made embarrassingly clear as crackers made short order of several systems. “90 min after doors open,” the organizers tweeted, “complete remote control on the operating system level of the Winvote voting terminal (including election data).” But that was easy; the system’s hardcoded password was “abcde.”
Shortly thereafter it was announced that hackers had “reverse engineered” an electronic poll book “within an hour.” Later came another mindblower: The unencrypted voting records of more than 650,000 Tennesseans were still available on one of the machines.