2016 US presidential election, 2018 election, 2020 election, critical infrastructure, Government security, Hacking, Information Security, National Academy of Sciences, paper ballots, russia, Security threats, Top News, US elections, voting machines, voting systems

‘Only paper ballots by 2020!’ call experts after election tampering

An expert panel at the National Academy of Sciences has called for sweeping election reforms, including one, specific recommendation that should come as no surprise: use paper.

From Thursday’s announcement about the report’s release:

All local, state, and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election.

And what about the mid-terms, right around the corner in November? Yes, let’s try to get paper ballots for that one, too, the panel said. Let’s try our best to stay away from all the technologies that we’ve got in place now, because they’re full of holes:

Ballots that have been marked by voters should not be returned over the internet or any network connected to it, because no current technology can guarantee their secrecy, security, and verifiability.

Michael McRobbie, president of Indiana University and co-chair of the committee that conducted the two-year study and wrote the report, called the 2016 election a “watershed” moment:

The 2016 presidential election was a watershed moment in the history of elections – one that exposed new challenges and vulnerabilities that require the immediate attention of state and local governments, the federal government, researchers, and the American public.

Lee Bollinger, president of Columbia University and co-chair of the panel, called the threat from foreign actors “extraordinary”, according to the AP:

The extraordinary threat from foreign actors has profound implications for the future of voting and obliges us to examine, re-examine seriously, both the conduct of elections in the United States and the role of the federal and state governments in securing our elections.

According to the report, the US intelligence community found that “actors sponsored by the Russian government” obtained and maintained access to elements of multiple US state or local election systems. Those intrusions made clear that the country’s election infrastructure is clunky at best, even in the most well-resourced jurisdictions. For small jurisdictions without a lot of money to invest, things are even more grim.

Lawrence Norden, deputy director for New York University’s Brennan Center for Justice, gave specific details about that tampering in an analysis about special counsel Robert Mueller’s indictment of 12 Russian intelligence officers in July.

Namely, Mueller’s indictment alleged that Russian intelligence officers hacked into the website of a yet-unidentified state board of elections. Among other new information was an allegation that Russia used that hack to steal information related to 500,000 voters.

Norden says the figure is surprising, given that prior to the indictment, we’d only heard about an Illinois breach that affected about 100,000 voters. Intruders targeted election systems in 21 states and allegedly hacked into the computers of a private US elections systems vendor that the indictment didn’t name.

Given that the indictment mentions five times the number of affected voters than we’d heard about in the Illinois breach, it’s looking like the 2016 tampering “went deeper than we’d understood,” Norden said. As Wired’s Kim Zetter has pointed out, the indictments suggest that the 2016 attacks may have been an afterthought, given that the vendor and state board of election attacks came mid-election, in June through October 2016, months after the attacks on the Democratic National Committee and Hillary Clinton’s campaign.

Norden:

We would be wise to assume future attacks will involve more advanced planning. Combine this with the fact that the Russians undoubtedly learned information from their 2016 efforts, and there is reason to believe future attacks on our election infrastructure could be far more damaging.

As of March 2018, 13 states were still using at least some direct-recording electronic voting machines, that lack a paper trail, as their primary polling place equipment, “making audits in these states impossible.” Norden reports.

These machines should be replaced as soon as possible. Come November, it’s also critical for any states using any kind of electronic voting machines to have emergency paper ballots that can be deployed immediately in case machines breakdown – whether that breakdown is caused by a system failure or hack.

Human-readable paper ballots are not only auditable, they also assure voters that their vote was recorded accurately. In the past, faulty electronic voting machines have recorded voter choices inaccurately. Paper ballots, which can be counted by hand or machine, give voters the opportunity to review and confirm their selection before depositing their ballot for tabulation – something that’s impossible for systems that record votes electronically. According to the AP, one in five Americans cast their ballots on electronic-only machines in 2016.

Besides paper ballots, the Academy’s report has other specific recommendations, including that states should mandate a specific type of audit known as “risk-limiting” prior to the certification of election results.

Risk-limiting audits offer a high probability that any incorrect outcome can be detected, and they do so with statistical efficiency. A risk-limiting audit performed on an election with tens of millions of ballots may require examination by hand of as few as several hundred randomly selected paper ballots.

As far as internet voting goes, just forget it, the panel of experts said. It’s not secret enough, it’s not safe enough, and it’s not verifiable enough – and we shouldn’t be relying on it for elections until we have “robust guarantees” that it is.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend