Computer Voting Has to Go

Commentary, Government, Lee Harding

Would you trust an election where no one counts the votes? Many jurisdictions in Canada, the United States, and eight other countries do just that and place full trust in computer systems they cannot scrutineer. Election officials parrot the claims of the voting companies and insist that systems are secure and the results are reliable. These claims are so scandalously untrue that a moratorium on computers in voting should be enacted immediately.

Hacking elections is easy,” was the name of the Institute for Critical Infrastructure Technology presentation in October of 2016, aired on C-SPAN. The think tank panelists reported that “throughout the history of their use, there’s been numerous vulnerabilities in these systems across all the manufacturers.” Yet, “when vulnerabilities or issues are publicized or disclosed in these systems, nothing seems to occur.” Some voting machines could be disabled in ten seconds just by tilting them, and its memory cards replaced with new information. Malware was another possibility. “It is not a high level of sophistication to compromise these systems,” the panelists reported.

In 2017, Coherent Cyber conducted a security audit assessment of the Elections Systems and Software electronic voting system used in California. Electionware servers and clients were missing many critical or important operating system patches and had 176 Security Content Automation Protocol (SCAP) misconfigurations.

Russell Ramsland, co-owner of Allied Security Operations Group (ASOG), reported in a YouTube interview that one of his team hacked into a polling station using a cell phone in just three minutes. He could hardly believe the blatant and numerous proofs of vote manipulation in Dallas County during the 2018 midterm election.

Ramsland’s team found that most of the problems identified by Coherent Cyber had never been rectified. They also reported at least 12 “entry points where votes can and are being switched and the audit trails changed or erased so that a forensic investigation finds no trace. It has to be caught in real time. Even the operator of the election system can change votes undetected.”

ASOG looked at six companies that accounted for 92 per cent of the computer voting market, including ES&S, Tenex, SGO/Smartmatic, Dominion Voting Systems, Hart, and Demtech. In all cases, the admin names and passwords for critical files were “in the open” with no hacking necessary. Voter registration lists that included private information were also available.

Ramsland said the voting companies used a similar source code structure. Their software was so porous that operators and outside players could change votes “utterly undetected.” Any candidate could be made to win or lose by directly altering votes at the server or database level. An audit trail was non-existent for Hart, but was erasable or changeable with ES&S or Dominion so that no evidence of vote changing could be found. 

Occasionally, though, some light shines through the cracks. In 2019 Republican Governor of Kentucky Matt Bevin lost the governorship to Democrat Andy Beshear. The result was so curious given other election results, Bevin went to Ramsland with suspicions the election was stolen.  CNN viewers might have seen a sequel in the 2020 rematch as Bevin lost 560 votes at the same moment Beshear gained 560.

Canada has also taken a deep dive into computerized voting. Twelve municipalities used such systems in 2003, 44 in 2010, 97 in 2014, and 194 in 2018. That is a surprising trajectory given how fraught with problems these systems are.

In 2014, New Brunswick went all-in on Dominion Voting Systems for its provincial election, only to witness controversial results. When polling was done, the results from each poll were printed out and phoned in. After that, people drove the memory cards with the information, only to find the numbers didn’t match. The memory sticks were declared more reliable and trumped the previous results.

By contrast, Election Systems and Software CEO Tom Burt said in 2019 his company would no longer sell voting technologies that did not create a paper audit trail as the primary voting device in a jurisdiction. Was Dominion’s voting conflict in 2014 really due to people who couldn’t read a printout?

2018, fifty-one Ontario municipalities using Dominion Voting Systems stopped transmitting results on election night. The apparent reason was because a third party in Toronto cut its bandwidth at 6:00 pm to one-tenth of the normal amount. Voting hours were extended but the odyssey did not leave the electorate happy.

Computerized voting offers convenience over voter confidence and that compromise will never be worth it. Ottawa was right to maintain federal elections where people count votes and party representatives can scrutinize the process. That should prevail everywhere democracy is practised. If a nation’s people are too stupid to count their own votes, they can’t govern themselves anyway. 

 

Lee Harding is a research associate with the Frontier Centre for Public Policy.

Photo by Elliott Stallion on Unsplash.