Volume 8
But in an alarming trend, five states (Georgia, Delaware, Louisiana, South Carolina and New Jersey)
use electronic voting machines that provide no option for auditing results after a vote is concluded.
And the reality is that hiding malware in a voting
machine software update is not necessarily a complex engineering challenge.
And as threats become more sophisticated, and
always-connected electronic voting machines become more widely used, tampering with voting
results is a risk that is pretty easy to predict will
increase over time.
Imagine an algorithm that only changes enough
votes from candidate A to candidate B to affect the
outcome, without being so large as to raise suspicions.
Protecting election results from such advanced
threats will require increasingly sophisticated security detection and mitigation technologies.
Part of the problem, of course, is the infrastructure
itself.
Many of these connected voting systems are installed at schools, city halls, or other local government facilities that rarely have the budget or technical resources to implement the sort of sophisticated
security needed to detect sophisticated threats.
Tampering directly with machines is only one challenge.
Hackers can also potentially intercept traffic between a polling site or electronic voting machine
connected to the Internet and the database server
aggregating votes, or as that data is forwarded on
for live broadcast.
As voting software becomes more sophisticated,
and performs such tasks as connecting directly to
voter registry databases to automatically validate
voters (a task currently done by hand in most locations), or requires a full-time WiFi connection, security challenges will quickly outpace local security
measures.
And it’s not just voter fraud that’s a problem.
Many experts now claim that some governments
are building massive databases on citizens of other countries.
This sort of intelligence can help them identify targets of interest, such as foreigners living in one
country with families back in their country of origin.
The more information they can collect on such
foreign nationals, the easier it is to do things like
Oct/Nov 2016 Edition
blackmail them or use family members to coerce
them into doing things such as spying.
Voter systems are ideal sources for this sort of nefarious data collection initiative.
For a democracy, the risks have to outweigh issues like efficiency and expediency
Hacking Online Voting
The challenges outlined above are only compounded when you consider things like national
online voting.
In addition to the sorts of challenges already discussed, you can add things like spoofing votes
and voters, denial of service attacks, voter phishing sites, fraud, redirecting or intercepting votes,
attacks on data centers, and even basic user error.
Given the online registration challenges with the
Affordable Care Act (ObamaCare) in the US, creating a secure national online registration and voting
system that adequately protects voters while ensuring a tamper-proof election process is still quite
a ways away.
For a democracy, the risks have to outweigh issues
like efficiency and expediency.
Unfortunately, security improvements are usually
driven by breaches.
But this is a scenario where that kind of status quo
process simply carries too high of a cost.
It’s time for government agencies and security professionals to get together to proactively establish
policies and security standards that can be followed
and enforced - because until that happens, we will
continue to have a serious security problem.
24