Activists say cyber agency weakens voting tech advice

Placeholder while loading article actions

ATLANTA — The nation’s top cybersecurity agency released the final version of an advisory on Friday previously sent state officials on voting machine vulnerabilities in Georgia and other states that vote integrity activists say weaken a security recommendation on using barcodes to tally votes .

The board released by the United States Cybersecurity and Infrastructure Security Agency, or CISA, relates to vulnerabilities identified in Dominion Voting Systems’ ImageCast X touchscreen voting machines, which produce a paper ballot or record votes electronically. The agency said that while the vulnerabilities should be quickly mitigated, the agency “has no evidence that these vulnerabilities have been exploited in elections.”

Dominion’s systems have been unjustifiably attacked since the 2020 election by people who have adopted the false belief that the election was stolen from former President Donald Trump. The company filed libel suits in response to incorrect and outrageous allegations made by top Trump allies.

The CISA advisory released Friday is based on a report generated by University of Michigan computer scientist J. Alex Halderman, an expert witness in a long trial which is unrelated to the false allegations stemming from the 2020 election.

The machines are used by at least some voters in 16 states, according to a voting equipment tracker maintained by watchdog Verified Voting. In most of these places, they are only used for people who physically cannot fill out a ballot by hand. But in some places, including Georgia, almost all in-person voting is done on the relevant machines.

Dominion defended the machines as “accurate and secure”.

As used in Georgia, the machines print a paper ballot that includes a barcode — known as a QR code — and a human-readable summary of the voter’s selections. Votes are counted by a scanner that reads the barcode. Security experts have warned that QR codes could be manipulated to reflect votes different from those intended by the voter.

A version of the advisory sent to election officials last week stated: “When barcodes are used to tabulate votes, they may be subject to attacks exploiting listed vulnerabilities, so the barcode is inconsistent with the human-readable portion of the ballot. To reduce this risk, the advisory suggested that jurisdictions configure the machines, where possible, to “produce traditional, face-to-face ballots, rather than sketchy ballots with QR codes”.

A complete ballot looks like a hand-marked paper ballot with all the choices for each race listed and a bubble next to the voter’s choice filled out by the machine. A summary ballot, on the other hand, only lists the voter’s selection for each race.

The recommendation to use full ballots rather than summary ballots with QR codes is not included in the final version of the advisory released on Friday. Instead, after noting that the vulnerabilities could be exploited to alter the barcode so that it does not match a voter’s selections, he includes a note in parentheses that reads, “If states and jurisdictions wish, ImageCast X provides the configuration option to produce ballots that do not print barcodes for tabulation.

Halderman expressed disappointment with the change, saying it “significantly weakens” the security that would be provided by the combination of mitigations in the advisory in Georgia and other jurisdictions that rely on QR codes. to count the votes.

Marilyn Marks, executive director of the Coalition for Good Governance, a plaintiff in the lawsuit that led to Halderman’s review of the machines, said it appears CISA bowed to political pressure to water down the recommendation.

“It is extremely concerning that interested election officials could push their way through CISA to dilute the agency’s critical and compelling security measure to remove barcode votes from ballots – an unnecessary and serious vulnerability. that endangers the votes of millions of voters,” she said.

A CISA spokesperson said the change was not based on any complaints from any party and said that when the agency is alerted to potential vulnerabilities, it is common practice to update a notice as it works with researchers, suppliers and other partners to provide information on mitigation measures.

“We believe that the advisory’s set of mitigations, when used together, would enable jurisdictions, including those that use barcodes for tabulation, to prevent or detect exploitation. of these vulnerabilities,” a statement from the agency said.

The Dominion machines are able to print a full ballot without a QR code because the company updated its software for Colorado, said Matt Crane, executive director of the state’s county clerks association. He said that although Secretary of State Jena Griswold announced in 2019 that Colorado was removing QR codes for security reasons, the transition was just beginning.

Crane said he believes less than 2.5% of Colorado voters used Dominion ballot-marking machines in the 2020 general election. Most use hand-marked paper ballots .

The opinion is based on a report by Halderman, who examined voting equipment used in Georgia as an expert witness hired by plaintiffs in a lawsuit challenging the machines. Originally filed in 2017, the lawsuit targeted outdated voting machines Georgia was using at the time. The state purchased the Dominion system in 2019, but plaintiffs argue the new system is also not secure.

Halderman has long argued that using electronic machines to record voter choices is dangerous because computers are inherently vulnerable to hacking and therefore require several protective measures that are not followed uniformly. He and many other election security experts have insisted that the use hand marked paper ballots is the most secure method of voting and the only option that allows for meaningful post-election audits.

Rigorous post-election audits could detect fraud as they would be done by hand and verify that the human-readable part of the ballot matches the results counted by the scanners. But if the results were tampered with in a contest that hasn’t been verified, it could go unnoticed.

Associated Press writer Frank Bajak contributed to this report.

Previous Considering the relationship between cyber and war risks
Next Book vending machine unveiled