Business

Activists complain of weakened voting security standard

Today News ||

The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained that the EAC bends too easily to industry pressure.

Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain.

Ads

In a Feb. 3 letter to the agency, computer scientists and voting integrity activists say the change “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems.” They demand the wireless hardware ban be restored.

“They’re trying to do an end run to avoid scrutiny by the public and Congress,” said Susan Greenhalgh, election security coordinator for Free Speech for The People, a nonpartisan nonprofit.

RELATED:  Universal Credit claimants could get £25 boost as Cold Weather Payment triggered

Seven members of the commission’s 35-member advisory board including its chair, Michael Yaki, wrote EAC leadership to express dismay that the standards were “substantially altered” from what they approved in June. They asked that the Feb. 10 vote be postponed. At the very least, they wrote, they deserve an explanation why the draft standards “backtracked so drastically on a critical security issue.”

Yaki said he was puzzled by the commission’s move. “The mantra adopted by pretty much the entire cyber community has been to take radios or things that can be communicated via wireless out of the equation,” he said.

A modem ban is especially important because millions of Americans continue to believe former President Donald Trump’s unfounded claims that voting equipment was somehow manipulated to rob him of re-election in November, said Yaki. “You don’t want to give QAnon enthusiasts or the ‘Stop the Steal’ people any reason to think that our our voting infrastructure is less than perfect.”

EAC Chair Benjamin Hovland noted that the agency relied on experts with the National Institute of Standards and Technology to help draft the guidelines. He said objections to the change should not be allowed to hold up the new rules’ significant cybersecurity improvements.

The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware, Hovland said, which could hurt competition in an industry already dominated by a trio of companies. He also argued that the guidelines are voluntary, although many state laws are predicated on them.

RELATED:  Massive cargo ship turns sideways, blocks Egypt's Suez Canal

“You have people putting their own personal agenda, putting themselves before the health of our democracy,” Hovland said, adding that elections officials are among those supporting the change. “It’s so small-sighted the way some people have been approaching this.”

Hovland stressed that the amended guidelines say all wireless capability must be disabled in voting equipment. But computer experts say that if the hardware is present, the software that activates it can be introduced. And the threat is not just from malign actors but also from the vendors and their clients, who could enable the wireless capability for maintenance purposes, then forget to turn it off, leaving machines vulnerable.

Still, one member of the NIST-led technical committee, Rice University computer scientist Dan Wallach, said that while the changes came as a surprise, they don’t seem “catastrophic.” Objections shouldn’t hold up adoption of the new guidelines, he said.

California, Colorado, New York and Texas already ban wireless modems in their voting equipment. The standards being updated, known as the Voluntary Voting System Guidelines, are used by 38 states either as a benchmark or to define some aspect of equipment testing and certification. In 12 states, voting equipment certification is fully governed by the guidelines.

RELATED:  Carer’s allowance claims may boost other benefit payments – full details on claiming rules

In 2015, Virginia decertified and scrapped a voting machine called the WINVote after determining that it could be wirelessly accessed and manipulated.

Created to modernize voting technology following the “hanging chad” debacle in the 2000 presidential election, the EAC has never had much authority. That’s partly because voting administration is run individually by the 50 states and territories.

But after Russian military hackers meddled in the 2016 election in Trump’s favor, the nation’s voting equipment was declared critical infrastructure and Democrats in Congress have attempted to exert greater federal control to improve security.

Republicans, however, have stymied attempts at election security reform in the Senate. While the most unreliable voting machines — touchscreens with no paper ballots to recount — have largely been scrapped, privately held equipment vendors continue to sell proprietary systems that computer scientists say remains vulnerable to hacking. Experts are pushing for universal use of hand-marked paper ballots and better audits to bolster confidence in election results.

—-

Associated Press writer Christina A. Cassidy contributed from Atlanta.

More Economy Business News Updates of Today Check Below

Today News || Business Today || World News || Headlines Today || Health || Technology News || Education News

Source

Tags
Show More

Related Articles

Back to top button
Close