Children at DEFCON 2018 successfully hacked a replica of the Florida election reporting web site. Even though the reporting website is not the same thing as the election tabulation system, reports like these tend to cause public concern about election security of our current systems. The public doesn’t know that the reporting website has no direct relationship with the actual vote tabulation and is merely an information source. Even if the vote counts are unaffected, conspiracy theories will run rampant if a state’s reporting website disagrees with the official election districts’ vote tally. Even though public panic is not justified, public concern about election security is. The officials protecting election integrity must be able to assure the public that measures are being taken to ensure that integrity.
Fortunately, there are large funding opportunities for states to improve their election equipment security and cyber protections in the new Help American Vote Act (HAVA) grants. The $380 million in funding signed into law on March 23, 2018 marked the first new appropriations for HAVA funds since FY2010. HAVA funds were designated to improve the administration of elections for federal offices and allocated to states to be used for various upgrades and improvements in physical election equipment, software and security measures.
The reality is, the physical, individual votes themselves are nearly impossible for a hacker to tamper with. In paperless voting, electronic voting machines are routed to a computer, often called a Judges Booth Controller (JBC) on an isolated, hard-cabled network that doesn’t involve the internet or any form of wireless connectivity. The vote data is stored on a memory card inside the machine sealed with tamper resistant seal. The intact machine with the sealed memory card is hand-delivered to the election control center by the Judge or election official responsible for it. Election officials unseal the machine and upload the vote totals to the tabulation system. Although data cards can be hacked, they have to be removed from the machine to do it. As long as the chain of custody is protected and the machine remains sealed, the vote totals will be accurate.
The process to protect paper ballots might seem more complicated to protect however it again comes down to protecting chain of custody. Card readers or scantron generic machines need to be protected before, during and after elections. Each voting site has a pre-determined number of machines that need to be tracked. The election officials need to document how many of each asset to track and manage per election site.
Image courtesy of Hart Interintercivic – https://www.hartintercivic.com/electionsecurity/
The secret to securing the election results is the protection of the chain of custody. Each machine must be tracked at every stage of the process, from storage to transport to the actual election day. If the security seal is tampered with, it is imperative that the stage where the security breach happened in the chain of custody can be verified. Generic or collected paper votes. JBC or Scantron machines equipped with RFID cards provide data check points at each stage in the chain of custody and cannot be faked or altered.
State election districts and the Federal government are working to ensure the safety and security of our election process. The State of Texas has issued a full outline of the required security steps for their election process. These directives help to inform the public, but also to provide a framework to each election district on the proven methods that need to be put into operation to secure their elections.
The general custodian of election records has several points of responsibility for creating and maintain an inventory of all election information storage media, including a procedure to track and report on the location of election equipment from storage through coding and the actual election to final post-election storage. There are requirements for records and chain of custody for these steps along with multiple election staff to be part of the verification process (Sec. 129.051 a-e).
The actual voting system equipment also must be stored and transported in a process that safeguards against any tampering. Verification that any transfer of chain of custody also needs to be monitored and reported (Sec 129.052a). Once the election is completed, the inactive equipment and data cards are required to be stored safely from unauthorizes operation (Sec 125.063).
Regardless of the type of election method in place, our election module creates a simple, yet secure process to protect the chain of custody and provide a record of each step of the transportation of the election storage media, voting machines or data cards. The RFID tags and mobile readers can produce the location reports that build confidence in any election district that their equipment and cards have been securely stored and managed throughout the election process. The mobile readers can be assigned to specific election officials and the data check points cannot be misrepresented, altered or hacked.
Summary of the Election Security Procedures as outlined by the Texas Secretary of State’s office.