A Deep Dive On The Three Major Voting Technologies In The World

Are these voting machines truly free of fraud?


In last year’s conference, hackers showed off their party tricks at Black Hat, the annual conference that puts security on the frontlines.

In order to demonstrate how easy hacking truly is, they hacked cars, ATMs, and mobile devices. In 2016, they made a new addition: a simulated version of a hackable electronic voting machine, assembled by security firm Symantec.

According to Brian Varner, a security researcher at Symantec, the electronic voting machine is another frontier for hackers.

As of now, 75% of the country’s votes are being cast using paper ballots. Some electronic machines that we use, print a ballot so that there’s paper trail. The states Georgia, Delaware, Louisiana, South Carolina and New Jersey, have no way to audit results after casting a vote through electronic voting.

A number of electronic voting machines use a voter access card that voters usually receive when one goes to the polls. Each card can be used by multiple voters. According to Symantec, these machines represent an opportunity for hackers. If hackers gain access before the voting begins, they can manipulate the results.

Varner showed in a demo how a voter access card can be hacked by a small device that can reprogram the card, giving voters the ability to cast their vote as many times as they like.

“I can probably put about 400 votes by myself in less than a couple minutes and the poll workers would be none the wiser,” Varner said.

There are various ways that electronic voting systems are vulnerable to hacking. Hackers could access computers responsible for aggregating election results by connecting to the internet even when it’s expected to remain off-network. Hackers could intercept the signals from the electronic voting machine and could connect to the internet. This is comparable to how hackers could intercept a user’s data when a person connects to the WiFi. Additionally, hackers could create a phishing software that’s convincing enough to be installed, should the machine connect to the internet during an election.

“We don’t know what the transport network looks like between this machine and the actual database server that’s aggregating the votes and then sending it up for live broadcast. Anywhere along that path… the communications could be intercepted,” stated Varner. Many of the voting systems are provided by a small number of businesses; therefore, if one machine is compromised several other machines may be manipulated. Additionally, the malicious code or software used to hack the machines may even delete itself after its done its job, erasing any trace of voter fraud.

Because of this, Homeland Security Secretary Jeh Johnson brought up the idea and urged the federal government to consider whether voting machines should be called “critical infrastructure”. This means security standards for voting machines should be defined. For example, “you can’t connect it to the Internet, if you’re using USB key, you have to have a process to makes sure they’re not infected. You have to have the right level of auditing.”

Cheating in the elections had always been a constant activity in politics even before.

“Years ago, we had Watergate — where you had a couple of boxes of files that were stolen,” Crowdstrike’s CEO George Kurtz said. “Now we’re talking about 20,000, 30,000 files that are being dumped on the Internet by nation-state actors. So there are broad ramifications for potentially trying to manipulate the outcome of an election.”

In 2006 alone, significant allegations of election fraud surrounded presidential elections in Italy, Mexico, and several former Soviet republics. In the United States, concerns have been raised regarding all aspects of elections, from voter registration fraud to voting machine security, especially since the 2000 presidential election, when accusations of electoral manipulation in Florida resonated around the world. The potential for election fraud overshadows elections in all election-holding countries, even those with long-established democracies.

The psychological impact of voters believing the election could be rigged could have broad and disastrous implications.

That is why, I conducted a careful online investigation on the different voting technologies provided by these three major electronic voting companies, and the controversies and history tied along with it.


MicroVote

This American voting company is based in Indianapolis. This company is founded back in 1982 and have guaranteed safe elections built on promises of reliability, security, and ease of use. Microvote has delivered decades of Direct-Recording Electronic Machines.

Prominent Controversy

According to VotersUnite.org in its list of documented failures, MV-464 DREs shut-down haphazardly, causing the vote to be lost in the November 1995 and April 1996 elections in Montgomery County, Pennsylvania.

The record said the scroll motors emitted power surges that caused the machines to go into power-fail mode and shutdown to protect the circuitry. Thus, when a voter attempted to scroll to the next page on the DRE, the scroll motor would activate, and the machine would shut down in front of the voter. The MEMS accumulation software — which was not certified in Pennsylvania — malfunctioned, causing MicroVote employees to report the wrong “unofficial results” to the press.

In an internal memorandum, MicroVote’s on-site manager also noted “serious problems” with the MEMS software. The software problems were not detected during pre-election test because MicroVote was making changes in the software up to the day before the election. Under the contract and Pennsylvania law, the system, including the software, should have been tested and certified prior to the election.

MEMS, however, was not certified in Pennsylvania. MicroVote sued the county for $1.8 million, alleging that the county orally promised to buy more machines and that the problems during the elections were the result of the county not having purchased the promised number of voting machines.

The court dismissed the suit. The county then sued MicroVote, Carson Manufacturing Co. (the distributor), and Westchester Fire Insurance Company (which posted a performance bond). Carson settled with Montgomery County shortly before trial for approximately $587,500. The jury returned a verdict against MicroVote and Westchester.


Smartmatic

Smartmatic is a multinational company that specializes in technology solutions for governments. It creates electronic voting systems as well as, public safety, and public transportation solutions. The company also creates identity management systems for registration and authentication for government applications.

Prominent Controversy

Despite failing to transmit 23% of election results in 2013, the Venezuelan firm Smartmatic won a P500-million ($10.61-million) deal to provide the same services in the presidential elections in the Philippines in 2016.

In a column of the Manila Times, they have briefly discussed why Smartmatic should not be allowed to operate and automate the elections in the Philippines. Nelson Celis wrote: “In 2010, 9 percent of PCOS machines (from Smartmatic) failed to transmit ERs (Election Returns); in 2013, transmission failures hit 23 percent of PCOS machines, thus technically disenfranchising 8.6 million voters. Last May 9, 2,500 VCMs (with 184 alone in Caraga, La Union, and in the OAV centers) malfunctioned, affecting 1.5 million voters. All SD cards from 92,509 clustered precincts, whether transmitted or not, were “imported” to the Municipal Board of Canvassers, thus opening the system to data manipulation and election rigging. How many ERs were transmitted to be used as a basis for proclaiming election winners is the big question.”

Commission on Elections (Comelec) announced on November 26, 2015, that Smartmatic bagged a P507-million (P10.76-million) contract to transmit election results for the May 2016 polls.

Smartmatic reportedly submitted the “lowest calculated responsive bid.” They have earlier provided the same services in the Philippines’ first two automated elections, in 2010 and 2013.

In 2013, Smartmatic failed to transmit around 23% of election results from vote-counting machines.

Given failures like this, critics have then urged the Comelec to blacklist Smartmatic from providing election-related services. They claimed that Smartmatic’s PCOS machines can be easily rigged.

Still, Smartmatic won another major deal that allows it to lease 93,000 vote-counting machines to the Comelec for May 2016 elections. This election was the fastest that results have been calculated in the Philippines. Filipinos knew the new leader of their country in less than 24 hours.


Diebold

Diebold is an American financial self-service, security and services corporation. The company is internationally engaged in the sale, manufacture, installation and self-service transaction systems such as ATMs, security products, vaults and currency processing systems, software-related services for global financial and commercial markets.

Prominent Controversy

Diebold voting machine came from a push for electronic voting that occurred after the chaos of the 2000 presidential election.

The controversy surrounding “hanging chads,” which was the result of “a half-punched piece” rather than “clean cut” from “readable punch-card ballots,” according to Bloomberg, when it came to the Florida election recount.

The result was a push for electronic voting to avoid using voting machines like Diebold, which allows people to vote via touchscreen. However, such incident opened the door for leftist conspiracy theories in the subsequent presidential election.

Fortune Reporter Barney Gimbel wrote about Bev Harris, a resident of the suburban Seattle County, became really curious when they decided to shift to electronic touch screen technology. Curious, she started surfing the Internet for information — and late one night in January of 2003, she discovered a cache of files on an unprotected Diebold server. In it were e-mails between programmers discussing the system’s problems.

“Distributing this software is extremely dangerous,” a programmer wrote in 2001. “Our smart-card format has absolutely no security, so if someone were to get a copy of this software and a reader, they could stand at the ballot station and quietly burn new voters cards all day…. I can see the cover of USA Today in my head. Consider everyone warned.” (Diebold says the problem was fixed before the 2002 elections.)

According to Politico, in 2003, an employee at Diebold mistakenly left 40,000 files containing code for the Diebold AccuVote TS, one of the most widely used machines on the market, on a public website.

The encryption key, F2654hD4, could be found in the code in plain view; and all Diebold machines responded to it. Findings said it’s easy for someone to put a memory card inside of it and tamper with it. Additionally, 43 states are reportedly using electronic voting machines that are a minimum of ten years old. Diebold itself was sued by the California state attorney general in 2004 for being “overly aggressive and misleading when they sold their voting machines to the state,” according to Arstechnica.

Despite concerns with these voting companies and electronic voting machines that they use, the said allegations were not proven in trial or court. All information came from electronic voting experts, but no evidence was reported.