Sixteen years ago, Lawmakers led Americans to believe that they had solved the Problems of Florida 2000. But the 2016 Elections made it clear that the Problems simply shifted from one technology to another. Once again, Lawmakers are proposing fixes that they say will help address the current state of elections, and once again, those proposals fall short.

Legislators have introduced several Bills that propose to bolster Security, in part by mandating Paper Trails and Manual Audits. But only one of them, the Secure Elections Act, has advanced, and in the process it has been significantly watered down. In August, Republican Lawmakers weakened the Bill by Allowing Officials performing Audits to rely on the digital Images of Paper Ballots stored in Optical-Scan machines, Images that can be Manipulated by Hackers and others, Security Experts say.

This year, Congress appropriated $380 Million to States to pay for Security Upgrades and Replace some of the machines that were bought with Help America Vote Act (HAVA) of 2002 Funds, in the belief that this will make Elections more Secure. But the New machines have the same Problems as the ones they will replace. All machines on the market today were Tested and Certified to the Standards HAVA put into effect in 2007, and Technology has evolved considerably in the last Decade. The Elections Assistance Commission (EAC) and its Technology Guidelines Committee are completing New Standards, but it will be at least another Two years before any machines will be Tested and Certified to them.

Even those Standards will almost be inadequate. They will, for instance, most likely continue to Exempt Commercial Off-the-Shelf Components from Testing. If a Vendor uses Windows Operating System or a Commercial Modem in its machines and asserts that it hasn't Altered them, the Labs don't look at those Components. And they probably won't require Labs to do Penetration Testing to see if they can Hack Voting Systems, one of the most effective ways to measure the Security of a System. These companies have seized a central role in our democracy, said Senator Ron Wyden (D-OR), who is one of a small group of Lawmakers who have shown a willingness to demand more Transparency from Vendors. But rather than recognizing that cybersecurity needs to be their top priority, they treat it as a public relations problem that can be dismissed with spin. He said.

The valuable work of Testing System Security has been taken up voluntarily be Security Researchers like the Finnish Computer Programmer Harri Hursti, J. Alex Halderman of the University of Michigan, and the participants at the recent Def Con Voting Machine Hacking Village. But the Researchers face Hostility and sometimes even Legal threats from Vendors, who want to Prevent them from finding and Exposing Problems with their Software and machines. Before the DEfCon event this year, which received unprecedented Support and Interest from Election Officials, ES&S and other Vendors sent Comments to the United States Copyright Office expressing Opposition to a Proposed Exemptions to the Digital Millennium Copyright Act (DMCA) that would Expand the Rights of Researchers to Reverse-Engineer Election Software without Copyright Lawsuits.

Even now, when the Country is desperate to Prevent Russian Hackers from Interfering with future Elections, ES&S is more focused on asserting Proprietary Control over its Systems than on working with Communities of Researchers who want to Secure them. In addition to the Comments it sent the Copyright Office, it also sent a vaguely Threatening Letter to its own Customers, Warning them against Helping Researchers by providing them with Voting machine Software to Examine. In that Letter, ES&S reminded Election Officials of an Essential Fact: The American People don't Own the Software that now sits at the Heart of their Democracy, they just Lease it.










NYC Wins When Everyone Can Vote! Michael H. Drucker