At the annual hackers convention in Vegas known as DefCon, thirty voting system computers (both voting machines and electronic pollbooks) were made available to attendees to crack at will! And, boy howdy, did they! Every single system was reportedly compromised in some fashion by the end of the weekend — several of them fell within just minutes of opening DefCon's so-called "Voting Machine Hacking Village".
We're joined today for some of the amazing details on what happened in Vegas (in hopes that it doesn't just stay there!) by DR. DAVID JEFFERSON, a longtime computer scientist at Lawrence Livermore National Laboratory and Chair of the Board of Directors at VerifiedVoting.org. Jefferson, who has a been a pioneer in the field of voting system security for some 20 years, serving as an advisor to five successive Secretaries of State in California (both Republican and Democratic) also presented at the wildly popular DefCon "Voting Village".
"It was a wild time, I have to tell ya. This hacking village was set up — really, in just six weeks it came together — and in that short a time, they managed to gather all these voting machines," he says. It was quite a contrast from the "cloak and dagger" days when folks like us had to obtain voting machines from secret sources to share with independent investigators in order to have any kind of independent analysis of system vulnerabilities.
"That room was just crowded from morning to night," Jefferson says, describing the room at DefCon. "And the amazing thing is that all of those successful hacks, these were by people who, most of them, had never seen a voting machine before, and certainly not the system sitting in front of them, and they had not met each other before. They didn't come with a full set of tools that were tailored toward attacking these machines. They just started with a piece of hardware in front of them and their own laptops and ingenuity, attacking the various systems. And it was amazing how quickly they did it!"
Jefferson tells me, after all of these years, he is now seeing a major difference among the public, as well as election and elected officials (a number of whom were also in attendance), regarding the decades-long concerns by experts about electronic voting, tabulation and registration systems.
"I am seeing a kind of sea change here. For the first time, I am sensing that election officials, and the Department of Homeland Security, and the FBI, and the intelligence community, and Congress, and the press, are suddenly, after the 2016 election experience, receptive to our message that these systems are extremely vulnerable and it's a serious national security issue. As you know, in a democracy, the legitimacy of government depends on free and fair and secure elections. And people are beginning to realize that we haven't had those for a long time."
He explains how hacking methods attributed by many to Russians following the 2016 elections "are the same methods that anyone on Earth could use — insiders, criminal syndicates, nation-states other than Russia, as well, or our own political partisans. The fear, of course, is that these hacking attempts will be totally undetectable. But even if they are detectable, it's difficult often to determine who did it, whether it's an insider, or a domestic partisan, or some foreign organization."
He also confirms what I've been trying to point out since the 2016 election, that despite officials continuously claiming that no voting results were changed by anyone, be it Russia or anybody else, "they cannot know that. They simply can't know. Certainly in those states where there are no paper ballots, such as in Georgia, for example, it's impossible for them to know. And even in states where there are, if they don't go back and either recount the paper ballots, or at least recount a random sample of them, no, they can't know either."
"Election officials have fooled themselves into believing the claims of their (private voting machine) vendors that the systems are secure from all kinds of attack. And it's just never been true," Jefferson argues.
But will the weekend's short order hacks of every voting system presented at DefCon actually help the US to finally move toward systems that are overseeable by the public? And what does that mean, exactly? Is replacing old computer election systems — many of which still run on no-longer-supported software like Windows 2000 — with new ones the answer? Are paper ballots, which voting systems experts call for, enough? Particularly given that we saw, after the 2016 election, how it's nearly impossible, even for a Presidential candidate, to see those ballots publicly hand-counted ("Democracy's Gold Standard") in order to confirm results?
"We have to change the way we think about securing elections. Instead of trying to harden the voting systems themselves against all forms of attack — I think that is going to be a hopeless task for as far into the future as computer scientists can see. Instead of hardening those systems themselves, we need to design systems so that after the election is over we can verify that the results were correct. And then if they're not, we have to be able to change the results accordingly. So the emphasis is on detection and correction, not prevention."
I hash all of that out and much more with my friend Dr. Jefferson today, who also details DefCon's plans to make the "Voting Village" a permanent fixture of its annual convention, which just spectacularly wrapped up its 25th year.
Also on today's show: Trump fires his incoming White House Communications Director Anthony "The Mooch" Scaramucci before he even officially begins in his new role, and the mop-up from last week's health care repeal disaster for Republicans in the Senate continues, as the White House demands the US Senate vote on nothing else until they can vote to repeal the Affordable Care Act, despite a new poll finding Americans want Congress to move on, and Vermont Sen. Bernie Sanders vowing to introduce a single-payer healthcare bill in the US Senate.
We'd love to get your feedback at firstname.lastname@example.org