Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked

from the fire-everyone dept

Let’s face facts: if you have an electronic voting machine it can be hacked. Anyone who claims any piece of technology or computer equipment is “unhackable” is a fool and should not be in a position to determine the security of such equipment. Electronic voting machines have a very long tradition of having absolutely horrible security and being easily hacked. It’s why it’s so important that people understand just how vulnerable these things are, not just because they can be hacked, but the poor security practices around them will lead many people to distrust the results of any election, even if all the votes were actually counted.

You know what doesn’t help? Having election officials declare their e-voting machines unhackable. And yet that’s exactly what officials in Pennsylvania’s Allegheny County (think: Pittsburgh) have done.

Starting in the next few weeks and running past Election Day, the machines will undergo tests to ensure they are recording votes properly, that they have not been hacked and that they cannot be tampered with, said Mark Wolosik, longtime manager of the Allegheny County Elections Division. Each test is designed to check a potential breach in the system.

?The voting public can feel confident,? Wolosik said. ?Everything is tested extensively before the election, after election and on Election Day.?

Election officials in Allegheny and Westmoreland counties said they are confident their electronic voting systems are immune from hackers or malware that could alter election results.

?In my experience, there is no way to compromise these election systems,? said Dave Ridilla, head of Westmoreland County’s computer information department.

That doesn’t make me feel more confident. It makes me question the competence of those officials. Any such hardware can be hacked. Saying it can’t means that you’re just not understanding the threats you face, and that’s more problematic. There are things that people can do to minimize the risks, and hopefully that’s what’s happening here, but giving a flat out “there is no way” statement is ridiculous on its face and is almost screaming out to have that statement mocked when the equipment is actually hacked.

The machines being used do not appear to have open source software that people can examine, and they don’t have a paper backup, so if votes are tampered with there’s really no clear way to know for sure. That’s especially problematic. Yes, people may have done a good job securing the machines, but saying they can’t be hacked is not just wrong, but it calls into question the competence of the people securing the machines.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked”

Subscribe: RSS Leave a comment
Anonymous Coward says:

!00% confidence in their never being hacked

So basically they are the computer scientist from the Willy Wonka movie.

It feels like they are more worried about becoming another 2000 Florida than hackers from another country choosing a president illegally. Which I would not be surprised is how they really are thinking about this now that I think about it.

Personally i’m more worried about voter intimidation as a serious and immediate widespread threat to the election. Will hacking happen? I am confident it will. But those hopefully will be limited in scope and result in special elections to verify results.

Anonymous Coward says:

I find it slightly amusing and slightly depressing to see officials make statements like this. Amusing because in the last year or so my county replaced the purely electronic machines it’s used for the last 15 years or so, with paper ballots and a machine that scans and stores them. Something about the old purely electronic machines they had having been certified is what the election worker I asked told me. Though from a cursory search it seems a law in my state intended to phase out electronic machines in favor of paper based ones is involved as well. Depressing because there are people dumb enough to be this overconfident in purely electronic systems.

Anonymous Coward says:

Probably more about expectation management than anything else.

The Washington ComPost the other day ran a full page basically saying: “It is just like, SOOOO hard to steal an election!”

This is probably part of the same propaganda campaign. They intend to commit a fraud, so they are planning ahead to debunk anyone who brings attention to that fraud.

Good long term planning really.

That One Guy (profile) says:

"If I don't see it, it never happened."

The machines being used do not appear to have open source software that people can examine, and they don’t have a paper backup, so if votes are tampered with there’s really no clear way to know for sure.

If it’s impossible to tell whether or not the votes have been tampered with, it’s also impossible to tell whether or not the machine has been hacked, because there won’t be any evidence of a hack.

As such you could say they’re technically true, in that it’s impossible(or extremely unlikely) to have any evidence of hacking, and without evidence clearly it never happened.

Ruby says:

I can't speak for Penn. or other states...

…but as someone that works the polls on election day in Ohio, I have yet to see any expert demonstrate a hacking method that has a snowball’s chance in hell of occurring in reality.

Remember, these machines are plugged into the power socket on the wall and that is it. They are not networked to anything and have no wifi capabilities.

The only way to hack them is to mess with them physically. The dude that did that “scary” study apparently just got a machine and messed with it in his living room. Which means he has no idea what type of counter measures are used to detect hardware tampering.

Also, WHEN would you do this?!

Does he think these just chill unsecured in an unlocked room or something???

The only time you’d have access to the machines (if you weren’t a poll worker and, to be clear, no worker is ever left unattended with anything) would be on election day (and at least one “expert” thinks you could tamper with them on election day).


Again, I don’t know about elsewhere but here? Here the e-voting machines sit out in the open, in the middle of a room filled with 4-8 poll workers (at least one of whom will have the sole task of chilling around the machines until we switch jobs) and god knows how many voters. Plus state and county observers popping up randomly throughout the day.

Good luck doing anything out of the ordinary without getting caught.

Anonymous Coward says:

Re: I can't speak for Penn. or other states...

You clearly have no experience with hacking. Taking something apart in your living room is exactly the type of thing someone does to become familiar with the hardware and software. With an example machine, you will get access to the electronics and eventually to the OS. If you can figure out how to change the programming, you are halfway to rigging an election. Hacking via the power cord is nothing new, but I doubt that it would be needed. Believing that your product is invulnerable just because it uses proprietary software and doesn’t have obvious access points is just naive. If your product hasn’t been independently verified as hackproof, by actual hackers and the code hasn’t been verified to lack bugs or hidden code that will effect the election results, why should we trust it? If you really feel your product is so secure, let it be tested, otherwise it is just a fancy potentially rigged ballot box.

Anonymous Coward says:

Re: I can't speak for Penn. or other states...

“…but as someone that works the polls on election day in Ohio, I have yet to see any expert demonstrate a hacking method that has a snowball’s chance in hell of occurring in reality.”

Exactly how many expert hacking methods did you review? How did you vet the “expertise” of those doing the demos? What credentials and professional accreditations do you hold that certify your competence to judge?

Lets reflect on the EASIEST hack – design the machines pre-hacked. VW did exactly this with their emissions controls, i.e., work one way most of the time, but under special circumstances work entirely another way. Nobody has to “break in” to make the machines cheat, since the machines already know how and when to do so. All we have to do to get away with that approach is restrict reviews of the software.

I would be very suspicious of Mark Wolosik and Dave Ridilla – ignorant boobs, paid stooges, or evil hackers are the only categories into which I can see them fitting. Same holds for you, altho’ I find the latter categories most unlikely in your case.

bob says:

Re: I can't speak for Penn. or other states...

Yes because that person watching is able to watch each person’s screen and hands without needing to look away or get distracted or zone out.

All it would take is an accomplice that distracts everyone long enough for you to plug in a thumb drive that can execute code automatically. Sure you need to research the target a bit first but that can be arranged before election day.

There is always some port somewhere that a developer left so that they could reprogram/update the system.

David (profile) says:

And it runs on DOS!

So far, every voting machine that has been ‘accessed’ by other means have had two choices for operating systems, MSDOS or Windows. While there might be a Linux/BSD option I have yet to hear/read about one.

Both MSDOS and W* are so hackable as to not having any protection at all. Paper trail audits could at least warn about a problem, or attempt to back out the hack.

But, you would have to acknowledge that it is a possibility first. That isn’t going to happen.

JBDragon (profile) says:

I know where I live in California, we had these eVoting machines 1 year. They had issues, not reliable. We’re now back to filling in bubbles with the old #2 pencil. No hanging chad that way either!!! I think it’s the best way. If it’s good enough to test kids with in school, then why not and they grow up used to it!!! You stick it directly into the machine and it reads it right then and you have a paper trail.

I think it’s much cheaper then these COMPUTERS which is what they are that sit around most of the time and rot away and become outdated in no time anyway. It’s way to costly and not Reliable and that’s before even getting to hacking.

I’m not sure why anyone would still want a eVoting machine at this point. It makes zero sense unless you have plans for fraud with them.

Anonymous Coward says:

If any of these voting machines were even close to being as secure as the companies that make them and politicians claim they are then they’d be more open to real independent security tests on them. But they aren’t, not even close, sometimes they’re so laughably weak that a 4 year old could have built a better system.

Saying that it, or anything for that matter, is unhackable is just throwing out a challenge and many people will try and do it and most likely they will succeed.

Aaron T (profile) says:

What are they going to say?

Seriously, this is just marketing. What are the election officials going to say?

“Hey, we know we spent millions of your tax dollars on new voting machines not that long ago, but it turns out they’re completely insecure and frankly, there’s no point in you even voting because some guy in Russia or some rando wearing a Guy Fawkes mask is going to make sure their candidate wins.”

If you’re an election official, the last thing you want to convey is anything but confidence in the election, the voting machines or the system as a whole. Once people stop trusting the validity of the elections, your democracy (and cushy government job) comes crumbling down on your head.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...