Among the questions that keep coming up: Could a hacker manipulate and falsify the digital vote count in our elections? The short answer, at least in Linn County, is no.
Why not? Because, as Deputy County Clerk Marcie Richie explained to me when I asked the other day, the county’s computerized vote-tallying system is not connected to the Internet. There’s no way to hack into it because there’s no way in.
So how are the local results transmitted to the state Elections Division for the statewide totals? Richie says she puts the local results on a thumb drive, which she then plugs into a computer for transfer to the state.
Linn County’s vote-tabulating setup is relatively new. The county used it for the first time in the primary in May of 2016. It cost $170,000, less than the $212,000 price tag of the system it replaced. The annual fee for maintenance and updates is $30,766. For the old system, it would have been more than $35,000 this year.
Last week I got a brief demonstration of some of the system’s capabilities when I wondered about the unusual shape, a vertical rectangle, of a computer screen. It’s shaped that way to it can display a complete ballot all at once.
Neatness is not universal when voters mark their ballots by filling in the little ovals. The tallying system allows election officials to review an individual ballot in detail to determine what a voter meant.
Ballots that leave a paper trail. Processed and counted with no link to the Internet. That’s why voters can have confidence in the accuracy of the results. (hh)
This is likely a really dumb question, but I can’t help but wonder if that thumb drive is wiped completely clean before it gets plugged back into the local system after transferring data to the state???
That vertical screen probably isn’t special. Some monitors a grade above the cheapest have a stand which allows the monitor to “pivot” by 90 degrees (don’t confuse with “tilt” or “swivel”). They usually also provide height adjustment, since you need the extra height to go vertical. Probably better for dedicated apps like this than for just viewing some tall photos. I don’t remember seeing them in local stores, but they’re readily available online.
For the single candidate positions I would be interested in knowing how many checked the name & how many didn’t out of the number of ballots cast. By not checking the single candidate box it does sent a message of sorts. I don’t check the box in single candidate “races”.
That information is available on the county election results website. You can see total votes for each candidate and the number of blank votes.
I think that is referred to as an “under-count” and the number is recorded and available.
In addition to vote-by-mail, the LinnCo ‘system’ makes me seriously question the angst of voter hacking when this same system could be used across the country…
The obvious question: in which country was the Flash Drive manufactured and is the Flash Drive chain-of-evidence procedure carefully monitored? And, who watches the Watchers?
“And, who watches the Watchers?”
Very boring, but if you’re so inclined, you can watch them “do their thing” before the results are posted…
Thank you Hasso.
As a software developer, I have been very concerned over the past decade as folks have advocated for ‘internet voting’. I have given some thought to the weaknesses in all computer systems in general, and specifically those on the internet. There is no fool proof method to prevent hacking — it happens even to the most secure government and corporate entities.
Having an isolated machine which counts the votes, and having a paper trail both for audit and recount purposes is a good start. I applaud Linn County here. I also see that Oregon’s vote by mail system, which in honesty I was against at first, is a great system as the creation of a paper record is built into the system.
However, there are still weaknesses in the system, which could be exploited. Some of these would be done by the inside threat. For instance the software installed on the machine itself could be hacked at the company which created the machine and (presumably) updates the software occasionally. This has happened, for instance, with Nevada gambling machines. It has also been peformed with devestating results to the centrifuges of Iran not too long ago. In this case, likely by software installed via a usb thumb drive or other non internet connected device.
Another vulnerability is the transfer of the data to the thumb drive and then to the state via the internet. Some ways to mitigate the risk is by the use of encryption of the data before it is put on the thumb drive, with the key to decrypt held not by an individual but by the system which receives the data at the State level. Also, a two-person rule for this process will help. It may be that the above is already in place, and if so, that is good.
Next, unless a private network is used to send the data to the state, the data Is vulnerable both in transit, and after reception by the state. Encrypted networks over the public internet help here if there is not a private network. Such may be in place already.
Then, at the state level, a computer of some sort tabulates the results from the various counties. If these are connected to the internet there is also a vunerability. Also, the same vulnerabilities mentioned above here in Linn County, also apply to the states computers. One method which can be done at the county level is to review the numbers as reported by the State for our county to verify they exactly match what is reported by our county computers.
All of the above may already be in place, but wasn’t mentioned in this brief article. I would also encourage a system of random audits at the local level, where paper ballots are counted by hand and compared to the machine count. The purpose here would be to detect either faulty or malignant software installed onto the local machine, as mentioned in the first weakness above.
For those of us who think about software and computers, this is not boring at all, on the contrary, it would be quite rewarding and interesting to ensure the integrity of the foundations of our democratic processes.
-Shawn Dawson
Shawn D poses interesting questions.
Frankly, it wouldn’t surprise me if they were all covered in protocol. It also wouldn’t surprise me if there’s no detailed answer to security questions.
Shawn’s points are very good, especially about paper ballots and auditing. Computer security is definitely not infallible. It’s done by good hackers staying a step ahead of bad hackers.
The attack targets have mostly shifted in recent years from the internet itself (its routers and gateways) to the end points (everybody’s computer, local network, and gadgets). The goal is now “HTTPS everywhere,” meaning secure and encrypted communication everywhere on the internet, safer from interception and spoofing. Doing otherwise for anything important is criminally negligent. The necessary certification is now easy and free (letsencrypt.org). Attacks on each computer (or company network) are enabled by unpatched software vulnerabilities (Equifax sat on it for MONTHS) and social engineering (email spearphishing and phone calls to the help desk).
That’s a security summary from recent study by a NON-expert. Now a bit of politics for which I claim omniscience ;-).
Oregon has one of the more secure (and securable, and auditable) voting systems. If some part of it is suspect, you can work on it, maybe even fix it, unlike paperless machines and complicated provisional ballots in other states. That’s not particularly interesting politically. What matters is that voting in Oregon is EASY, and that’s what bothers one side, whose survival as a disproportionally dominant force in its current extreme form depends on making voting DIFFICULT. Exhibit A is the street-address-on-ID requirement to vote in North Dakota. The Dems are also guilty, for questionable advertising in ND about hunting licenses.
My wish isn’t just to promote my obvious side, but to see the country step back from the political World War launched by Newt Gingrich around 1994. Some ideas:
1 – If we had rank-order voting everywhere, don’t you think some moderates of either (or a third) party would emerge after a while? It would certainly be meaningful to voters to endorse someone other than the most rabid idiot of either party’s “base.”
2 – Maybe if the House flips, causing total paralysis, those Supreme Court Justices who thought they helped the conservative cause by equating money with speech (Citizens United) will change their minds. The Dems are spending LOTS of money this time.
3 – The horribly-flawed electoral vote system could be fixed without altering the balance between large and small states. Each state keeps the same number of electoral votes, but divided proportionally to the popular vote within that state. That way every state counts, and state-to-state differences in voting rules won’t affect the outcome, as would happen with a national popular vote.
Hasso.
This has been the most money spent for a governors race in the history of Oregon – – -We could have fed all the hungry children in Oregon with the money those 2 candidates have wasted.