Def Con is a 25 year old hacking convention where the worlds best hackers come together often highlighting security vulnerabilities in technology. This year, Def Con made news by raising awareness of our voting machine insecurities by challenging hackers to hack into the voting machines commonly used in this country for elections. These Def Con hacks took place in the "Voting Village".
I spoke with Voting Village organizer and leading election technology researcher, Harri Hursti, about the results of the experiment and the challenges we face in securing our elections in the future.
AM: Tell me about Def Con and the "Voting Village" and the role you played in the experiment.
HH: I was the co-organizer of the Village along with professor Matt Blaze.
AM: What was the main purpose of this exhibition?
HH: Education. We wanted to let the security community learn more about the machines and the designs. So far, only a very small group of people have been allowed to study and research these machines. As a result there was a lot of misinformation, rumors and false claims, and finding proven facts was difficult. The broader community which has 1st hand experience can help the public and the policy makers to get the facts known and drive better policies and practices to secure the elections.
AM: How many voting machines in total were there used in this experiment?
HH: 10 voting machines and 10 electronic pollbooks
(For my readers that have no idea what an electronic pollbook is, as per wikipedia: an electronic pollbook or e-poll book is either hardware, software or a combination of the two that allows election officials to review and/or maintain voter register information for an election, but does not actually count votes. This software or hardware is used in place of paper-based poll books, which are typically three-ring binders. Often, the functions of an e-pollbook include voter lookup, verification, identification, precinct assignment, ballot assignment, voter history update and other functions such as name change, address change and/or redirecting voters to correct voting location.)
AM: How many different types of voting machines were used at Def Con and how many different types of voting machines are used during an election?
HH: 4 different types of voting machines and 1 e-poll book. According to the best available public information, 52 types of machines were used in November 2016's general elections. There are quite a few systems which are only used in a single or few counties/cities in USA. The 3 out of 4 different types machines we had in the village are some of the most widely used models of electronic voting machines used in 2016 elections.
AM: How many hackers did you have at Voting Village trying to hack these voting machines?
HH: Unknown, doors were open and the room which has capacity of about 100 was several times overcrowded, and we needed to temporarily stop people from getting in. I would guess that number of people who did some real hacking work was 200-300 over the 3 day period in that room. On top of that we had machines placed in a second room for 2 of those days and we lent a few machines to other Villages (like the Hardware Hacking village) - so the total number is really unknown.
AM: Were any of the voting machines that were used in Voting Village more secure than others?
AM: OK. So break it to me gently…how long did it take the hackers to get into the voting machines?
HH: From when the doors opened, the first 2 hacks were announced in under 90 minutes. However, the first announcer was away from the room for about an hour to catch a speech - so he did the hack and developed demonstrable proof-of-concept in under 30 minutes of real working time, we only learned of it 90 minutes in.
AM: 30 minutes! Ugh! What's another device that would take around the same amount of time to hack?
HH: Any device with all operating system maintenance neglected for 10 years. One reason the WinVote was so easy to hack was because it was running an old, out of date Windows XP operating system with wireless connectivity, so it's the equivalent of a decade old laptop that hasn't been updated since it was purchased.
AM: Were you able to pinpoint the security vulnerabilities? And were those insecurities the same across all the machines?
HH: The California TTBR Report and the Ohio EVEREST Report identified 100s of vulnerabilities that are mainly still there. There are vulnerabilities which are not bugs, those are extremely insecure design features, and those seem to repeat themselves across the machines.
AM: 100's of vulnerabilities?! Is it possible to design a voting machine that can't be hacked?
HH: No. The key is auditing the results - and auditing is only possible if the voter votes on a paper ballot.
AM: After this experiment, do you think that our elections have been compromised in the past?
HH: It was well established that all election machines were and are hackable. The purpose of the Village was education. Also, these machines are so insecure that they are incapable of even providing reliable forensic evidence one way or another. To clarify, basically these machines often don't even reliably log how they've been accessed, meaning, claims that the machines showed no proof of being "hacked" is a circular argument, because the machines are incapable of providing such proof. Imagine asking your refrigerator why it is out of milk, when it does not even have the ability to prove how many times its door has been opened.
AM: Oregon has the most convenient voting system in the country. Since adopting paper-vote-by-mail ballots, Oregon consistently ranks as a national leader in voter turnout. What do you think we have to do to keep our elections from being hacked in the future? Do you think the country should move in the direction of paper-vote-in-ballots like the system Oregon has in place?
HH: Actually, Oregon uses various types of voting machines to scan and tabulate the paper ballots. It is called a 'central count'. Ballot scanners when working properly are superior to humans in accuracy - but paper ballots scanners and tabulators are hackable. The key is a mandatory audits of the results. A paper ballot is the best way to vote today, and technology should be used in responsible ways to count the paper-ballot recorded votes. By the way, mail-in voting has it's own set of risks, starting from voter coercion and fraudulent use of PO Boxes.
AM: There were 15 states in 2016 in which at least some voters used machines without a paper trail. Knowing how easy it is to hack these voting machines, what more can we do as a country to protect the integrity of our elections?
HH: Actually, people don't realize that voting machines with paper trail (VVPAT) are not much more secure than the ones without it. There are numerous studies showing that VVPAT is not a solution. Paper ballots are the only way to secure the elections.
AM: Thank you for your time and raising awareness on such an important issue affecting our democracy.
HH: Thank you!
Interviewer: Alyssa Milano | Interviewee: Harri Hursti
Mr. Hursti is one of the world's foremost experts on the topic of electronic voting security, having served in all aspects of the industry sector. He is an authority on uncovering critical problems in electronic voting systems worldwide, including in the U.S., Finland, Estonia, and Argentina. As a consultant, he has conducted and co-authored many studies, both academic and commercial, on numerous election systems' data security and vulnerabilities. These studies have come at the request of officials, legislators and policy makers in 5 countries; including the U.S. government, at both the state and federal level. Mr. Hursti is famously known for his successful attempt to demonstrate how the Diebold Election Systems' voting machines could be hacked, ultimately altering final voting results. Hursti performed two voting machine hacking tests which became widely known as the Hursti Hacks. The Hursti Hack tests were filmed and turned into an acclaimed HBO documentary called Hacking Democracy which was nominated for an Emmy award for outstanding investigative journalism. Mr. Hursti received the EFFI Winston Smith Award in 2008 and the EFF Pioneer Award in 2009 for his work in election security.