The following guest post was written by Friend of the Blog Barb Byrum (D-Onondaga). Barb is currently serving her second term as the Ingham County Clerk. Before that, Clerk Byrum served in the Michigan House of Representatives for six years. She currently serves as the Co-Chair of the Legislative Committee of the Michigan Association of County Clerks (MACC) and also the Chairperson of the District V Region of MACC. Clerk Byrum has been awarded the national title of Certified Elections/Registration Administrator (CERA) and currently serves on the Security Task Force Subcommittee with other national members for Election Center.
Enjoy.
Up until 2015, it was illegal to even attempt to hack a voting machine (due to the Digital Millennium Copyright Act). But in 2015, the Library of Congress granted an exemption to permit good faith research to find security flaws in certain types of technology.
Last week, hackers met at the DEF CON Cyber Security Conference in Las Vegas to expose voting machines flaws and after a mere 90 minutes, they had gotten in!
One hacker was able to break into a U.S. voting machine, turn it on and off, read all of the information stored within and said he felt he could probably change some votes if the system was actually in use.
Although the election equipment used for the DEF CON experiment was old, similar equipment was used in Ingham County’s May 2017 Election, and similar equipment continues to be used around Michigan and the United States. Since 2012, I have been advocating for new election equipment in Michigan. Ingham County had been utilizing decade-old Sequoia equipment, which was (and continues to be in many locations) operated on a content management system that was determined to be unsecure.
In light of these concerns, we should examine every part of the hacks from the conference and assess the potential threats to our elections.
Election vendors can learn from the DEF CON hackers that nothing can be called “un-hackable” or “totally secure,” as a hacker would likely be able to find a way into any machine if given unrestricted access. Please keep in mind, however, that no one has unrestricted access to the election equipment on Election Day, as multiple poll workers are tasked with monitoring various points of the Election Day process. The election equipment is never unattended, and the poll workers must have two people of opposite political parties to do anything with the machines or ballots.
Michigan is unique and, arguably, more secure than other states, as our election process continues to be carried out with paper trails from the voter application, to the ballot, and even the ballot stub. Although Michigan election officials do not know how an individual voter voted, we do know who votes during each election.
Michigan utilizes County Boards of Canvassers to certify the results of each and every election. These boards are made up of an equal number of Republicans and Democrats who are charged with checking vote totals, even re-tabulate voted ballots to check validity and make certain vote totals match.
Further, Michigan has the ability to conduct hand recounts, which many counties did after the November 2016 General Election. Ingham County was one of the first to complete the 2016 Presidential Recount resulting in the same outcome.
After nearly every election, Michigan County Clerks conduct random voting precinct audits to make sure that all election procedures and protocols were followed.
Finally, I would be remiss if I did not point out the attacks on election integrity as heard from the mouth of President Trump. When a public official makes unsubstantiated claims of “rigged elections” or “voter fraud,” they put the very fabric of our Republic at risk. With uneducated claims, our President has put the public trust and the peaceful transfer of power in danger.
In Michigan, our election equipment must be certified by the Election Assistance Commission (EAC), and the Secretary of State, which many other states do not require. The Secretary of State, County and Municipal Clerks have been working to get new election equipment in Michigan for years and now it is finally coming to fruition.
If Trump’s Election Integrity Commission (EIC) really wanted to protect elections in our country, it would look to create funding sources for the purposes of updating and further securing election technology. Determining best practices and election security is something that the EAC, which until recently was facing total elimination, is already in a position to do. The EAC has identified elections systems as critical infrastructure for our nation. In fact, they just held an elections cyber security meeting last week with the Department of Homeland Security (DHS) to address these specific needs and processes associated with information sharing in elections systems. We do not need a commission using false claims of voter fraud to make it harder for eligible citizens to vote, which the EIC will likely do, we need a commission to help make elections more secure.
States should consider modeling some of their election procedures after Michigan’s. States that currently use direct-recording electronic (DRE) voting machines would not be able to conduct hand true recounts, as they are computers and as vulnerable as any other computing device.
We need to continue using paper ballots, post-election audits and bipartisan boards of canvassers to certify official election results to maintain checks and balances. Equally important, we must focus on security regulation.
As an Election Official, I stand behind my election results and know that the elections that I run are safe and secure. I encourage others to learn more and get involved in elections by serving as an election worker or county canvasser.
Rather than making claims that election machines are “un-hackable,” let’s focus on working to create secure election procedures and identify and minimize attacks and supporting organizations, like the EAC, that are doing this work nationwide.
[CC photo credit: Tom Arthur | Wikimedia Commons]