The 26th annual DEFCON conference is being held this weekend. The gathering brings together some of the most public hackers and invites them to test their skills. One of the biggest draws is the “Voting Village” which allows hackers to show off what’s possible with America’s voting technology. Yet the event is causing some unexpected controversy.
The election industry is now pushing back. Many in the industry don’t feel like the Voting Village at DEFCON represents the realistic conditions at American polling places.
“Last year, conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend, catching the attention of both senators introducing legislation and the general public,” BuzzFeed writes. “This year’s Voting Village was bigger in every way, with equipment ranging from voting machines to tabulators to smart card readers, all currently in use in the US.”
One of the most alarming hacks came from an 11-year-old from Florida. She hacked into “a replica of the Florida secretary of state’s website within 10 minutes — and changed the results,” BuzzFeed adds.
Yet these aren’t exactly real-world scenarios. ES&S is a company that makes voting equipment. The company tried to reassure their customers with an email. “Attendees [of DEFCON] will absolutely access some voting systems internal components […] Physical security measures make it extremely unlikely that an unauthorized person, or a person with malicious intent, could ever access a voting machine.”
Their expression of optimism in our nation’s “security measures” hasn’t stolen the thunder from DEFCON, though. The Voting Village is still making headlines.
“Our main concern with the approach taken by DEFCON is that it uses a pseudo environment which in no way replicates state election systems, networks, or physical security,” The National Association of Secretaries of State said, echoing ES&S’s message.
“Providing conference attendees with unlimited physical access to voting machines,” they wrote, “does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”
Matt Blaze, an election security researcher who has assisted in the implementation of the Voting Village, sees things differently. “I think the statement was misguided,” he told BuzzFeed. “It’s only through scrutiny that we’re going to have confidence in elections. That said, the fact that a system has vulnerabilities in it, even incredibly serious vulnerabilities, is not the same as saying any given election has been tampered with.”
“There’s an interesting paradox.” Blaze added. “We know these systems are wildly insecure, and there’s been precious little evidence of these vulnerabilities so far being exploited in real elections. I think we’ve been very lucky, and I think there’s a little bit of a ticking time bomb here.”
Much of what’s at stake here is public confidence. The machines can be hacked, and that erodes public confidence. After the allegations of meddling in the 2016 election, the voting public has right to show concern.
Even the story of the 11-year-old girl named Audrey has shaken up confidence. She accessed a copy of a website, and not a voting machine, but the fact that she was able to change the reported election results on the site makes people concerned.
“Basically what you’re doing is you’re taking advantage of it being not secure,” Audrey said. “It took maybe a minute or so, because I’m a fast typer,” she told BuzzFeed. “You can [subtract] points, you can do whatever you want.”
You can do whatever you want. But only in these controlled environments. At least that’s the hope of the nation, at this point.