The Race to Secure Voting Tech Gets an Urgent Jumpstart

Numerous electronic voting machines used in United States elections have critical exposures that could make them vulnerable to hacking. Security experts have known that for a decade. But it wasn’t until Russia meddled in the 2016 US presidential campaigns and began probing digital voting systems that the topic took on pressing urgency. Now hackers, researchers, diplomats, and national security experts are pushing to effect real change in Washington. The latest update? It’s working, but maybe not fast enough.

On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon’s Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

“The technical community … has attempted to raise alarms about these threats for some years,” said Frederick Kempe, president and CEO of the Atlantic Council, in a panel discussion. “Recent revelations have made clear how vulnerable the very technologies we use to manage our records, cast our votes, and tally our results really are … These findings from the Voting Village are incredibly disconcerting.”

Fortunately, the past few months have seen signs of progress. The Department of Homeland Security is moving forward with its critical infrastructure designation for voting systems, which frees up resources for helping states secure their platforms. The Texas Supreme Court is currently considering a lawsuit challenging the state’s use of digital voting machines. And in Virginia, state officials are converting voting systems to use paper ballots and electronic scanners before the November 7 elections. They say the change was motivated by the findings at DefCon’s Voting Village.

Susan Greenhalgh, an elections specialist for the vote-security group Verified Voting, which worked with Virginia officials this fall, applauded the “transition into real-world change” that had transpired in just the last few months.

Virginia and Texas represent important progress, but plenty of work remains. Five states still rely solely on digital voting machines without paper backups, and at least 10 states have mixed voting infrastructure, with certain counties that use digital voting without paper. These systems are the most vulnerable to manipulation, because you can’t audit them afterward to confirm or dispute the digital vote count in the case of suspected tampering.

“The one core point that election security experts and others have been making about why our votes are safe was that the decentralized nature of our voting systems, the thousands and thousands of voting offices around the country that administer the election, is what kept us safe,” Jake Braun, a DefCon Voting Village organizer and University of Chicago researcher said. “Because Russians [or other attackers] would need to have tens of thousands of operatives go get physical access to machines to actually infiltrate the election. We now know that’s false.”

With only a handful of companies manufacturing electronic voting machines, a single compromised supply chain could impact elections across multiple states at once. The Voting Village report emphasizes that there is a huge amount of change required in the US to address security issues at every point in the election workflow, from developing more secure voting machines to sourcing trustworthy hardware, and then actually setting up voting system devices and software for use in a secure way. DefCon founder Jeff Moss says that the goal for next year’s Voting Village is to have a full election network set up so hackers can evaluate and find weaknesses in a complete system, not just individual machines.

The Department of Homeland Security recently confirmed that Russia infiltrated various election-related systems in 21 states during 2016, and access to a full voting-system setup would give security researchers additional real world insight into defending US voting infrastructure. But as was the case with acquiring real voting machines for last summer’s conference, Moss says it has been extremely difficult to gain access to the third-party proprietary systems that states use to coordinate voting.

Related Stories

  • Brian Barrett

    America’s Electronic Voting Machines Are Scarily Easy Targets

  • Lily Hay Newman

    The Simple Fix That’d Help Protect Georgia From Election Hacks

  • Andy Greenberg

    Hacked or Not, Audit This Election (And All Future Ones)

“I would love to be able to create any kind of a complete system, that’s what we’re aiming for,” he said during the panel. “The part that’s really hard to get our hands on is the backend software that ties the voting machines together to tabulate and accumulate votes, to provision voting ballots, to run the election, and to figure out a winner. And boy do we want to have a complete voting system for people to attack. There’s never been a test of a complete system—it’s just mind boggling.”

DefCon’s voting village and interdisciplinary partnerships are certainly raising awareness about election security and motivating change, but with some elections just a few weeks away and the midterms rapidly approaching, experts agree that change may not be coming quickly enough.

“We’ve got a lot to do in a short period of time,” said Douglas Lute, a former national security advisor to President George W. Bush and former US ambassador to NATO under President Barack Obama. “In my over 40 years of working on national security issues I don’t believe I’ve seen a more severe threat to American national security than the election hacking experience of 2016. Russia is not going away. This wasn’t a one shot deal.”

Tech

Ford Rethinks the F-150, Toyota Gets a New Lidar, London Battles with Uber and More Car News This Week

More than a century after the dawn of the automobile age, cars are a young person’s game again. Sure, the grey-haired bigwigs have started to catch on to the big trends—electricity, automation, connectedness—but if this week’s news is any indication, it’s the youth leading the charge. From the 22-year-old laser genius to the self-driving pioneer who fell from grace to the college kids rethinking America’s favorite ride, the kids have had a wild seven days. Let’s get you caught up.

Headlines

Stories you might have missed from WIRED this week

  • If you’ve followed the world of self-driving cars in the past decade chances are you’ve heard of Anthony Levandowski. He’s had a wild ride in recent years, building a self-driving motorcycle, helping launch Google’s autonomy project, and now, getting caught in the center of a barnstormer of a lawsuit between Google and Uber. With that trial just a few weeks away Mark Harris at WIRED’s sister publication Backchannel wrote a captivating profile of Levandowski—including his foundation of a religious organization dedicated to artificially intelligent robots.

  • Looking for a life that hasn’t been derailed by a vicious lawsuit and the specter of criminal charges? I spent some time with Austin Russell, the 22-year-old founder and CEO of Luminar. After dropping out of Stanford at 17, Russell spent five years rebuilding the lidar laser sensors widely considered critical for fully driverless, and just sold a bunch of the things to Toyota.

  • Ford is worried about the vitality of its sacred cash cow, the F-150, Jack reports. To stay relevant, it has turned to a crew of students to rethink its next generation of pickups for an age of autonomy and electricity. The design competition will run until December, and we’ll have more to report when we see what the kids think of the future.

  • Meanwhile, Ford’s established (i.e., professional) designers are learning new tricks, Eric Adams tells us. The automaker has started using Microsoft Hololens augmented reality goggles to make car creation faster, easier, and way cooler.

  • Across the pond, London is fighting back against the youthful revolutionaries, refusing to extend Uber’s license to operate on its streets. A legal battle looms, but whatever the outcome, Aarian says, London makes clear that old fogeys can erect their own barricades.

Across the other pond, Gogoro is expanding its service to Japan. This isn’t just about some cool electric scooters. I break down how the company thinks it can change way more than transportation.

Pivot of the Week

Aston Martin

Old-timer Aston Martin has had a good couple of years, pumping out fresh offerings like the DB11 and Vanquish Volante S. This week, it introduced a different kind of vehicle. A submarine. It’s called Project Neptune, and it will be a certainly swanky, limited production submersible that definitely won’t be used by fleeing rich people when the FBI swarms their yachts.

Required Reading

News from elsewhere on the internet

  • More than two years after showing off the world’s first self-driving semi, Daimler has announced plans to test platooning tech on US roads, Reuters reports. Instead of one truck driving itself, platooning involves a fleet of vehicles driving very closely together with the help of automatic and connected controls, to cut wind resistance and save on fuel. Down the road, you could even leave just the one human in the lead vehicle, to add salary savings to the pile.

  • If the autonomous vehicle industry is a party, Lyft is that dude who somehow gets along with everybody. Uber’s arch-rival has already set up partnerships with General Motors, Waymo, Land Rover, and startups Nutonomy and Drive.ai. Now, per The New York Times, Ford is among the folks working to deploy robocars via Lyft’s ridehailing network.

  • A minor mystery in the auto world is why Toyota, after making the world’s first popular hybrid (the Prius), didn’t capitalize on its technological lead to surge into fully electric cars. Another riddle: Why Mazda is still tinkering with things like archaic, famously dirty rotary engine, and insists it can wring diesel-like power from gasoline engines. Whatever the answers, the Japanese automakers have now joined forces to catch up with the electric current. The Verge reports Toyota and Mazda, along with supplier Denso, have formed a new venture called EV Common Architecture Spirit Co Ltd., to develop battery-powered rides.

  • Wanna know the real reason automakers are ramping up their electric efforts? It’s because regulators around the world—prodded by revelations of Volkswagen’s dirty diesels and the Paris climate accord—are making plans to ban sales of gasoline- and diesel-powered cars. China, the world’s largest market, is leading that charge. This week, it ratcheted up its demands that automakers selling vehicles in the country produce electrics. “China has triggered the worldwide electric car festival,” one analyst told The Wall Street Journal.

In the Rearview

Essential stories from WIRED’s canon.

Interested in Anthony Levandowski’s glory days? Douglas McCray’s 2004 reporting from the first Darpa Grand Challenge introduces the engineer when he was just a Berkeley grad student with the wild idea of building a motorcycle that could drive itself across the desert.

Tech

Canada Finally Gets Cloud Hosting Solution It Deserves with Launch of AURO

Canada Finally Gets Cloud Hosting Solution It Deserves with Launch of AURO
Canadians have been waiting a long time for an open-source cloud infrastructure platform that keeps data safe and secure within our nation's borders. AURO could finally be that solution. AURO is a public cloud that is 100% Canadian-owned and -operated.
Read more on Techvibes (blog)

What to Expect When Rackspace Hosting, Inc. Reports Third-Quarter Earnings
The thesis for investing in Rackspace hinges on the idea that customers will pay up for higher levels of service and support in a cloud-hosted server the company owns, operates, and most importantly, optimizes. Growing revenue per server is one of the …
Read more on Motley Fool