Posted on July 15, 2019 at 3:16 PM
U.S. Election Systems in Danger Once More: Their Software Can Be Abused by Hackers
The dangers of hacker involvement in the U.S. elections of 2020 are one of the hottest topics today, as many still remember the incidents from the last one. This time, however, the authorities plan to take special precautions to prevent hackers from meddling. Last April, the top election official stated that counties need to improve their security, and over 60% of them already did it, spending as much as $14.5 million in the process.
However, the problem lies in the fact that the core software is still quite old and outdated, and hackers might still find a way to impact the elections. The majority of election jurisdictions across the nation still use Windows 7, with some of them using some even older OS for creating ballots, programming voting machines, tally votes, report counts, and alike.
This is a problem, as Microsoft announced that Windows 7 would stop receiving support and updates on January 14th, meaning that all remaining vulnerabilities will remain, making them ready to be exploited by bad agents. However, with the current situation, the tech giant decided to change its decision, and continue offering security updates for the older system until 2023, but for a certain fee.
The US voting system still remains vulnerable
The situation has already been heavily criticized, with many saying that this is what happens when private firms get to decide how to secure election systems will be. There is also a clear lack of federal requirements, not to mention oversight. However, many among the state officials also say that they are wary of the federal involvement in elections, be they on a state or local level.
For now, it remains unclear who would pay the expenses of security updates, vendors or different jurisdictions. It is also unknown whether election systems on Windows 10 can be certified and released in time. It would certainly help, as they have numerous additional security features when compared to older versions of the Windows OS.
Election security expert and a professor at the University of Michigan, J. Alex Halderman, stated that this is a very concerning situation. According to him, the entire country is risking to make the same mistakes that were already seen over and over throughout the last decade, or longer. The end of support for Windows 7 would affect numerous countries, such as Florida, Pennsylvania, Arizona, Iowa, Wisconsin, Indiana, North Carolina, and others. Even Michigan itself would be affected.
Executive director for the election integrity advocacy organization Coalition for Good Governance, Marilyn Marks, called the situation a bad joke. Her group even decided to start a lawsuit against Georgia to force the state to abandon the paperless voting machines. They demanded that the state moves to a more secure system, and as a result, the state adopted a Windows 7-based system.
Marks noted that the group would take the state to court once again if they do adopt the system,
Two out of the three biggest election system providers use Windows 7
The US election system is currently dominated by three firms: Election Systems and Software LLC, Dominion Voting Systems, Inc., and Hart InterCivic, Inc. Their systems make up 92% of all election systems in the United States, and all of them are working to become providers for states that are just now receiving federal funds for upgrading their voting systems. Out of the three of them, Dominion is the only one whose systems are not affected by the Windows software problem. However, there is another issue, which lies in the fact that their election systems are acquired for companies that no longer exist, and they themselves may run on old operating systems.
Hart uses a Windows version that will lose support only a few weeks prior to the elections, on October 13th, 2020. ES&S plans to move to Windows 10 by the fall of 2019, according to one of their statements. Supposedly, they are testing the system right now. As for those jurisdictions that already bought systems that are using ES&S’ Windows 7 version, the company says that it will collaborate with Microsoft in order to continue providing support until jurisdictions can shift to newer systems.
Meanwhile, the country’s officials remain concerned that Russia might try to interfere with the elections once more, and that countries like China and potentially other nations might pose a major threat as well.
Using Microsoft’s current systems should provide greater security, as the company patches it on a monthly basis. This is why hackers find it much easier to hack older systems, which was witnessed in multiple global attacks in the last several years. Most people can simply update to Windows 10 once Windows 7 stops receiving support, but the situation is not as easy for election systems.
Hart and ES&S do not even have federally-certified Windows 10-based systems, and getting them certified will be a lengthy and expensive process. ES&S has supposedly already started testing a new system, but it remains unknown how long the firm will take to complete the process, gain certification, and release the updates. Meanwhile, primaries for the election are starting in only a little more than half a year, in February 2020.
Then, there are issues such as insufficient resources, which are always a problem with election administrators. Even so, some counties in Delaware, South Carolina, and South Dakota have bought election systems, while many are still evaluating whether or not to purchase. While election systems should not even have a connection to the internet, there are many stages of the election process that requires information transfer, which is likely where the attackers might find their way in.
The fact is that officials rely on companies to create secure election systems, and on states to enforce high standards. Neither appears to be the case, and all that the country is left with is a false sense of security.