BOSTON – Leaders of the federal agency overseeing election administration have quietly weakened a key element of proposed security standards for voting systems, raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking.
The Election Assistance Commission is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings. But ahead of a scheduled Feb. 10 ratification vote by commissioners, the EAC leadership tweaked the draft standards to remove language that stakeholders interpreted as banning wireless modems and chips from voting machines as a condition for federal certification.
The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure.
Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain.
In a Feb. 3 letter to the agency, computer scientists and voting integrity activists say the change “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems.” They demand the wireless hardware ban be restored.
“They’re trying to do an end run to avoid scrutiny by the public and Congress,” said Susan Greenhalgh, senior advisor on election security for Free Speech for People, a nonpartisan nonprofit, accusing agency leaders of bowing to industry pressure.
Seven members of the commission’s 35-member advisory board including its chair, Michael Yaki, wrote EAC leadership on Thursday to express dismay that the standards were “substantially altered” from what they approved in June. At the very least, the wrote, they deserve an explanation why the draft standards “backtracked so drastically on a critical security issue.”
Yaki said he was puzzled by the commission’s move because “the mantra adopted by pretty much the entire cyber community has been to take radios or things that can be communicated via wireless out of the equation.”
Yaki asked in the letter that the commissioners postpone the Feb. 10 vote, but he withdrew that request on Friday after hearing their explanation for the changes. But he said his concerns remain.
A modem ban is especially important because millions of Americans continue to believe former President Donald Trump’s unfounded claims that voting equipment was somehow manipulated to rob him of re-election in November, said Yaki. “You don’t want to give QAnon enthusiasts or the ‘Stop the Steal' people any reason to think that our our voting infrastructure is less than perfect.”
EAC Chair Benjamin Hovland noted that the agency relied on experts with the National Institute of Standards and Technology to help draft the guidelines. He said objections to the change should not be allowed to hold up the new rules' significant cybersecurity improvements.
The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware, Hovland said, which could hurt competition in an industry already dominated by a trio of companies. He also argued that the guidelines are voluntary, although many state laws are predicated on them.
“You have people putting their own personal agenda, putting themselves before the health of our democracy,” Hovland said, adding that elections officials are among those supporting the change. “It’s so small-sighted the way some people have been approaching this.”
Hovland stressed that the amended guidelines say all wireless capability must be disabled in voting equipment. But computer experts say that if the hardware is present, the software that activates it can be introduced. And the threat is not just from malign actors but also from the vendors and their clients, who could enable the wireless capability for maintenance purposes then forget to turn it off, leaving machines vulnerable.
Still, one member of the NIST-led technical committee, Rice University computer scientist Dan Wallach, said that while the changes came as a surprise, they don't seem “catastrophic." Objections shouldn't hold up adoption of the new guidelines, he said.
California, Colorado, New York and Texas already ban wireless modems in their voting equipment. The standards being updated, known as the Voluntary Voting System Guidelines, are used by 38 states either as a benchmark or to define some aspect of equipment testing and certification. In 12 states, voting equipment certification is fully governed by the guidelines.
In 2015, Virginia decertified and scrapped a voting machine called the WINVote after determining that it could be wirelessly accessed and manipulated.
Created to modernize voting technology following the “hanging chad” debacle in the 2000 presidential election, the Election Assistance Committee has never had much authority. That's partly because voting administration is run individually by the 50 states and territories.
But after Russian military hackers meddled in the 2016 election in Trump’s favor, the nation’s voting equipment was declared critical infrastructure and Democrats in Congress have attempted to exert greater federal control to improve security.
Republicans, however, have stymied attempts at election security reform in the Senate. While the most unreliable voting machines — touchscreens with no paper ballots to recount — have largely been scrapped, privately held equipment vendors continues to sell proprietary systems that computer scientists say remains vulnerable to hacking. Experts are pushing for universal use of hand-marked paper ballots and better audits to bolster confidence in election results.
Associated Press writer Christina A. Cassidy contributed from Atlanta.