How secure is your vote?

With the 2020 campaign season in full swing, and concerns that election results could be compromised, Straus News undertook an extensive review of what voting machines are in use in our communities and talked with local election officials and cyber security experts to hear their views.

At an August gathering of cyber security experts and hackers, called DEFCON Voting Village, attendees spent two and a half days exploring and exploiting the vulnerabilities of voting machines.

The report of their findings, released Sept. 26, revealed that the voting machines currently in use in Sussex, Pike and Orange counties are hackable.

Marge McCabe’s stance when it comes to the voting machines used in Sussex County is if it ain’t broke, don’t fix it. As the Board of Elections Administrator, McCabe said the county has been using the same machines for the past 18 years.

“It’s my opinion that if something is working well, you don’t change it,” she said. “Our machines are still working well.”

The machines in question are iVotronic direct-recording electronic machines, made by Election Systems & Software (ES&S).

With iVotronic machines, voters make their choices on a touchscreen which records and tabulate votes in the machines’ internal memory.

While acknowledging that electronic machines have fallen out of favor because of hacking concerns, McCabe said that the ones used in Sussex are stand-alone machines and are not connected to each other or to the internet.

“I think there’s a lot of misinformation out there,” she said. “We test an election to such an extreme that we know, without a shadow of a doubt, that those machines are tabulating correctly. We test tens of thousands of ballots to make sure that the data we put in is the data that comes out.”

“Whatever happens, we have a process that deals with it because voter confidence is our number one goal,” she said. “I think we really bend over backwards to make sure that our voters are confident when they go into a booth.”

ES&S, the company that makes the machines stopped making them several years ago, although it continues to service and support them, according to Katina Granger, public relations manager for the company.

“ES&S no longer manufactures and sells paperless voting equipment as a primary voting device,” Granger said. “Our current line of voting systems produces a voter-verifiable paper trail which jurisdictions can use to perform post-election audits.”

This year’s report from Voting Village, as well as its report from 2017, cited vulnerabilities of the iVotronic, used in Sussex County and the Dominion Voting Systems’ ImageCast Precinct used by both Pike and Orange counties.

Pike County’s new voting machines were rolled out just in time for this year’s May 21 primary election, making Pike one of only a few Pennsylvania counties to meet the state-wide mandate to upgrade early, according to Pike County Director of Elections Nadeen Manzoni.

Manzoni said the county’s new ImageCast Precinct machines combine voter-marked paper ballots with an optical scanner that tabulates the votes.

At the DEFCON convention, attendees working on the ImageCast Precinct said that, by bringing a simple screwdriver and a CF card into the voting area, an attacker could use the screwdriver to access the machine’s intended CF card and swap it with their own card, allowing them to boot a different operating system and take control of the machine.

To illustrate their point, attendees reported they were able to boot a different operating system on the machine and play video games, including the popular game “Pong.”

In Orange County, a voter-verifiable paper trail has been the norm since 2005, according to Board of Elections Commissioner Louise Vandemark.

Vandemark said Orange County also uses the ImageCast Precinct machines and that she thinks voter-marked paper ballots contribute to a sense of confidence in the results.

“The process is much more secure this way,” she said. “After every election we do a random audit to make sure that the machine has read the ballots properly.”

“Most people were pleased,” Manzoni said of voter reaction. “They liked the fact that we had the paper record of their vote on hand that we can use to audit the results if we had to.”

“My confidence level in the old machines was 100 percent,” she said. “I know that they were given a bad rap with hacking, but they’re stand-alone inside the polling place and the only way to hack into those machines and be able to program it to flip votes or alter the result in any way was to physically break in.”

The old machines had no wireless capabilities, Manzoni said, which made hacking into them remotely an unlikely scenario.

New Jersey Republican State Committeeman, Don Katz, who serves on his county’s Board of Elections, said that most counties in New Jersey use electronic touchscreen voting machines.

“There’s a lot of pressure towards new machines because of security,” he said. “Whether it’s justified or not, there’s enough yelling and screaming that it’s happening.”

According to Katz, the likelihood of foreign actors hacking into voting machines to change the outcome of an election seems farfetched.

“I mean, I can’t say that if enough people are bribed that they can’t undo the programs that are downloaded onto each machine, but that posits a major conspiracy that involves any number of different election officials in different offices,” he said. “It’s extremely unlikely.”

There are a number of security measures in place in the state to safeguard the integrity of voting machines, Katz said.

Don’t get him wrong: Katz has no problem with voter-verifiable paper trail backups on electronic machines.

While the old electronic machines performed accurately during previous years in Pike County, Manzoni said, there’s something to be said for having a paper trail that can be audited post-election.

“We can actually prove now that the results are accurate because we have that paper ballot written in the voter’s own hand that we can then compare to the electronic results,” she said. “And that’s something that we didn’t have before.”

CLICK HERE to see the interactive map