Children hack voting machines in the DEF CON voting village. Image via PBS
Dr Aim Sinpeng
“You see I am changing who the winner is in this election” an 8-year-old boy tells me while he is typing away in what looks like some alien language. Then I see the screen. Bob da Builder has suddenly won the Florida state election.
My jaw dropped. This is scary. The boy is only a few years older than my son and he can hack into a US election website to change the winner and the results. Things got scarier as I learned that some of the vulnerabilities in today’s voting machines were identified over a decade ago and are still left unchanged.
“It’s really easy [to hack the election]. I bet the Russians could do it in their sleep… It’s not that secure. I think America should work on its computer security,” says another 11-year-old girl who hacked into the mock voting website in 10 minutes.
The organizers of DefCon’s Voting Machine Village felt terrified but unsurprised by how insecure America’s election infrastructure is.
Some of the vulnerabilities found by participants of the Voting Village were embarrassingly basic. As reported by the Wire, one machine had a root password of “password” and the admin password as “pasta.”
Praise and criticism swirled around the hacking of voting machines at DefCon. Supporters appreciated the lengths to which organizers had gone to expose computer vulnerabilities at the heart of America’s democracy – the voting machines. More than a hundred election officials have attended DefCon to learn, but others have condemned the white-hat hacking. They claim the environment is nothing like the real one on election day. To make matters worse, officials worry that DefCon’s hacking will discourage voters from showing up at the polls.
It’s undeniable however that the actions of DefCon’s Voting Machine Village have had a real impact on people with the power to bring about change. For a time, there was bipartisan support to fix the broken election system. The Secure Election Act was introduced in 2017, requiring election officials to have back-up ballot papers and to conduct a post-election audit. The new bill seemed reasonable, at first, to both Republican and Democrat senators. However it has now been put on ice due to fierce opposition from election officials who bitterly complained about the lack of the funds that would be required to carry out this new mandate. Worse, some early advocates of the election security bill have now backed up – believing the bill will not go far enough in improving the security and integrity of America’s elections. In essence, it’s now dead in the water.
The American public is concerned about the security of their elections. A recent poll by the Pew Research Centre showed that fewer than 50% of Americans feel confident in their election security. Nearly 70% of Americans think it’s likely the Russians and other foreign governments will try to interfere in the mid term elections happening next week.
So there seems to be public support but no political will to change when it comes to the security of American elections. But as the organizers of the Voting Village at DefCon emphasize: money talks. Resources need to be spent to improve electoral security otherwise the Secure Election Act, if given another life, would be an unfunded mandate.