2021-02-05 19:53:01 –
Boston (AP) —Federal agency leaders overseeing election administration quietly undermine key elements of the draft security standards for voting systems, and among voting integration experts, many of such systems Raises concerns that it remains vulnerable to hacking.
The Election Support Commission is ready to approve the new security standards for the first time in 15 years after a difficult process involving multiple technology and election community groups and hearings. However, prior to the commissioner’s scheduled ratification vote on February 10, EAC leadership to remove wording interpreted by stakeholders to ban wireless modems and chips from voting machines as a condition of federal certification. Fine-tuned the draft standard.
According to computer security experts and activists, the presence of such wireless hardware alone poses an unnecessary risk of tampering with data and programs on the election system.
Government leaders argue that, overall, the revised guidelines represent a major security improvement. They can leave the wireless hardware in place, but emphasize that the rules require manufacturers to disable the wireless features that exist on any machine.
In a February 3 letter to the agency, computer scientists and voting integrity activists said the change “significantly weakened the security of the voting system and provided a very realistic opportunity to remotely attack the election system. Will bring. ” They are demanding that the ban on wireless hardware be restored.
Susan Greenhal, senior adviser on election security for the independent nonprofit FreeSpeech for People, accused government leaders of succumbing to industry pressure: “They avoid public and parliamentary oversight. I’m trying to do an end run for that. “
Seven members of the committee’s 35 advisory board, including chairman Michael Yaki, wrote EAC leadership and were disappointed that the standards were “significantly changed” from what they approved in June. Expressed. They called for a postponement of the February 10 vote. At the very least, they are worth explaining why the draft standard “retreated so much about serious security issues.”
Mr Yaki said he was confused by the committee’s move. “The mantra adopted by the entire cyber community was to remove from the equation what could be wireless or wirelessly communicated.”
Modem bans are especially important as millions of Americans continue to believe in former President Donald Trump’s unfounded claim that voting equipment was somehow manipulated to rob re-election in November. is. “I don’t want to give QAnon enthusiasts and” Stop the Steal “people a reason to think that our voting infrastructure isn’t perfect. “
Benjamin Hovland, EAC Chair, said he relied on experts from the National Institute of Standards and Technology to assist in drafting the guidelines. He said objections to the change should not be allowed to prevent significant cybersecurity improvements in the new rules.
The ban on wireless hardware in voting machines will force vendors currently building systems using off-the-shelf components to rely on more expensive custom-built hardware, Hovland said. I will. He also argued that the guidelines are voluntary, although many state laws are based on them.
“You have people who put themselves in front of the soundness of our democracy and put their own personal agenda,” Hoblan said, and the electoral authorities are among those who support change. I added that there is. “This is very uncertain how some people are approaching this.”
Hovland emphasized that the revised guidelines state that voting devices should disable all wireless features. However, computer experts say that if hardware exists, you can deploy software that activates it. In addition, threats come not only from malicious attackers, but also from vendors and their clients. Vendors and their clients can enable the wireless feature for maintenance purposes and forget to turn it off, leaving the machine vulnerable.
Still, Dan Wallach, a computer scientist at Rice University, one of the members of the NIST-led technical committee, said the change was surprising, but not “catastrophic.” He said the objection should not prevent the adoption of the new guidelines.
California, Colorado, New York and Texas have already banned wireless modems on voting devices. The updating standard, known as the Voluntary Voting System Guidelines, is used in 38 states as a benchmark or to define some aspects of equipment testing and certification. In 12 states, voting equipment certification is fully compliant with the guidelines.
In 2015, Virginia deauthorized and abandoned a voting machine called WIN Vote after determining that it could be accessed and operated wirelessly.
The Election Assistance Commission, created to modernize voting skills following the “hanging Chad” blunder in the 2000 presidential election, has not had much authority so far. This is because voting management is run separately by 50 states and territories.
However, after Russian military hackers interfered in the 2016 elections in favor of Trump, the country’s voting system was declared as an important infrastructure, and Congressional Democrats took greater federal control to improve security. I tried to exercise.
However, Republicans are blocking attempts to reform election security in the Senate. The least reliable ballots (touch screens without paper ballots) are mostly scrapped, but privately owned equipment vendors have their own system that computer scientists say remains vulnerable to hacking. Continues to sell. Experts are promoting the universal use of handwritten paper ballots and better auditing to increase confidence in election results.
Associated Press writer Christina A. Cassidy contributed from Atlanta.
Activists complain of weakened voting security standard – Twin Cities Source link Activists complain of weakened voting security standard – Twin Cities