Why Are Voting Machines so Vulnerable?

Voting machines used in three states could easily be secretly manipulated. And maybe they have been.

Here is The Week’s disturbing headline: “These voting machines are disturbingly easy to hack.”

A new study on AVS WinVote voting machines, which have been used in Virginia, Pennsylvania, and Mississippi, reveals that they “would get an F-minus” in security measures.

The machines in Virginia, which were used for more than a decade between 2002 and 2014, had passwords like “admin” and “abcde,” which could not be changed to something more secure. To make matters worse, they used Windows XP as their operating system — despite the fact that it has not had a security update in more than a decade.

In fact, anyone with relatively minimal hacking skills could have modified every vote in any machine provided they were within half a mile of it and in possession of — wait for it — “a rudimentary antenna built using a Pringles can.”

We are obviously located in the same technologically savvy space that gave us the Healthcare.gov rollout. But here is my question: How do we know some government agency didn’t “help” the makers of the AVA WinVote voting machines decide on what to use as the operating system or what passwords to encode?

After all, we have reason to suspect that the NSA worked to make the iPhone vulnerable to hackers (and, thus, to the NSA). Rather than functioning like defenders of the public and reporting security flaws, they keep them secret so they can exploit them.

So what is to stop some other group, or the NSA itself, from infiltrating these companies and influencing them to produce voting units with degraded security? Furthermore, they could also probably influence the state level decisions about which vendors to use to procure voting machines.

Have these voting machines been hacked?

We have no way to tell because the machines don’t keep a log that would reveal any interference. The Week quotes an investigator who says that, if elections with these machines weren’t hacked, it was only because no one tried to do so.