Over the weekend, hackers gathered at a Las Vegas conference and uncovered several vulnerabilities in election machines, raising concerns just as the U.S. Election Assistance Commission (EAC) confirmed that the voting systems slated for use in November haven’t been rigorously tested by third parties. This revelation adds to the growing unease about the integrity of election equipment, particularly as states like Georgia plan to use outdated machines for the upcoming presidential election.
During the annual DEF CON hacker conference, participants successfully breached various types of election equipment, including voting machines, e-pollbooks, and ballot tabulators. According to reports from Politico, numerous vulnerabilities were found across these devices, with some being long-standing issues that have yet to be addressed. Harri Hursti, co-founder of DEF CON’s Voting Village, noted that the vulnerabilities were extensive, stating that hackers found “multiple pages” worth of security flaws. Hursti warned that if these vulnerabilities could be found in a matter of days at a conference, it would be naive to assume foreign adversaries haven’t already exploited them.
One particularly concerning case is Georgia, where outdated Dominion voting machines have had known vulnerabilities for years. A report detailing these issues was finally made public in June 2023, nearly two years after it was first documented. Despite this, Georgia officials have decided not to update the machines until after the 2024 elections, citing logistical and risk management concerns. Gabriel Sterling, the Chief Operating Officer for the Georgia Secretary of State’s office, defended the decision by stating that rushing to implement untested software could lead to even greater issues.
Meanwhile, the EAC has acknowledged that it lacks a standardized process for third-party vulnerability testing of election equipment, something that has become increasingly alarming given the DEF CON findings. EAC Vice Chair Donald Palmer admitted that states like Georgia are struggling to update their systems due to a lack of resources, further complicating efforts to secure the upcoming election. Palmer mentioned that while the EAC does conduct penetration testing on voting systems seeking certification, this process doesn’t necessarily catch every potential vulnerability.
Phill Kline, director of the Amistad Project and former Kansas attorney general, expressed deep concerns over the situation, pointing out that local election officials often lack the legal authority and technical expertise to ensure these vulnerabilities are addressed. Kline argued that while the adoption of voting machines was intended to resolve the transparency issues highlighted by the 2000 Bush v. Gore election, it has, in fact, made elections less transparent and more susceptible to manipulation.
As the November election approaches, these revelations are likely to fuel further debate and distrust in the electoral process. With known vulnerabilities left unaddressed and a lack of comprehensive testing, the integrity of the voting systems remains in question, leaving voters wondering whether their ballots will be counted accurately.