Roll Call: Hacking an American Election Is Child’s Play, Just Ask These Kids

August 15, 2018
In The News

In March, Hawaii Democrat Rep. Tulsi Gabbardintroduced the Securing America’s Elections Act to require the use of paper ballots as backup in case of alleged election hacking. Now voting advocates are suing Georgia to do the same thing.

Some voting systems are so easy to hack a child can do it. Eleven year old Emmett Brewer hacked into a simulation of Florida’s state voting website in less than 10 minutes at the DefCon hacking conference last week in Las Vegas, according to Time

Of the approximately 50 children age 8 to 17 who took part in the Election Voting Hacking Village at DefCon, 30 were able to hack into imitation election websites within three hours, Time reported. The kids were able to rewrite vote tallies so that they totaled as much as 12 billion, and change the names of parties and candidates, according to the Guardian.

The National Association of Secretaries of State released a statement saying that the pseudo environments used in the simulation are not realistic enough to raise an issue, and that the voting machines they emulated are no longer in use.

“Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day,” the NASS said. “It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols.”

But Jake Braun, an organizer of the Election Voting Hacking Village at DefCon and a former national deputy field director on President Barack Obama’s 2008 presidential campaign who later served in the White House, said it’s possible for hackers to access the machines physically or over the internet.

“It’s not like these machines are kept in Fort Knox,” he told CNN.

This came just as Georgia secretary of state and Republican gubernatorial candidate Brian Kemp is being sued for allowing a security breach which exposed the information of millions of voters in Georgia.

In 2016, hacker Logan Lamb inadvertently downloaded the personal records of 6.3 million voters, including their full name, date of birth, driver’s license and partial Social Security number, according to WALB. The state’s election security contractor had left it open on a public website.

He notified Georgia’s Center for Election Systems, and six months later the information was still there.

The group suing Georgia is asking the state to use paper ballot backups in the upcoming midterm elections. Kemp has said that this is unnecessary, but that he does hope to update the state’s aging voting system by the 2020 election, CNN reported. Georgia is one of five states without paper trails, which make manual recounts possible when there is alleged tampering or a contested election, according to the Guardian.

"Our elections system and voting equipment remain secure. There is no evidence that Georgia’s voting system has ever been manipulated," said Candice Broce of Secretary Kemp's office.

In the state’s May primary, the Mud Creek precinct showed a voter turnout rate of 243 percent of registered voters. On Georgia’s Secretary of State’s website, Mud Creek had 276 registered voters ahead of the primary, but 670 ballots were cast.

On Aug. 2, the site was updated to 3,704 registered voters in Mud Creek, which reflected a more typical 18 percent turnout, according to McClatchy DC. This was also used as evidence of an insecure voting system in the lawsuit.

“The tough thing is that the Russians don’t have to be successful to achieve their goals. They don’t necessarily need to change the outcome or races or change voter records. What they can do is attack our systems and get us to delegitimize our own democracy,” David Beck of the Center for Election Innovation and Research told the Guardian.

Office Locations