Leak of voting machine files undermines fair and free elections
It’s more than troubling that keys to election software have been handed to untrained individuals who may not have, shall we say, the best motives.
Experienced lawyers talk about the folly of allowing “fishing expeditions” — giving a flailing opposition mounds of information they can sift through for something they can imply supports their arguments.
Yet now a collection of election deniers, conspiracy-mongers and right-wing commentators has landed a big one in a fishing expedition, according to the Washington Post, by getting their hands on sensitive election system files.
At this point, it’s not clear hackers could use that information to change the outcome of future elections. But some opponents of free and fair elections undoubtedly will be looking through those files to find something they can misconstrue as election rigging. By doing so, they can further their efforts to subvert future elections by undermining confidence in the voting process.
The data files were obtained from election systems in Coffee County, Georgia and Antrim County, Michigan. Former President Donald Trump’s attorney Sidney Powell reportedly helped coordinate the effort in January 2021. A Georgia computer forensics firm, the Post reported, placed the files on a server, from which they were downloaded dozens of times. Once in the cybersphere, they may have been copied many times beyond that — possibly making the type of machines used in Georgia and Michigan more vulnerable everywhere.
According to the Post, the files already have already fallen into the hands of a “Texas meteorologist who has appeared on Sean Hannity’s radio show; a podcaster who suggested political enemies should be executed; a former pro surfer who pushed disproven theories that the 2020 election was manipulated; and a self-described former ‘seduction and pickup coach’ who claims to also have been a hacker.”
Leaked voting machine files from Antrim County also were distributed last August at a cyber symposium in South Dakota, even though they were under a protective order by a Michigan court, Douglas W. Jones, emeritus associate professor of computer science at the University of Iowa, told us. So was voting machine data stolen from Mesa County, Colorado, he said.
“Aside from demonstrating the basic lawlessness of the people involved, these three releases of code and system images from voting machines do pose a threat,” Jones emailed. “ ... These leaks are worse than simply leaks of the code, because the system images leaked include not only code but also cryptographic keys.”
Using those files to change election results won’t necessarily be easy, election authorities told us. Not only does the United States have a decentralized voting system with some 8,000 election jurisdictions, those jurisdictions themselves can be decentralized down to the precinct level. Although voting machines are computers, and therefore vulnerable to hacking, they are secured when they are transported or stored. A hacker can’t go on the internet and gain access to them. But in the Mesa County case, the county clerk allowed an unauthorized person into a secure facility storing county’s election equipment software, compromising the equipment.
Most of the nation has converted to ballots that are hand-marked by voters or voting machines that print out backup paper ballots. Those paper ballots can be hand-counted, if there is reason to doubt the software tabulation, which will give an accurate result in a recount.
In Cook County, election authorities routinely run post-election audits, in which a statistical sampling of paper ballots is compared with results tabulated by voting machines to make sure the results match. But a third of the states don’t do routine audits, and among those that do, some do them better than others. All election jurisdictions should do effective audits after each election.
Even with those guard rails, it’s more than troubling that keys to election software have been made available to untrained individuals who may not have, shall we say, the best motives. Who knows what kinds of claims they will make in an effort to undermine elections they don’t win, now that they have this information? Who knows how much those claims will resonate among the electorate? Who knows if hackers will find voting machine vulnerabilities that let them make a difference in swing states?
As it is, an ABC/Ipsos poll in January found that only 20% of respondents were “very confident” of the U.S. election system’s integrity. In an NBC News poll released Aug. 21, respondents listed “threats to democracy” as the No. 1 issue facing America.
Voters can do their part by rejecting candidates who deny the legitimacy of the 2020 presidential election. In battleground states, some two-thirds of GOP nominees on the November ballot for state and federal offices with authority over elections are election deniers.
America’s voting system has been under constant assault from Trump and his allies for years, as they seek to sow doubt for their own purposes. The leak of sensitive voting machine files imperils the public’s acceptance of future voting results.
It’s democracy that may wind up caught on the hook. America needs to prevent that.
The Sun-Times welcomes letters to the editor and op-eds. See our guidelines.