LOS ANGELES – A new voting system in Los Angeles County is about to super-charge a debate about the balance between the cybersecurity of election systems and accessibility for people with disabilities.
The L.A. system, which was custom-built over roughly a decade for $250 million, is a ballot-marking device (BMD), which means a machine marks the votes rather than the voter marking them directly. That makes it far more accessible for people with disabilities but also worries some cybersecurity hawks who say voters are unlikely to verify everything is entered correctly on those computer-marked ballots – leaving room for a hacker to change votes and maybe alter the outcome of a tight race, as I reported yesterday.
They also argue that the danger of hacking simply grows greater when more technology is involved in any process, so the technology required to vote should be limited as much as possible.
Those hawks generally acknowledge BMDs are necessary for people with disabilities but say everyone else should use hand-marked paper ballots.
“The experts are clear that hand-marked ballots are the safest way for most voters to vote,” Sen. Ron Wyden (D-Ore.), one of the Senate’s main security hawks, told me. Wyden has sponsored a bill that would mandate hand-marked paper ballots for most voters but allocate $250 million to buy secure BMDs for people with disabilities.
BMD supporters, however, say it’s unfair to have one voting system for people with disabilities and another system for everyone else.
“Those who are saying that BMDs should be limited to only people with disabilities, I think that’s a flawed premise from the start,” L.A. County Registrar Dean Logan said. “It creates a separate but equal type of scenario.”
The plan is for the machines to be piloted at some voting locations during local elections in November and then to be used by all voters for the first time in primaries on March 3, 2020.
Logan, who’s led development of the L.A. County voting system since its inception in 2009, also argued that BMDs can be as secure as hand-marked ballots – which, like BMD ballots, are tabulated by machines, so not invulnerable to hacking – providing the right safeguards are in place.
When I visited his office last week, he rattled off a list of digital safeguards for the machines – including numerous rounds of cybersecurity testing, procedures to ensure the machines are air-gapped (that is, isolated from other networks) and physical protections when the machines are stored and transported to and from polling locations.
The new voting machines are part of a wholesale restructuring of L.A. County voting, which includes replacing about 5,000 polling locations, where only people from that neighborhood can vote on Election Day, with about 1,000 “voting centers” where anyone in the county can vote and that are open for 11 days before the election.
In order for those voting centers to all be able to serve voters with and without disabilities and in L.A.’s 13 most common languages, mixing hand-marked ballots and BMDs wasn’t feasible, Logan told me.
So far, BMD skeptics have focused most of their attention on Georgia, which recently signed a statewide contract for ballot-marking devices that was marred by accusations of undue influence by voting machine companies. The contract came just six months after a hotly contested governor’s race between Democrat Stacey Abrams and Republican Brian Kemp, who was then the state’s top election official but refused to recuse himself from overseeing the vote.
The L.A. system is sure to spark concern, though, simply because of its scope.
L.A. County is by far the most populous local voting jurisdiction in the country and has more registered voters than 42 of the 50 states. The county routinely spends tens of millions of dollars on each national election and generates so many ballots on election night that it has to borrow six to eight Los Angeles County sheriff’s office helicopters to ferry them back and forth to its secure tabulating facility in Norwalk, about 12 miles northwest of Disneyland.
And the system could spread even farther because L.A. plans to offer its software up for free to other jurisdictions that are looking for an option outside the tiny cadre of voting system vendors – three of whom control more than 90 percent of the market.
That process, called “open-sourcing” the software, is common among tech companies but unheard of among the major election system vendors. Most cybersecurity experts say it makes software code more secure because it can be vetted for bugs by anyone who looks at it rather than just by the company that created it.
Some advocates for open source election systems are concerned, though, that L.A. County hasn’t actually released its code yet – and plans to release it only to some vetted groups, not to the public at large.
Logan told me the county is going slow on open sourcing the code to be sure it isn’t violating any state rules or regulations. The county plans to focus more heavily on that process after its system is certified by the California secretary of state’s office, which is happening now, Logan said. But he couldn’t guarantee it will be released before the November 2020 elections.
Logan added he’s wary of making the code completely public out of concern people without cybersecurity expertise will claim they’ve found bugs that don’t exist and artificially drive down confidence in the election's security.
But not releasing the code to the broader public would undermine some of the value of an open source system, Edward Perez, global director of technology development at the OSET Institute, a nonprofit focused on open source election technology, told me.
“The release of the source code and the ability of a community to transparently see what's in there is really central to what has always been regarded as the value of open source technology. Until that happens…we’re not across the finish line,” said Perez, who was formerly an executive at Hart InterCivic, one of the largest voting machine companies.
Perez is among the skeptics of the idea that BMDs should be widely used, though he praised L.A. County for working closely with voters and trying to be as broadly accessible as possible.
“For the vast majority of voters and for a voting model writ large, hand-mark paper ballots are preferable from a security standpoint,” Perez told me. “Having said that, I also really firmly believe there is a danger that the idea of hand-marked paper ballots can be taken too far insofar as there's not adequate attention paid to the need to also have accessible voting devices...for voters that have disabilities.”
To readers: The Cybersecurity 202 will publish on Tuesday, Wednesday and Thursday this week and will take a break the week of Aug. 26 before returning full time in September.
PINGED: A thriving black market for personal, financial and medical data has put “poorly secured” U.S. medical organizations at high risk of hacking, according to a new report from cybersecurity firm FireEye. Between October 2018 and the end of March 2019, researchers observed “multiple healthcare associated databases” for sale on underground forums, sometimes months and years after a breach had occurred. Some data sets, which included U.S. driver licenses and other personal information, sold for as low as $2,000.
Researchers also pointed to the threat of foreign spies seeking research data, especially from groups focused on cancer-related research. While less common than financially motivated attacks, even “moderately frequent espionage activity targeting the healthcare sector can have a noteworthy impact” according to researchers. The researchers found China, Russia, and Vietnam-affiliated hackers targeting medical data.
PATCHED: As cities increasingly use sensors and surveillance technology to track everything from air quality to traffic jams, officials are taking a more serious look at how to protect that data from hackers, the Wall Street Journal’s James Rundle reports. Of top concern are threats from nation states and terrorists.
Mitigating risks starts with limiting what data is collected and limiting the amount of personally identifiable information like names or license plates that gets included, James reports. Cities including Portland and New York have introduced strict policies for how data is stored and destroyed. For instance, in Portland video footage of vehicle and pedestrian movement is converted into anonymized data and the footage itself is destroyed.
“We don’t want to be storing information that potentially could be used to identify where people are at a particular place,” Kevin Martin, program manager for Portland’s urban-technology initiative told James.
PWNED: Movie ticket subscription service MoviePass left the account numbers and, in some cases, credit card information of tens of thousands of users exposed online, according to new research confirmed by TechCrunch's Zack Whittaker. The data, which was exposed for an undetermined amount of time, also included email addresses and customer card numbers.
While TechCrunch could not determine the exact number of credit cards exposed, Whittaker notes "we found records with enough information to make fraudulent card purchases."
MoviePass took the database, which was not password protected or encrypted, offline after TechCrunch flagged the exposure. The company did not answer questions posed by TechCrunch about how long the information had been exposed online and whether the company would disclose the breach to regulators or customers.
— Cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
— Cybersecurity news from abroad: