Vermont elections chief sending mixed signals about election security

Editor’s note: This article by Bruce Parker originally published Nov. 4, 2016, on Watchdog.org.

State and federal officials are showing unprecedented concern about the potential for hacked elections in Vermont and elsewhere ahead of the presidential election.

Vermonters trust the honor system when it comes to elections, but two investigations in three weeks by the federal Department of Homeland Security, combined with a cybersecurity briefing by Vermont’s chief elections officer, indicate that government officials are worried.

On Tuesday, Secretary of State Jim Condos revealed that Homeland Security has conducted multiple investigations of Vermont’s election system.

Wikimedia Commons

HACKABLE: Vermont’s voting system is based on an optical scanning unit that has a reputation for being easy to hack through the machine’s removable memory cards.

“We have had two scans of our systems, one was two or three weeks ago, and we just had one recently,” Condos said in a live-streamed election briefing.

While Condos said his office is doing “everything possible” to protect the integrity of Vermont’s elections, he tempered his confidence with a dose of realism in an age of high-tech hackers.

“I don’t want to say it can’t be hacked, because I don’t know that for a fact,” he said.

The event was followed Thursday night by an exclusive report from NBC News that Homeland Security, in collaboration with the White House, the CIA, the National Security Agency and other elements of the Defense Department, now believe hackers may attempt to undermine the presidential election.

Among the election vulnerabilities discussed at Tuesday’s briefing were Vermont’s AccuVote-OS vote tabulators. The ballot-counting optical scanners are used in all New England states, including most towns in Vermont.

“The tabulators have a memory card, and there have been reports about a 10-years-ago video out there where a memory card was hacked into by experts within 10 minutes,” Condos said, referring to the famous “Harri Hursti” hack exposed in the Emmy-nominated HBO documentary “Hacking Democracy.”

“What happened in that particular instance was they got the hackers in a room and gave them the memory card and gave them the plan of how the thing was set up and they were able to hack into it in 10 minutes,” Condos said. He said chain-of-custody protocols in Vermont would make it difficult for people to get access to the memory cards once in the hands of city and town clerks.

In the documentary, Florida election officials watch in horror as an AccuVote-OS machine surreptitiously changes a 6-2 no vote cast on paper ballots into a 7-1 yes vote, according to the machine readouts and paper spool.

According to computer expert Harri Hursti, the malicious vote-switching code added to the machine memory card can be programmed to run during Election Day hours only, thus escaping detection by “logic and accuracy” tests conducted 10 days prior to the election.

Since the vote-switching code also escapes detection by “zero-total tape” runs typically conducted on Election Day morning, hacked machines can be detected only by conducting hand-counts of paper ballots after an election and comparing results to the machine-generated tallies.

Condos said the infamous Hursti hack is unlikely in Vermont because hackers would need access to the detachable memory cards. Chain of custody protocols followed by city and town clerks prevent anyone from getting access to the cards after they arrive from LHS Associates, the Salem, N.H.-based subcontractor responsible for all AccuVote-OS memory cards and machines across New England.

The Vermont elections chief emphasized that paper ballots are critical to auditing elections, should anyone have reason for concern.

“We always have that paper ballot to be able to go back through if there’s ever a question,” Condos said, adding that Vermont hasn’t discovered any vote discrepancies over the past decade.

In 2007, Connecticut passed Senate Bill 1311 — Public Act 07-194 — in response to troubling discrepancies between machine counts and hand counts. In 2008, Daily Kos reported suspicious discrepancies between machine counts and hand-counted ballots in the New Hampshire Democratic primary. This year, Bernie Sanders supporters also questioned the trustworthiness of the scanning machines.

Despite precautions being taken by state and federal officials, city and town clerks in Vermont have no instructions for auditing AccuVote-OS machines using hand-counts of paper ballots.

“I think we’re probably due [for an audit] either this election or next election. That’s the best I can tell you.” Montpelier City Clerk John Odum told Watchdog on Wednesday.

In September, Watchdog reported that Vermont municipal clerks didn’t know about AccuVote-OS vulnerabilities and received no guidance from the secretary of state about the risk of hacked memory cards.

Keith Pillsbury, ward clerk for Burlington’s Ward 8, says the machines are safe because they are standalone models that do not connect to the Internet or each other, a point Condos also has emphasized.

According to Pillsbury, precinct clerks and inspectors don’t have time for counting ballot results by hand. They track write-in candidates listed on paper ballots, however, and also ensure that the total number of paper ballots cast matches the number produced by AccuVote tabulators.

Asked why Burlington ward clerks and inspectors don’t audit machines on election night, Pillsbury said, “We could do that. It’s a matter of resources — basically time, and the number of workers you can get. One of our difficulties is in getting workers to work at the polls.”

Pillsbury said hand-counted audits typically don’t occur until someone demands a recount. “We’ve done that several times and the numbers have been very accurate,” he said.

After voters feed their paper ballots into the tabulators, the paper versions are kept under lock and key at City Hall for 22 months, as an added precaution against elections fraud.

“We have those paper ballots, and as I said they’re sealed and stored and protected,” Condos said. “The only time they get opened is for our audit if you request it, or it has to be court-ordered otherwise.”

Asked about states that use touch screen voting machines but no paper ballots, Condos said, “I wouldn’t trust it.”

In a September interview with Watchdog, Condos said he didn’t know who was responsible for monitoring LHS Associates, the third-party business responsible for all memory card programming across New England.

“I can’t tell you if there’s someone from the federal government that goes in and checks it — I don’t know that,” he said.

But on Tuesday he offered full confidence in the company.

“They operate not only here in Vermont, but they have New Hampshire, Maine, Massachusetts, Connecticut, pretty much all of New England. You can imagine, if you have widespread use of your equipment and there was a problem, you’d have a tough time staying in business.”

Watchdog contacted LHS Associates President Jeff Silvestro to ask if AccuVote memory cards continue to be vulnerable to malicious programming, and to report on the company’s interactions with federal security officials. Silvestro did not return our request for an interview.

AccuVote-OS machines were originally delivered to states by Premier/Diebold with funding through the Help America Vote Act of 2002. Today the optical scanners are owned by Canadian election services firm Dominion Voting Systems.

In addition to memory cards, nonpartisan election group Verified Voting cites security seals, keys and ballot box access as other known vulnerabilities for AccuVote-OS machines.

Image courtesy of Wikimedia Commons