The release of the Mueller report and a recent NPR analysis shows some voter election machines and software were compromised during the 2016 election. How vulnerable are the voting systems in Wasatch and Summit Counties? Are there opportunities for hackers to infiltrate and affect election outcomes here in Utah?
Page 59 of the Mueller report states that in 2016, GRU, the Russian military intelligence agency, hacked into voting systems via spearfishing emails sent to personnel who were employed with voting tech companies. They were able to install malware and tamper with voter registration rolls. The company name was redacted, but an NPR report says the company is Florida-based VR Systems, which makes voter registration equipment.
Summit County Clerk Kent Jones says the state selected Omaha-based Election Systems and Software (ESS) as the state vendor for equipment, training and voting policy. He says subverting the voting system isn’t possible because the mail-in system and the touch-screen machines are never connected to the internet.
However, voter registration information is kept on a database. Justin Lee, Director of Elections with the Lt. Governor’s office, says the database was developed in house, and the state requires clerks and other election workers who use it to go through yearly security training. They also conduct exercises to test the data base system for vulnerability.
“Just like any data base, it doesn’t matter how good your security system is if you give someone the keys. So, if, you know, a spear phishing campaign or an attempt were to come through and County election officials for example were to give out their passwords, then certainly that's a vulnerability.
Jones says even if the voter registration database is tampered with, and names are removed from rolls they still have time to correct issues and ensure everyone gets a ballot.
“Where we send out ballots three weeks in advance, if somebody calls up and says hey, we didn't get a ballot we can go right to our system and we can tell if it was mailed what day it was mailed, what address it was mailed to. If nothings there, we would know it. Voter registrations are separate systems than the count."
Wasatch County Clerk Calvin Griffiths has a background working with the county in IT for the past 15 years.
“The logistics and testing of the machine to make sure, one, that they're working properly and that the date and time and all that is set correctly and the computer system that we use never touches the internet at all. So, there's no way for any viruses or malware coming in on those systems to affect the elections at all.”
Most Wasatch and Summit County voters use the mail-in ballot, but for those who do not, the touch-screen machines are equipped with paper back up. Griffiths explains.
“The new machines, they don’t even have the election information on there at all. They put in a blank piece of paper. They do their voting on that machine and then it prints it out on the paper. And then they put that into a counter that counts their ballots and that's always all under lock and key.”
Once the county collects all the votes from mail-in and touch-screen machines, they use a non-web-based counting machine to tally votes. Then, the data is submitted to the Lieutenant Governor’s office through the internet. Lee says there are times where a counting system may have a glitch, but he says they’ll hear about it.
You know, we post something on line and it's vastly different than what the clerks are seeing you know from their machine, then we know we've got an issue somewhere.”
Some members of Congress have criticized that elections are supervised by state and local officials, but most systems and equipment are from the private sector. The NPR reports that it’s usually private companies that are counting votes and managing registration data bases. The concern is that there is a reluctance to be transparent when breaches occur.
Find the link https://www.npr.org/2017/06/20/533637643/despite-nsa-claim-election-vendor-denies-system-was-compromised-in-hack-attempt to the NPR report filed by Pam Fessler on KPCW.org.
