Smartphones or pen and paper? Cybersecurity experts split on tech in voting
LAS VEGAS — Some of the brightest minds in cybersecurity want the U.S. voting system to embrace technology. Others want to keep tech as far away as possible.
Election hacking was one of the main themes at Black Hat, a conference in Las Vegas this week that brought together thousands of ethical hackers to discuss cybersecurity threats and solutions.
Most cybersecurity experts at the conference fell into one of two camps. In the first are those who believe that the only way to make sure votes are not tampered with is to keep technology as far away as possible. They recommend using paper and pen until the U.S. government steps in with a unified policy.
“I think we should be thinking hard about analog elections until we get that digital policy,” said Nate Fick, CEO of the security company Endgame.
Fick’s company is in charge of securing what are known in the cybersecurity world as “endpoints” — laptops, workstations and anything else that connects to a network. Voting machines are also endpoints. While Fick said Endgame theoretically could help secure voting machines, he believes “there is no perfect defense” when it comes to safeguarding elections.
“I don’t think government policy is sufficiently well-developed right now to protect our elections, bottom line, so relying on digital election infrastructure before we have the government policy in place to safeguard it is asking for trouble,” he said.
The other camp sees things differently. With advances in technology that can help verify identity and location, they argue U.S. elections could be drastically improved.
Robert Herjavec, CEO of the Herjavec Group, a cybersecurity product and service provider, was asked if technology should be kept away from voting. “Yes,” he joked, “and we should get rid of cars and bring back the horse and buggy.”
The camps tend to agree, however, that election security remains a serious issue. As conferencegoers roamed around the casinos of Las Vegas on Thursday, Sen. Bill Nelson, D-Fla., was alleging that Russian operatives had infiltrated a voter registration system in Florida, without providing any specifics or evidence. State officials said they had “zero information” to support his claim. U.S. security officials, though, have repeatedly warned that Russia will seek to undermine the U.S. midterm elections in November.
Analog voting may be a divisive issue in the security world, but every cybersecurity expert NBC News spoke with at the conference said government policy needs to play catch-up to meet the massive threat posed by Russia and other nation-state hackers.
“The government runs traffic today, but they didn’t invent stop signs,” Herjavec said. “It’s on the government, and private enterprise isn’t going to spend the money on it unless someone is paying for it.”
Analog voting might seem old school, but it has already made a comeback in Denton County, Texas, where election officials spent around $9 million last year to switch back to paper ballots that are then tabulated by a print scanner.
The pen-and-paper approach has been championed by a variety of people in the tech world, including the author of the webcomic XKCD, which often address issues related to technology.
Others see plenty of problems with analog voting and argue that technology can be used to enhance voting rather than changing it entirely.
Mike DeCesare, CEO of ForeScout, a security company working with private companies and governments, said that not only is analog voting antiquated, it doesn’t ease his concerns about election hacking.
“I didn’t feel any better about the hanging chad in Florida than I would about electronic election meddling,” he said, referring to the messy Florida recount during the 2000 U.S. presidential election.
David Becker, executive director of the Center for Election Innovation & Research, a nonprofit that seeks to improve how elections are held, said analog voting wouldn’t be ideal in a country where “the polls close at 8 p.m. and everyone logs on at 8:01 wanting results.”
Striking the right partnerships between the government and private sector could help bring the U.S. election infrastructure into modern times. Last year at Def Con, a more freewheeling hacking conference that takes place immediately after Black Hat, hackers demonstrated how they were able to breach a voting machine.
While that was a controlled demonstration, Herjavec and DeCesare both believe that technology is so advanced that if the government invested in advances in the private sector, voting could one day be as easy as pulling out a smartphone at home. This will not only boost voter turnout, but it could make elections even more secure, they said.
One way to do that could be geofencing, which creates a virtual geographic boundary around a particular area, only enabling an action, such as using a coupon or accessing a website, if the person is within that fence.
“If I’m a citizen, I should be able to say, ‘I’m going to vote and I’m going to vote in my house’ and geofencing will know if I’m in my house or not,” DeCesare said. “If my social security number votes and it’s not in my house, that’s not a valid vote. And the second my social security number is used, it can’t be used anywhere else in the country. That just leads to one unified voting system.”
However, Herjavec and DeCesare acknowledge that any flaws would have to be straightened out before such a system is actually implemented.
“People are fundamentally lazy, and when you require them to go somewhere and do it, they are not going to do it,” Herjavec said. “But at the same time, I don’t want 100 percent opt-in for a fake electorate.”
Election hacking is a complex, ongoing threat that isn’t going away, experts say. For now, the best defense is investment, vigilance and boosting voter turnout, they said.
Becker said he sensed a real openness from the government in working with “the greater cybersecurity community.”
“We are always going to need technology,” he said, “but we do need systems to double check the technology.”