Verified Voting staff joined the Voting Village at the 27th annual DEFCON conference in Las Vegas in August. DEFCON brings security professionals, journalists, lawyers, researchers, and – of course – hackers under one roof at the world’s largest annual hacking convention. Since its launch in 2017, the Voting Village has served as an “open forum to identify vulnerabilities within the US election infrastructure and to consider solutions to mitigate these vulnerabilities.”
The conference addressed the risks of mobile and internet-only voting and featured a talk by Verified Voting President Marian K. Schneider cheekily titled, “If the voting machines are insecure, let’s just vote on our phones!” She outlined the risks of voting by mobile phone and noted that even voting mobile app creators are unable to guarantee that their own technology is unhackable, as demonstrated by the FBI’s investigation into a hack of the Voatz mobile voting app in West Virginia.
Marian also reminded the DEFCON audience that multiple agencies have warned that internet voting is not secure, including the Department of Defense, National Institute of Science & Technology, National Academy of Science, and the US Senate Intelligence Committee. America’s election infrastructure faces a known set of security vulnerabilities: reports have shown that voter registration databases and state networks were penetrated by a nation state, and critical election management software was unknowingly connected to the internet for months. Yet despite these known vulnerabilities, internet and mobile phone voting are still being considered by some lawmakers as viable voting options (read more about Verified Voting’s position on internet voting HERE).
The Voting Village Report, released on September 27, summarized the findings from the DEFCON conference and reaffirmed the known vulnerabilities that exist in today’s election landscape. The report emphasized the need for implementing voter-marked paper ballots in every state and conducting risk-limiting audits to confirm the results of election outcomes. The report also noted that while the country’s voting systems remain vulnerable, they “can still be used to conduct high-integrity elections – in spite of their vulnerabilities – by conducting statistically rigorous post-election audits.”
Stay tuned for another post from Verified Voting that takes a deeper dive into Marian’s talk at DEFCON about the risks of mobile and internet voting.