(CNSNews.com) – A group of cyber security experts say they fear that voting machines in the U.S. could be a target for hackers.
“Coming out of the [Democratic National Committee] hack ... I think there’s a lot of us trying to call more attention to the election machines,” Jason Healey, a Columbia University senior research scholar and non-resident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative said on Wednesday.
Healey, who was in Washington, D.C., as part of the council’s “Cyber Risk Wednesday” series, pointed out the difference between how gambling machines in Las Vegas are secured compared to voting machines.
“Someone tweeted out: ‘Here’s how Las Vegas handles gambling machines.’ It covered all these controls that Las Vegas includes for [them]…
“Someone can inspect it. If you as a player think that the [gambling] machine is fraudulent, you can go talk to the inspector. There are rules. There [is] independent testing to see if it’s right,” Healey said.
The Nevada Gaming Control Board’s Regulation 14 allows the inspection and testing of slot machines and other gambling devices before they are used or if there are malfunctions.
“On voting machines, none of that’s true,” Healey added. “It’s illegal to try and go in and figure it out, how it works. It’s not independent testing.”
Cris Thomas, aka “Space Rouge”, a strategist at Tenable Network Security, pointed out that the Digital Millennium Copyright Act of 1998 (DMCA) prevents researchers from inspecting voting machines due to copyright issues.
DMCA prohibits “circumvention of technological measures used to protect copyrighted works, and to prevent tampering with the integrity of copyright management information.”
However, the Library of Congress issued a rule in October 2015 saying that the prohibition does not apply to people "who engage in non-infringing uses of certain classes of such works.”
Thomas said he believes the exemption will allow researchers access to electronic voting machines, but he added that will only happen after this year’s presidential election.
“So it allows researchers to look at those systems and see if there are vulnerabilities in them without fear of prosecution. But that’s a big thing,” Thomas said.
The Verified Voting Foundation points out that “the U.S. election system faces unprecedented tests this November, and beyond,” including the fact that “far too many states use unreliable and insecure electronic voting machines....These problems threaten to silently disenfranchise voters, potentially in sufficient numbers to alter outcomes,” VVF warned.
“The vulnerabilities in these machines are astounding, well-established, and very frightening,” agreed Gabriella Coleman, the scientific and technological literacy chair at McGill University in Montreal and author of Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous.
Beau Woods, deputy director at Cyber Statecraft Initiative, moderated the panel on bridging the gap between hackers and public policy makers following DEFCON, the largest underground hacking conference sponsored by the Department of Defense that pulls in around 22,000 hackers.
A topic brought up continually at DEFCON, according to the panelists, is the changing relationship between government and the hacking community.
“We’re seeing a change from a completely adversarial relationship between government and the hacker community,” Thomas said. “And it’s starting to thaw a little bit where there’s a lot more cooperation now. It hasn’t completely thawed, but it’s getting there.”
Lorrie Cranor, chief technologist at the Federal Trade Commission, said the FTC was at the DEFCON conference in order to reach out to more hackers in the community.
“We were out there because we wanted to do outreach to the hacker community and to let people know what our agency does and that we’re interested in hearing about research that people are doing that can help us understand vulnerabilities, especially in [Internet of Things] systems [which include hand-held devices, wi-fi routers, and bluetooth speakers], give us ideas about how we can protect consumers from scams, from fraud, and we wanted to make those connections,” Cranor said.
Contests and “villages” held during these conferences allow hackers, who are given special hacking badges, to interact and to get more hands-on experience bypassing computer security systems.
“We had lessons teaching people how to hack cars. It’s really a good chance to learn and engage with the community at large,” Woods said.