President ial debate, go to cspan. Org using your desktop, phone or tablet. On our special debate page, you can watch the entire debate choosing between the split screen or the switch camera option. You can go to specific questions and answers finding the content you want quickly and easy. Create clips of your favorite debate moments to share on social media. Cspan. Org on your desktop, phone, or tablet for the president ial debate. Now, a look at potential cybersecurity threats to the president ial election and the u. S. Electoral process. Kim zeter, Senior Reporter from wired moderated this event. From the Atlantic Council, it is 90 minutes good afternoon, welcome to the Atlantic Council and the october Atlantic Council. Im director of the Strategy Initiative here. I am Deputy Director of the center on international security. We run cyberrisk wednesday here hosted by us and in collaboration with our partners at Christian Science monitor with the pass code. This afternoons conversation is on hacking the vote. I feel like there should be some ominous music here when i say that. It is part of our cyberrisk series and very timely. I woke up to a radio story on exactly this topic. It is particularly timely discussion and a particularly distinguished group of panelists that will examine our threats ranging from historical paper systems to current voting xau terse to internetbased voting in many other countries. Really, a great panel to help us put this whole story of hacking the vote into some context and with some real substance hyped behind it. I would like to welcome those who are watching online. I encourage you to join the conversation on twitter using accyberand acscro cough and cmmpasscode. We have seen how cybercrimes could impact Voter Registration. Voting computers, they are really Voting Computers. Even the outcome of the election. The act of tampering with and undermining trust in the electoral process goes back much further than this election. It goes back perhaps as long as there have been elections, though the mechanisms have changed over time. The idea of influencing and possibly changing the outcome of elections is nothing new to foreign or domestic players. This is an International Problems just as much as an american. There are several examples in europe and latinamerican where the fear of cyberinsecurity are used to influence Public Opinion before, during, and after elections. In fact, in your seats, you will find a report from two years ago discussing many of these issues and the recommendations contained in it, that are still very relevant today. Those of you online will not find that report in your seats but we will post a link to it so that you can find that as well. Here in the u. S. , Voting Authority started rapidly implementing Voting Solutions to make voting accessible and efficient in the help american vote act in 2002. A number of Electronic Solutions were illconceived or have not aged well in the 14 years since. It certainly wont come as a surprise to the people in this room and online, that computers, even Voting Computers are hackable. Additional alarms ring when it comes to Voter Registration information and assistance for tabulating votes which may be dangerously vulnerable even to relatively low skilled hackers. However, it is not just Voting Technology thats at risk, weve started to see recently in particular hacks of Political Parties and other entities that can highlight the vulnerability of the entire electoral and political process. The daily leaks we have been seeing lately are having an impact on the political campaigns. While leaks have been common, these kind of hacks really do represent a new level of scale often dubbed as the electronic watergate where tradition many responses may no longer work. The possibility that more Sensitive Information is waiting to be released at an opportune moment could create opportunities for foreign powers seeking to interfere with president ial elections or even criminal entities. With one president ial candidate, warning his support es that the election is going to be rigged, quote, unquote, hackers may not even need to compromise Voting Computers or systems to undermine the Peoples Trust in the Election Results. Merely a credible claim of doing so could compare voters to cry foul and undermine the legitimacy of the vote at home, in the United States and abroad as others look at the outcome. Today, we are here to find out what is truly knew about the cyberthreats, what actions will best preserve trust in our elections and what can be done in general. Before i ask the panelists to join us here on the stage, let me briefly introduce them. I will start with jeremy p epstein. He is on loan to the innovation office. He was sent by sri to the National Science foundation secure and trust worthy cyberspace program. Also joining us is joseph hall, chief tech nolist and directory of the internet architecture project at the center for democracy and technology. I serves on the board of the california Voter Foundation, the verified Voter Foundation and the fccs computer liability council. Please to welcome masimo tomisoli, the permanent observer for the International Institute for democracy and doctoral assistance. His resume includes work at the organization for Economic Cooperation and in the Italian Ministry of foreign affairs. Finally, kim zeter will be joining us to moderate this discussion. Kim has been covering cybersecurity since 1999, including more of a decade at wired magazine. She is a journalist and author who is wellknown for covering this range of issues. We are looking forward to her leading this discussion with us today. As always, again, thank you to our media partner pass code, the Christian Science monitors new guide to security and privacy. Thank you all for joining us on here and online. Let me invite the panelist to come join us to get us started. Thank you for coming. Good afternoon, everybody. He covered some of the answers i was going to go over. I want to give you some context for why we have a discussion today about hacking the vote, hacking the Voting Machines. We are talking about hacking the vote this year, unlike any other year. We are talking about two kinds of hacking, as he discussed in his intro, not only technically hacking the Voting Machines but hacking the minds of voters. What do we mean when we talk about hacking Voting Machines and how did we get here . Dl started with 20002 the help america vote. It was passed in the wake of the 2000 debackle, the bush v. Gore p p out of florida. It was intended to provide disabled voters, voters that had hearing or sight impediments to give them the ability to vote without assistance in the polling place so they could have a private vote. Federal government allocated about 4 billion to states so they could purchase accessible Voting Machines. Instead of buying one or two that they considered accessible, they decided to go on a shopping spree and replace all of their Voting Systems with touchscreen Voting Machines in many precincts. They are also called direct recording electronic machines, dre. They didnt have a paper trail until academics and voting activists made an issue of it. There was no ability to check the vote and verify it record the vote that the voters intended to choose. We now have some that produce a paper trail and states that have opted for optical scan machine. You are choosing your choices and it gets scanned into an electronic machine. That is problematic in the same way dres are when you dont have an audit. If you af paper trail and dont do anything with it, simply having the paper trail doesnt mean anything. We are going to talk about all those issues and influence hacking. I wanted to start because the help america vote act was passed in 2002. States bought machines. We have had them for over a decade. Problem throughout that decade with machines and elections. We have had some resolutions. Some states have turned off wifi. There are other problems, the process of elections. Maybe we should talk about the win vote and why it is here. Jairmy brought this beauty 23u8 machine, known as the worst voting machine in america. They were decommissioned. They had 3,000 of them. Maybe you will explain why we had it. A lot of it has been electronics and software but a lot is also about the physical access. How many of you can see what im holding . You can have one as a souvenir if you would like. This is a key that is cheaper than the key that opens hotel minibars. This is what secures the usb key that stores all the votes it is symptomatic that it is very trivial protection. They were in use in virginia, mississippi and pennsylvania. They are the only three states that ever used them. Virginia was by far the largest market for them. When they were decommissioned, it was after the state discovered they had wifi enabled that could not be turned off. We didnt realize it couldnt be completely turned off. It turned out it used the wep encryption method. For those geeks in the room, you will know that was known to be a compromised system ten years ago. It takes a couple of seconds to compromise it. It turns out it didnt matter, because the password on it was abcde and couldnt be changed. It turned out it was just a windows machine and you could connect with any other windows machine and download or modify the files. You needed the administrator password. That was admin. It wasnt too hard to break into these. The good news is that the state recognized the problems. After a decade . They had been using them for a decade. When they finally looked at them they said, oh, four letter word and got rid of them. About 80 of all voters this year will use optical scans. There are three states that are dre, without paper trail, im sorry, five states. South carolina. New jersey, delaware, georgia, and louisiana. Five states have no paper trail, new jersey, delaware, georgia, louisiana, and South Carolina then, there are another ten states where depending on where you live, you might or might not have a paper trail. It is great to have a paper trail. If nobody looks at t there is no audit, it does no goods. Relatively few states do audits and there are unique cases like virginia where it is illegal to do an audit. We can get into that if you care. So this machine you wanted to give away. When they were decommissioned, i got about 50 of them donated to me by the state. I have been distributing to universities and museums literally around the world for the purpose of research if you are interested in having one. Please let me know. This one is available to a good home. We know at least five states are voting on dre machines without a paper trail. Lets look at the issue of whether or not Voting Machines are still hackable today. This machine certainly was. Now, it is being decommissioned. Given be there has been so much focus and pub lisity about the system and their hackability, have we see any progress in the sense of how they are being used today . Has wifi been disabled . Have the machines been secure td in a better way . Do we know . I definitely think we are in a better state than we were last decade. Three out of four voters will cast a ballot using a paper ballot or on something that creates a paper trail. In addition to the geographic distribution, we talked about, you can be can ha you can be confident three out of four people have a paper record. It is different on the audit side. Some of the audit styles people are doing the whole reason to do an audit is to check the computer tally of the voting computer against a manual tally looking at the actual paper records. Thats a way of sort of arriving at ground truth. I think i would like to claim a little bit of the responsibility for fact that Voting Machines and the procedures around them have gotten considerably better since the last decade. The election Systems Commission deserves a lot of credit. Thats the federal agency that is tasked with helping local election jurisdictions run secure, robust, useable elections. Over time, their testing procedures have gotten better and more sound. The trick is any Computer Security person will tell you testing only gets you a certain level of confidence. There is always going to be ways to get around it. Some of the things im not so confident about are things like tamperevident tape. We put these numbered seals over seams of the Voting Machines and if you try to hack your way in and get in there and mess with the brains inside, you have to pull that piece of tape up. It will it looks like it has been messed with. It says, void, void, void. Typically, a heat gun, something that anybody thats been in a shop class, is all you need to lift that tape without disturbing it. Plenty of examples like bad keys that are not as good. I think the fact that we have been a little rigorous about saying, please dont ever do networking on these machines. Virginia is one of the few places i dont even want to state it. There was something you could do from like across the street to one of these machines. Do you want to talk about that . You could use a pringles can attack, it is an effective antenna for wifi. You can log in from across the street and manipulate the votes. It was the only machine in use in the United States that had wifi. You didnt even need that. As i recall, any voter in the precinct who had a smartphone could connect to the wifi that the voting machine was using and get access. There are these concepts of voting like one we Call Software independence, which is the notion that any undeticketable error in the software of the machine should not result in an in indy textable error in the outcome. Thats why we have things like paper trail and a set of crypto graphic voting methods that arent widely used. Some of us worry about them in other ways. Those can provide some sort of hard check against the softwear being bad oiz who. We have two ways of hacking, connected to the internet, doesnt have to be directly connected and proximity hack, if you can access the ports while you are in the poll booth or if you can access while they are in storage before they are distributed. Many of these sit in schools and feeders overnight or they sit in an insecured warehouse for years in between elections. You hear people say these Voting Machines arent connected to the internet. That should give you a little bit of comfort but not a whole lot. As dan wall lec said recent letter, there was malicious hacking before we had the internet and the network. There were things called very few people may see or know what they were but they are viruses that are transmitted by floppy discs, media that you can put in and out of the machines. When i was at princeton, people designed a virus for this machine used throughout the entire state of georgia. This was a machine where the default password was 1, 2, 3, 4. They designed a virus that would do this, in one election, say the primary election, you would get access to the back of the machine and stick a usb stick on there thand would install. Between the two elections, that would have the opportunity to go from that machine to the election management system, the one computer that tells all the other machines, here is what the ballots are going to look like for the next election. The programs of the Voting Machines and all that through the other elections. Thats the way of installing a piece of malware on a device that over a longer period of time spreads itself. Think about what kind of tackers will do that. It will not be something that woke up and said, oh, man, maybe we want to hack the vote. What you are going to have is much more sophisticated and longterm entities like nation states that are more likely to employ techniques like that. Georgia is not a swing state by any stretch of the imagination, but there are platforms that may be susceptible to these kind of slower proximity hacks. It is interesting that georgia did that sort of test. Georgia actually had a problem with Certified Software in i think it was 2008. They had all these touch screens in the warehouse and using officials at georgia tech who were helping them. About two weeks before the election, these helpers went in and upgraded the software on these debolt systems and no one had oversight over the software. They sem pli said these machines needed to be upgraded and they installed on thousands of machines. Thats sort of a problem of process. You can have an external actor that gets access to these machines and you can have a problem with upgrading machines at the last minute in a way that software is not examined or certified. If you are doing something intentionally, you can design it in such a way it disappears once it has caused its problems so that someone examining the code afterwards will not be able to see the malicious codes presence there. There was an interesting case in iowa a number of years ago thats very much like that where there was an upgrade to the windows operating system on i dont remember which brand of