Election Equipment Vendors Play a Key, and Under Examined, Role in U.S. Democracy
- September 17, 2018
Every vote in the United States — for city council, state representative, or president — is cast using materials and equipment manufactured by third party vendors. There are vendors large and small, but the American election equipment industry is dominated by three vendors: ES&S, Hart, and Dominion. These vendors manufacture the machines that approximately 92% of eligible voters use on election day — and they wield extraordinary power with significant implications for our democracy. Because of this, it’s critical that elected officials and advocates pay attention to the role vendors play in the security and transparency of American election systems.
Perhaps most concerning are vendor efforts to keep secret the technology upon which American elections rely while at the same time feteing state and local election officials with expensive trips and meals. Vendors have actively and increasingly pushed back on efforts to study and analyze the equipment that forms the basic foundation of our democratic processes.
One way they do this is by opposing independent research by computer and election security experts, such as academics. Vendors have asserted that licensing agreements between vendors and counties prohibit outside testing of county-owned machines. In at least one instance, a vendor has suggested that “non-compliant analysis” — that is, it appears, analysis not approved by the vendor — would infringe the vendor’s intellectual property.
This year, DefCon’s Voting Machine Hacking Village (“Voting Village”) — a high-profile hacking event focused on examining the cybersecurity vulnerabilities of voting equipment — received communication organizers took as legal threats from ES&S, the country’s largest voting machine manufacturer. The communication seemed designed to intimidate Voting Village’s organizers from conducting and publicizing the results of their analysis of ES&S and other manufacturers’ machines. Perhaps this was inevitable after Voting Village’s 2017 report, which detailed numerous exploitable weaknesses in an array of equipment from various prominent manufacturers. After this year’s event, a bipartisan group of U.S. Senators asked ES&S to explain itself, and urged it to support independent research efforts. ES&S responded by suggesting that independent security research jeopardizes election integrity, and “makes hacking elections easier.” Fortunately, the Senators, all members of the Senate Intelligence Committee, roundly rejected this brush-off — but it does not bode well for researcher-vendor relations moving into the 2018 primary and 2020 national election seasons.
Perhaps the most notable effort to bar independent research into the efficacy and security of American voting equipment is happening right now. The Digital Millennium Copyright Act, 17 U.S.C. § 1201, protects the technological measures used by copyright owners from unauthorized access to or use of their works. It does this, in part, by prohibiting the circumvention of those measures and the trafficking in devices primarily intended to circumvent those measures. The statute contains a number of statutory exemptions—for example, applicable to schools and libraries—and also allows for rulemaking procedures whereby narrow, temporary exemptions may be adopted by the Librarian of Congress. This latter kind of exemption must be reexamined every three years, and review of those exemptions is happening right now. One exemption, Proposed Class 10, allows for security research into computer programs including voting machines. This fairly limited exemption is how DefCon and academic researchers can legally investigate, “white hat” hack, and analyze machines used by Americans on election day. This year, the U.S. Copyright Office (the part of the Library of Congress charged with this endeavor) is considering whether to remove certain limitations on research conducted under this category. The country’s three largest election systems vendors oppose this move and are asking the Copyright Office not to approve the proposed exemption.
Pointing to last year’s Voting Village, ES&S, Hart, and Dominion suggest that the Copyright Office might be “misled . . . into thinking that democracy depends on unbridled hacking of election software,” when “[t]o the contrary, if the Office were to approve of hacking election software in the manner proposed, the integrity of elections could be threatened.” They also worry — among other concerns — that some research may be for the purpose of voter suppression rather than aimed at improving system security, and that such research would hurt voter confidence and chill voter turnout.
Prominent computer and election experts have pushed back. “To the extent security flaws currently exist in non-exempt software, they will continue to persist—and be less likely to be fixed—if security researchers are unable to examine them,” Professor Ed Felten and Alex Halderman wrote in a comment supporting the renewal of the exemption and elimination of existing research limitations. “Security researchers perform their work specifically to assess potential security risks and assist in mitigating them [when] necessary.” Moreover, they point out that while narrowing or eliminating the research exemption would deter good-faith independent researchers, it would certainly not deter malicious actors looking to exploit system weaknesses.
Another group of security researchers has pushed back even harder, arguing that the vendors’ comment not only misrepresents the record before the Copyright Office, but the state of election security in the United States. Far from being acceptably secure, Professor Matt Blaze and his colleagues argue that U.S. voting systems are subject to hundreds of known vulnerabilities, including vulnerabilities not successfully identified or addressed by vendors. Legal compliance checks such as those required by state certification systems will never compensate for technical vulnerabilities, they say.
Most surprising to the security community, the Department of Justice Computer Crimes and Intellectual Property Section supports the security researchers’ position that Proposed Class 10, with previous limitations eliminated, should be approved.
Independent analysis of voting systems is critical to national security. Indeed, independent studies of various systems has revealed significant flaws with machines and systems used by jurisdictions across the country. Computer and election security experts rely on this exemption to legally conduct research on the machines that Americans use on Election Day.
Vendor efforts at protecting the black box of their election tech is not limited to executive advocacy — vendors also rely on intellectual property-based arguments to participate in, and sometimes hinder, election challenges that implicate the coding and functioning of their machines. In at least one case, a vendor’s intellectual property argument resulted in a court-ordered expert analysis of a voting system, where the results could not be made public. This was after the vendor unsuccessfully sought to impose an extravagant bond on plaintiffs to ensure machine source code was not made public. In another case concerning an election challenge in Florida, “the litigation ultimately was utterly inconclusive as to the reason for the 18,000 electronic undervotes because discovery targeting the defective voting system was thwarted when the voting machines’ manufacturer successfully invoked the trade-secret privilege to block any investigation of the machines or their software by the litigants.”
Legislators have started to take notice, including by seeking answers about vendors’ security measures (answers that were not adequately forthcoming). But apart from some academic deep dives into the issue, the role of vendors in the basic functioning of American democracy has been under-examined. As the Penn Wharton Public Policy Initiative has pointed out, we have a highly concentrated market with a fairly captive customer base — and no meaningful regulation. Congress should maintain the pressure on vendors, and consider how best to ensure that vendors are active partners in ensuring American elections are secure, accurate, and transparent.
(You can also read this piece as published on the Take Care blog.)