The Crisis of Election Security
How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry. The valuable work of testing system security has been taken up voluntarily by security researchers. But the researchers face hostility and sometimes even legal threats from vendors, who want to prevent them from finding and exposing problems with the machines. Before the Def Con event in 2018, which received unprecedented support and interest from election officials, ES&S and other vendors sent comments to the United States Copyright Office expressing opposition to a proposed exemption to the Digital Millennium Copyright Act that would expand the rights of researchers to reverse-engineer election software. Even now, when the country is desperate to prevent Russian hackers from interfering with future elections, the company is more focused on asserting proprietary control over its systems than on working with communities of researchers who want to secure them. In addition to the comments it sent the Copyright Office, it also sent a vaguely threatening letter to its own customers, warning them against helping researchers by providing them with voting-machine software to examine. In that letter, ES&S reminded election officials of an essential fact: The American people don’t own the software that now sits at the heart of their democracy; they just lease it.
The Crisis of Election Security