“General Motors, General Mills, General Foods, general ignorance, general apathy, and general cussedness elect presidents and Congressmen and maintain them in power.”

― Herbert M Shelton

While electronic voting seems like a good idea, please allow me to explain why it is extremely dangerous. I come from Texas and Duval County (in Texas) is quite famous for having more people vote in elections than the entire population of the county. If you need proof of life after death, just check the Duval County voter records. Its amazing how many of the dead managed to vote. Duval County is just one reason Texas wants to implement anti-fraud measures like forcing people to show an official ID to get a ballot. Its not about keeping the poor out. Its about keeping the same jackwagon from voting under a different name at each polling place because he’s getting paid to do so.

First, let me clarify something. Electronically counting votes is NOT the same as electronic voting. There are ways to count votes electronically without using electronic voting. Yes, voting from your cell phone sounds fabulous but does that mean I can go buy 100 burners and vote 100 times? It might. It might also mean that foreign powers can buy thousands upon thousands of cell phones and use them to sway elections. We know that they are already buying other things in attempts to sway elections. If we do this way, all you need an Amazon prime account and a credit card to get all the burners you want shipped anywhere in the world.

Most polling places are temporary and are set up in schools, churches, community centers and other locations where they will not be permitted to remain. Polling places are generally set up and taken down by volunteers. Anyone can walk up and volunteer with little to nothing in the way of screening or a background check. As security professionals, you know what an advantage physical access to the device grants you if you want to manipulate that device. Now imagine unsupervised physical access without a time limit. Also imagine what you can do if you have access not just to the voting devices but the network devices. You know where this is going.

Then we get to the devices themselves. Most do not produce any kind of a paper trail that a voter can use or see to verify that their vote was recorded properly. Most are also severely lacking in security. A shocking number of the devices have hard coded administrative credentials that can’t be changed. Its a fairly safe bet that your webcam, which I know many people cover with a post-it note, tape or band-aid when not in use, has better security than most electronic voting devices. Yet, these same people who won’t (with good reason) trust their web cam, want to move to electronic voting.

We live in an age where the police can’t secure information, states routinely sell driver’s license data to third parties, and very little government data is stored in an encrypted format including health care information. The Feds aren’t alone in being breached. Many states, counties and even cities have been breached. Other countries and even companies that you would think would be secure have been proven not to be. From Yahoo to Easy Jet and Bank of America to Airbus, electronic data is just too accessible.

This is a brave new world we live in, all connected to each other instantly through the internet. Despite my early pleas to have peering points align with national borders, we never did it. Now we live in the disinformation age. Many other countries seek to interfere in our elections. Russia and China are particularly notable but far from alone in this. They have been going so far as to hire American citizens to act as hand puppets of hostile foreign powers. These hostile foreign powers use their puppets to make posts and take out ads feeding disinformation and divisive opinions. Others seek to widen and exploit the divisions for their own financial gain.

Industrial espionage through hacking is at an all time high, again with Russia and China leading the charge to loot the intellectual property and trade secrets of our businesses and even interfering with the search for new COVID treatments. This is not the environment in which to launch electronic voting. Russian hacker groups take an average of just 7 minutes from finding an exploitable opening to moving laterally throughout a network. Do you really trust electronic voting in times when hostile foreign powers have that kind of skill?