Report Says NJ Voting Machines — Which Don’t Leave a Paper Trail — Are a Hackers’ Dream
With the gubernatorial election in New Jersey less than a month away, a new report warns most of the voting machines that are used in the Garden State can be easily hacked.
The Center for Investigative Reporting says that in 18 of Jersey’s 21 counties, the AVC Advantage voting machine that is used can be easily broken into. And because there is no paper trail created when people vote, there is no way to verify if the results that have been tabulated are accurate.
The report points out 10 years ago, Princeton University computer science professor Andrew Appel discovered the circuit board design of this machine made hacking vote totals easy, and one of his students was able to pick the machine’s lock in a matter of seconds.
The report says recent cybersecurity audits of other types of voting machines that are used in the Garden State were also vulnerable to hacking.
“The Russian situation has shown that our voting system is vulnerable, so if there’s anything we can do to protect it, we should do it,” said Assemblywoman Liz Muoio, D-Mercer, who has introduced legislation that would require any new voting machines purchased or leased by the state to produce a paper record so that voting totals can be verified.
She said with paper ballots, you would actually have a paper record of each vote cast so “the voter can look at the record and make sure it accurately reflects what they intended with their vote.”
“The integrity of the voting system is worth the expense and investigation of implementing a more safe method of voting.”
She noted New Jersey is one of the few states in the country that does not utilize a paper record for voting machines.
Legislators will hold a hearing Oct. 26 to discuss the issue with experts in the field.
Repeated requests for comment were not returned by state Division of Elections, which is part of the Department of State overseen by Lt. Gov. Kim Guadagno, the Republican candidate for governor. Her Democratic opponent is former ambassador Phil Murphy.
When a similar request for comment was made to the state Office of Homeland Security and Preparedness, a lengthy response was emailed, indicating election security is a top priority and that steps have been taken to ensure the safety and integrity of the voting process.
The statement says:
The New Jersey Office of Homeland Security and Preparedness (NJOHSP), through its New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), today reaffirmed its confidence in the state’s election security measures.
The New Jersey Statewide Voter Registration System (SVRS) is unlike online voter registration systems that have been targeted in the past. It was not one of the states targeted by Russian hackers prior to the 2016 General Election, and New Jersey does not have online voter registration. Instead, New Jersey uses paper registration forms, reducing the prospect of a malicious actor penetrating our registration system.
Distinct from the voter registration system are the voting machines found in each polling place. New Jersey law requires voting machines never connect to the internet; making this a discussion of physical security, not cybersecurity. The machines currently used in 18 out of 21 counties, the AVC Advantage machines, were the focus of a nearly five-year trial that found that “not one witness presented evidence that the AVC machine, outside of a controlled academic setting, has ever been hacked.” Likewise, a judge during a previous court review of the system stated “[t]here has never been a demonstrated incident of an attempted attack or a verified attack … since its use began at least as early as 1979.”
Regardless of such determinations, New Jersey further enhanced voting machine security procedures through use of seal-use protocols for tamper-evident seals on all voting machines; use of pre-election testing protocols; requiring a seal-use protocol and voting machine security training class; requiring all those working on the voting machines to undergo criminal and security background checks; and hardening and installation of anti-virus software on all election management computers.
The NJCCIC is continuously working with New Jersey’s Secretary of State’s Office, its Division of Elections, and the New Jersey Office of Information Technology to proactively assess and enhance other controls that protect New Jersey’s election processes. This includes providing advice and guidance to state and local election officials on:
• Monitoring systems for signs of suspicious activity;
• Conducting risk and vulnerability assessments and penetration tests;
• Implementing network hardening controls;
• Providing security awareness training;
• Ensuring continuity of operations plans are in place