US states fail to secure voting machines

A combination of entrenched and litigious voting machine manufacturers with immense control over their proprietary software and a highly complex and fragmented voting infrastructure mean that even though concerns were raised as early as 2004 about the security of US voting machines, the 2018 midterm election saw little improvement. The machines in use in the more than 10,000 US election jurisdictions are all either optical-scan or direct-recording electronic (DRE). Optical-scan, which scans paper ballots and retains their images, permits manual auditing, but that exercise is not always carried out, or is hit-and-miss in terms of catching fraud. DREs often have printers that produce a paper trail, but there is no facility for comparing what's printed on the paper with the vote that's stored on the attached memory card, which provides the final count. Five states use paperless DREs, where no auditing is possible, and ten use paperless DREs in some jurisdictions. Two of the four leading manufacturers of the voting equipment in use in 2018 were out of business; 80% of the $300 million-a-year market is under the control of three companies: Dominion, ES&S, and Hart InterCivic. All have known vulnerabilities in their machines, and while no evidence has been found to show that votes have been changed by hacking in any election little effort has been expended on looking for it.

https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html
https://www.cnet.com/news/us-officials-hope-hackers-at-defcon-find-more-voting-machine-problems/

Writer: Kim Zetter
Publication: New York Times