The IoT needs to stop at voting machines
Proponents of the Internet of things (IoT) see a future where virtually every gadget – whether it's a car, a watch or a shoe – is connected. In that future, such gadgets will share all kinds of useful data about what just happened and what might happen next.
But there's one gadget that should be kept out of this future: voting machines.
As the November midterms near, this topic thankfully seems to be gaining attention. And for good reason: Wireless technology – including 4G and 5G – is pretty good, but in an age of cyberhacking and misinformation, it's simply too much of a risk to stick it into voting machines.
To be clear, I'm not the only one who feels this way:
- "Every weak link in the chain of network security is a problem, so opening the door to the Internet is just a bad idea in every conceivable scenario," Rich DeMillo, a computer science professor at the Georgia Institute of Technology, told Bloomberg in 2020.
- "You're counting on a bunch of infrastructure to deliver data back and forth, and it's well within the capabilities of nation-state hackers to break into that infrastructure," Dan Wallach, a Rice University computer science professor, told Politico recently.
- "The added risk is just unnecessary," Andrew Appel, a computer science professor at Princeton University, told Bloomberg.
- "Modem use expands the threat surface area [that] election officials are forced to defend against all hazards including cyber, operational mistake[s], misinformation and fairy tales," Noah Praetz, a former election director for Cook County, Illinois, told Politico.
But it's not only academics who are sounding the alarm. A number of state and federal agencies are saying the same thing about wireless- and cellular-capable voting machines.
For example, the Senate Intelligence Committee recommended in a 2019 report on Russia's interference in the 2016 election that state election officials remove or disable any wireless networking capability in their voting machines. Last year, the US Election Assistance Commission issued voluntary guidelines that included a recommendation that voting machines "be air-gapped from other networks," including by removing wireless technologies. Computers that are "air-gapped" from networks are typically those that aren't connected to the Internet in any way, whether wirelessly or via a wired connection, and therefore are potentially more secure. And, according to Bloomberg, both the US Cybersecurity and Infrastructure Security Agency (CISA) and the US National Institute of Standards and Technology (NIST) have recommended against wireless voting machines.
Even Election Systems & Software, a voting machine vendor that provides more than half of the country's voting machines, does not "promote" the use of modems, according to Bloomberg. The company only supplies the technology if its customers request it.
Threats and movements
The reasons are relatively obvious. Wireless networks in general, and 5G ones specifically, have repeatedly been the subject of hacking attempts and security warnings. And those potential security holes are undoubtedly of interest to countries like Russia that have reportedly attempted to hack into US voting systems.
That doesn't even address the threat of user error. For example, according to Politico, voting machine vendor Hart InterCivic misconfigured its modems' encryption in 2007 so that its modems failed to verify their connections.
But there's a bit of good news on the topic: The number of states using wireless-capable voting machines appears to be declining. Bloomberg reported in 2020 that Rhode Island, Wisconsin, Georgia and Florida were among at least 11 states that still allow the use of wireless-enabled voting equipment.
But Politico reported this month of just six states – Florida, Illinois, Iowa, Massachusetts, Michigan and Minnesota – that continue to allow wireless modems in voting machines.
The reason that some state election officials continue to use wireless technology in their voting machines is a bit of a surprise. It's mainly to get voting results out just a few hours quicker.
"There is an appetite in the public for immediate results, and [using modems] is the best way to do that," Paul Lux, the election supervisor in Okaloosa County, Florida, told Politico.
To me, whatever benefits can be derived from wireless-capable voting machines would seem to be significantly outweighed by the dangers. Connecting voting machines to the Internet – whether via wireless networks or wired networks – just doesn't seem worth it.
And given all the recent scrutiny over voting whipped up by former President Trump, wireless voting machines in 2022 seem particularly ill advised.
As the IoT connects more and more devices in the future, it's OK to leave some gadgets safely, and securely, in the unconnected present.
- Hacking group LightBasin broke into at least 13 mobile networks – report
- Open RAN so easy to hack it's 'scary,' says top security boffin
- T-Mobile to take $400M hit from hacking settlement
— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano