Voting Machine Vendors, Election Officials Continue to Look Ridiculous, as Kids Hack Voting Machines in Minutes

By Mike Masnick | 16 August 2018

TECH DIRT — Last year at Defcon, the Voting Machine Hacking Village showed just how bad the security was on electronic voting machines. This is not a surprise, of course. It’s a topic we’ve covered on Techdirt going back almost 20 years. But what’s still most incredible is how much the voting machine manufacturers and election officials continue to resist the efforts of security experts to explain all of this. Even earlier this year, there were reports about the insane lengths that voting machine vendors were going to to try to stop Defcon from obtaining their machines:

Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year’s show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal — which is false.

Meanwhile, election officials have been whining about the whole thing, and telling people not to pay any attention to all of this:

Election officials from the National Association of Secretaries of State (NASS) bristled at the demonstrations, saying they didn’t reflect what could actually happen on Election Day. So did voting machine vendors, which argued it would be difficult for adversaries to gain the level of access necessary to tamper with equipment.

Leading voting machine vendor ES&S put out a completely bullshit letter to its customers basically saying “don’t pay any attention to
Defcon.” That letter was expertly debunked and mocked by reporter Kim Zetter:

In advance of the @VotingVillageDC tomorrow, ES&S sent a message to customers today with their comments about the hacking village and the security of their machines. I’ve pasted their memo below, with some annotation from me. pic.twitter.com/6eQUYuuGJA

— Kim Zetter (@KimZetter) August 10, 2018

Also, memo to ES&S: when hackers are trying to help you improve the security of your shitty machines, whining that they’re “breaking licensing agreements” is not a good look. […]