Our County Clerk is not happy with recent stories about the potential for vulnerability in our election systems.
Despite reports from federal intelligence agencies and media outlets of Russia’s widespread targeting of state and local elections around the country and in Texas, election administrators in the nation’s third-largest county say Vladimir Putin’s government does not pose a unique or heightened cybersecurity threat.
Harris County Clerk Stan Stanart said his office, which runs local elections, has a slew of checks in place to prevent hackers from tampering with the vote, including multiple backed-up voter registration databases that are kept offline. He said reports produced by voting machines before every election ensure the machines do not come pre-loaded with votes and after the election allow the county to cross-check against final tallies to make sure the vote is not manipulated.
While most observers and experts agree Russia exemplifies a new threat to election infrastructure nationwide, Stanart said the county faces no greater risk from Russia today than threats going back to the 1980s. He also challenged the veracity of reports that the Kremlin had attempted to coordinate widespread attacks on state and local election systems in 2016.
“Where’s the evidence?” Stanart said. “I would really question that.”
Bloomberg reported in June that Russian hackers “hit” voter databases and software systems in 39 states, in some cases penetrating campaign finance databases and software used by poll workers, and attempted to alter or delete voter data in Illinois.
Also last month, the Dallas Morning News published a story that election officials there had found attempts to hack their election system ahead of the November election. The newspaper reported that election officials there cross-referenced hundreds of suspicious or possibly Russian-linked IP addresses provided to them by the U.S. Department of Homeland Security against those that had attempted to access Dallas County servers in early October and found 17 matches.
Stanart said his office has not seen that list of IP addresses. Dallas County election officials did not respond to a request for comment.
Harris County officials refuse to answer whether they saw any attempts to penetrate the county’s systems. While Stanart himself said he has not found that Russian-linked hackers targeted the local election system, he acknowledged that other county security officials could have found and stopped such attempts before they reached his office.
Those officials repeatedly have not answered questions about whether they saw such a threat.
Bruce High, the chief information officer and executive director of the county’s Central Technology Services, has acknowledged a recent “spike” in attempts to hack Harris County servers from outside of America’s borders, but has declined to explain when the spike began, what is being targeted and where the hack attempts are coming from.
See here for the background. I received some feedback from the County Clerk’s office following the publication of that piece, including a fuller response from Stan Stanart that I believe is intended to be an op-ed in the Chronicle that specifically disputed several of the claims made by Dan Wallach. I’m printing it here beneath the fold for your perusal. Beyond that, I don’t understand why the County Clerk says it has not seen the aforementioned list of Russian IP addresses, nor do I understand the reluctance by Harris County to discuss their cybersecurity measures in any depth. I don’t expect them to lay out their defense plans in detail, but some reassurance beyond “trust me” that they’re on the job would be nice. Maybe trot someone out who can at least speak the lingo or something like that, I don’t know. This is a legitimate thing for voters to be concerned about, and we have a right to expect those concerns to be addressed in a more responsive fashion than what we are getting.
Harris County Clerk Stan Stanart responds:
First and foremost, the title of the article “Harris County’s vote isn’t safe from the Russians” is unproven, misleading, factually inaccurate, and highly inflammatory. (Editor’s note: The headline has been changed to reflect the current nature of this article, including Stanart’s response. Wallach stands by the original headline.)
Apparently, the author is purposely misleading or is unfamiliar with the security of Harris County’s voting system as there are many inaccuracies in the article. The comment in the first paragraph, “the Russians might attempt to simply delete voters altogether,” does not take into account that voter registration does daily backups, that there are logs of every change made, and that the Secretary of State obtains copies nightly of any changes or updates made to the voter roll.
In addition, my office receives daily all updates to the voter roll. We back up these daily and store them on and offsite. There are many other processes in place to identify suspicious activity and we have the ability to restore a previous version, if it was ever needed. The copy of the voter roll on the voter registrar’s website, or HarrisVotes.com, is a separate system that is used by the voter for finding their polling location is simply one of many copies and not the official version used to conduct an election. How can any rational person really believe that the Voter Registrar’s copies and backups, the County Clerk’s copies and backups, and Secretary of State’s copies and backups could be hacked at the same time without anyone noticing?
The statement by the author that “an attacker need only tamper with a single voting machine. After that, the infection can spread “virally” to every machine in the county” is ridiculous.
Apparently, there is an attempt to deceive or a total lack of knowledge of the software on the Hart eSlate voting machines. The software is very specific in its functionality; and does not contain the functionality to download code from another unit so as to spread a virus to other machines when connected. In addition, even if the functionality was there, the connections are limited to a single string of 1-12 voting machines making it impossible to spread to “every machine in the county”.
We run hash code tests to verify the integrity of the voting software code and the only thing that changes from election to election is the ballot specific items such as candidates and propositions. We also run a publicly held logic and accuracy test that is overseen by appointees from both major political parties for every election to ensure that the voting machines are accurately recording the vote.
The accusation that the voter tabulation system is running windows 2000 is simply false. All tabulation systems are running on Windows 7. In addition, these machines are never connected to any network, that includes the county network or to the internet. There is no access or opportunity for hacking, mischief or manipulation.
The author states that we need a major upgrade to our systems so that voters can verify their polling locations. Apparently, he has never visited Harrisvotes.com during an election cycle because I put this in place approximately five years ago. HarrisVotes.com runs on a separate copy of the voter roll so that the voter can see their polling locations, print their personal sample ballot, and obtain a Google map to their voting location.
The author once again is wrong when he states that we need an online database to track voters who cast votes during early voting. Harris County has been doing this for over a decade. Per Texas Election code, we provide the list of early voters the next day.
I understand the author has considerable time invested in the Star-Vote system that he worked on with the Travis County Clerk. Our understanding is the system is not complete and has not been certified by Federal Election Assistance Commission or the Texas Secretary of State making it illegal for us, or any county in Texas to use it. Harris County has a significant investment in our current Hart eSlate voting system. We should be able to easily get an additional five years of use from our existing technology after which, we will be evaluating the most current and secure election technology at that time to be the replacement product. As the author mentions, he was part of the team that evaluated the Hart eSlate voting system in California and attempted to manipulate it for eight weeks and was unable to change any votes, add any votes, or corrupt any votes.
The concept of taking off-the-shelf computers without them going through a full testing cycle is dangerous. Off-the-shelf equipment has firmware that’s embedded within the machine that is more susceptible to hacking than the technology in the secure Hart machines used in Harris County.
In the earlier years of my career, I was the manager of BIOS Development and Test for consumer PCs at Compaq computer. I have extensive knowledge and experience in the internals of a personal computer. Without fully testing every piece of code that could actually run on a PC including the BIOS and all the firmware, and operating system of a computer, it is not possible to ensure the integrity of the whole system.
This is why the Federal Elections Assistance Commission has voting machines standards and a full suite of tests that a voting machine must pass to ensure the integrity of a voting system. The complexity of a complete operating system whether that be Windows, Apple’s IOS, Android, etc., makes it much much more complicated to fully test all of the potential code that could interact with any voting software. That is why having a very small, special-purpose, dedicated operating system that does not have the ability to transmit viruses is a much more secure and safe system to have as the basis for our voting machines.