Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, Jeff Moss, Noah Praetz

Additional Info

Job title of nominated professional (or team name)Organizers: Voting Machine Hacking Village at DEFCON
Company (where nominated professional or team is working)Matt Blaze, University of Pennsylvania; Jake Braun, University of Chicago and Cambridge Global Advisors; Harri Hursti, Nordic Innovation Labs; Joseph Lorenzo Hall, Center for Democracy & Technology; Margaret MacAlpine, Nordic Innovation Labs; Jeff Moss, DEFCON; Noah Praetz, Cook County, Illinois
Websitehttps://www.defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf
Company size (employees)1 to 9
CountryUnited States
Headquarters RegionNorth America

Overview

For the first time in its history, DEFCON, the world’s largest and best-known hacker conference, hosted a “Voting Machine Hacking Village” in July 2017 to highlight cyber vulnerabilities in U.S. election infrastructure – including voting machines, voter registration databases, and election office networks. The voting machines available in the Voting Village were paperless electronic voting machines, and at a time when a number of U.S. voting jurisdictions are either committed to or considering purchasing newer equipment based on auditable paper records, open examination of these types of systems could not be timelier.

Hacking into voting machines is not new, but previously it was conducted only in limited academic or industrial settings under strict controls and publications restrictions. The team which put together the Voting Village created the first opportunity for mainstream hackers to gain unrestricted access to explore and share any discovered vulnerabilities.

One consequence of the limited access to voting machine hardware in the past is that doubts have been frequently raised about if the various vulnerabilities identified in previous studies would be practical for technologists of ordinary skill to discover and exploit. This project, however, created the opportunity for thousands of participants to engage with and explore voting equipment and the network simulator in an environment free of restriction for the first time.

By the end of the conference, every piece of equipment (25 voting machines) in the Voting Village was effectively breached. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability of these systems.

The results of the Voting Village project confirmed what election security advocates have been arguing for years: There is urgent need for federal, state and local election officials to implement measures to secure U.S. election infrastructure.

Accomplishments

--The DEFCON Voting Machine Hacking Village project provided the first opportunity ever for mainstream hackers to gain unrestricted access to voting machines to explore and share any discovered vulnerabilities. Previously, legal restrictions, including the 1998 Digital Millennium Copyright Act (DMCA) and, to some extent, the Computer Fraud and Abuse Act, had made such activities subject to criminal or civil liability. Given the interference of Russia in the 2016 presidential elections, this open examination of the U.S. election infrastructure could not be more timely.


--The findings of the DEFCON Voting Village, which revealed that many, if not most, of the electronic voting machines currently being used in U.S. elections, are vulnerable to attack by individuals with little prior knowledge and only limited tools and resources, have spurred a national dialogue around the importance of safeguarding the U.S. voting system from further exploitation or interference. The evidence of the election system’s vulnerabilities provided by the Voting Village project is critical in creating policies that will protect our elections in years to come.


--One of the most important outcomes of this project has been the subsequent release of the nation’s first ever cybersecurity election plan, proposed by team member Noah Praetz, Director of Elections for Cook County, Illinois. This landmark plan is an important step forward in securing U.S. election infrastructure and would not have been possible without the evidence of U.S. voting system vulnerabilities provided by the DEFCON Voting Village.