By Aramie Louisville Vas
Due to numerous security concerns and encryption vulnerabilities, the WINVote machines, dubbed the “Worst Voting Machines” in America, have been officially banned from the commonwealth. The most blatant system insecurities involved the use of open networks, default passwords and logins and inefficient operating systems included an outdated version of Windows XP (which hadn’t received a patch since 2004). WINVote tracked its votes using an obsolete version of Microsoft Access protected with a five-character password which took investigators a mere 18 seconds to crack using a common hacker tool.
Two separate investigations into the WINVote machines were held, one by the Virginia Information Technology Agency (VITA) and another by a federally accredited lab called Pro V&V. In official findings, VITA concluded, “[T]he combination of weak security controls used by the devices would not be able to prevent a malicious third party from modifying the votes recorded by the WINVote devices.”
Jeremy Epstein, a security scientist with SRI International, noted that it would have been possible (and easy) to manipulate election results right from the parking lot of any polling spot that used the WINVote machines. Concerns now abound over the possible tampering of votes in post-2003 elections. In the 2014 race for senate, for example, Lynwood Lewis (D) defeated Burwell Coleman (R ) by a mere nine votes. It is impossible to say with certainty whether hackers played a role in this or other election results; unlike analog systems, WINVote does not provide a paper trail.
The WINVote system was initially purchased in Fairfax County, VA. 4,000 machines were in use across the state in 2014. Fairfax County replaced its WINVote machines last year, but some 3,000 machines were affected by the ban.
And you were worried about hanging chads…