Virginia has decided to learn what much of the country already knows. The 100% unverifiable touch-screen voting systems they have long been using in their public elections are also 100% hackable.
After ignoring the warnings and using them anyway for more than a decade --- and three Presidential elections --- a recent incident on Election Day in 2014 led the Commonwealth to finally do what they should have and could have done long ago: test the machines to find out how vulnerable they actually are.
Well, they finally did so and --- boy howdy! --- did they discover what the rest of us have been warning about for years.
There is a reason, after all, that Virginia was the last state in the union to continue using the WINVote system made by the ironically named Advanced Voting Solutions (AVS). And there is a reason why, after finally bothering to test them, Virginia has now immediately decertified one-fifth of the voting systems used across the state, even though it will leave some jurisdictions scrambling for new ways to hold their primary elections scheduled for early June.
We've been noting problems with the WINVote system almost as long as The BRAD BLOG has been in existence. One example is our short report from 2007, when we discussed problems with the AVS systems before the company eventually went out of business entirely and after the WINVote system had been decertified by Pennsylvania when the company refused to pay the federal testing lab examining a newer version of the system for federal certification. Before those tests were discontinued at the time, we reported, the lab had "found 1,946 source code anomalies, 25 serious documentation problems, and an unauthorized change of motherboards."
As we wrote in 2007, "Elections officials want to ignore those problems." The elections officials in Virginia were precisely among those we were talking about.
But, no more. Once VA officials finally decided to do their own long-overdue security analysis of the systems, "Security deficiencies were identified in multiple areas, including physical controls, network access, operating system controls, data protection, and the voting tally process," according to the 6-page report [PDF] released by the Virginia Information Technologies Agency (VITA) this week.
"The combination of critical vulnerabilities in these areas, along with the ability to remotely modify votes discretely, is considered to present a significant risk. This heightened level of risk has led VITA security staff to conclude that [a] malicious third party could be able to alter votes on these devices," they wrote, adding tersely: "These machines should not remain in service."
The details of the Commonwealth's findings (now that they've looked for them) are so mind-blowingly startling that some Virginia localities who are losing their voting systems are now perfectly happy with the idea that they may have to --- gasp! --- hand count paper ballots in their upcoming elections...