Mint Mobile Advertiser

As summer draws to a close and the kids go back to school, I know I'm going to want to keep in touch with my kids at a price I can afford. Back to school Shopping can be a hassle, but your phone plan shouldn't be. That's why I made the switch to Mint Mobile. For a limited time, Mint mobile is offering three months of unlimited premium wireless service for 15 bucks a month. So while other parents are sweating overage charges, I have a little bit more room in my budget for cool back to school threads. Say bye bye to your overpriced wireless plan's jaw dropping monthly bills and unexpected overages, Mint Mobile is here to rescue you. All plans come with high speed data and unlimited talk and text delivered on the nation's largest 5G network. Use your own phone with any Mint Mobile plan and bring your phone number along with all your existing contacts. Dish overpriced wireless and get three months of premium wireless service from Mint Mobile for 15 bucks a month. This year, skip breaking a sweat and breaking the bank. Get this new customer offer and your three month unlimited wireless plan for just 15 bucks a month at mintmobile.com newyorker that's that's mintmobile.com new yorker upfront payment of $45 required, equivalent to $15 a month limited time new customer offer for first three months only. Speeds may slow above 35 gigabytes on unlimited plan taxes and fees extra. See Mint Mobile for details.

Dorothy Wickenden

I'm Dorothy Wickenden. On today's Politics and More podcast, the New Yorker's Sue Halpern examines the security vulnerabilities that threaten America's electronic voting systems. She'll talk with the security expert Logan Lamm about how Russian agents may have infiltrated Georgia's voting, and with Susan Greenhalgh of the National Election Defense Coalition about why states may resist federal assistance in securing their election operations.

Sue Halpern

When we first began learning of Russian interference in the 2016 election, which seemed absolutely mind boggling at the time, something that just couldn't happen, it was often said that Russia had hacked the election. We quickly learned a more specific, more accurate way of putting it. Russia had influenced the election by manipulating political messages on Facebook and so on. But they hadn't exactly gone into election computer systems and altered the results. Not exactly. Now, if foreign agents could actually change the outcome of an election, that would be, and you can say this lightly, an existential threat to American democracy. But what we've learned since 2016 is if somebody really did want to hack the election, it wouldn't be impossible. Not at all. Sue Halperin has been writing for the New Yorker about election security, and what she's found should scare us all.

Interviewer/Host

Logan Lamb is a security researcher in Georgia.

Logan Lamb

I'm generally a curious guy. I enjoy the poking around part. I like to do that in my free time.

Interviewer/Host

In August 2016, at the height of the presidential election, we started poking around the Kennesaw State University's center for Election Systems, which ran all the elections in Georgia.

Logan Lamb

In the course of doing that, I did a very, very simple Google search, I said, for the site Elections Kennesaw. Eduardo Google, please give me all of the PDF documents on this website. And generally that turns up reports or public presentations. And this, this particular search didn't turn that up. Instead, I found a very curious link, and I was presented with a very long list of what appeared to be voter names and some sort of identifier next to their name. And I immediately thought, wow, that that seems a little strange.

Interviewer/Host

And then he crafted a simple program to download what was publicly accessible from the Georgia election website. And what he found in all of that data astonished him.

Logan Lamb

These documents contained supervisor passwords to be used on Election Day. There were also Windows programs that are placed on electronic poll books.

Interviewer/Host

You don't need to be a cybersecurity expert to know that supervisor passwords should absolutely not be sitting around online unprotected.

Logan Lamb

Immediately, I thought to myself, wow, this doesn't look like the sort of data they would purposefully put on this web server.

Interviewer/Host

In total, Lam downloaded 15 gigabytes worth of data from the center for Election Systems. This by itself would be a huge story, but on top of it, Lamm also found a security hole through which he could download the entire database of the state's 6.7 million registered voters.

Logan Lamb

I had access to their full name, their address, birth date, last four digits of their Social Security number, and their driver's license number. And there were also Jim's databases. And Jim's databases are used by the Jim server, which is the central tabulator, which does the final vote count.

Interviewer/Host

If Logan Lamb had been a bad guy, this would have been a bonanza.

Logan Lamb

The scariest scenario I can think of would be an attacker implanting malware on the programs that are placed on the electronic poll books or altering the voter registration databases to disenfranchise voters. An attacker could have compromised that web server and used it as a beachhead to get deeper into the center for Election Systems networks.

Interviewer/Host

This is right around the same time that the Georgia Secretary of State Brian Kemp rejected an offer from the Department of Homeland Security to help the state harden the election system to protect it from hackers because Kemp said that the system was secure the way it was and that the state didn't want any help from the federal government. It wasn't until March of 2017. So, seven months after Lamb's initial finding that the system was finally patched, then more information started to trickle out. The Intercept published the NSA report that had been hacked about Russian cyber attacks on election systems in the lead up to 2017. And later, the Mueller indictment found that the Russian hackers had looked for vulnerabilities to election servers in a number of states, including Georgia. Look, we have no idea if the Russians made alterations to Georgia's election systems in 2016, and if they did, we probably wouldn't know. But this is a critical moment. We know that foreign actors are interested in our election system just as we head into the midterms. A few months ago, the Director of National Intelligence said the warning lights are blinking red. Some states took this seriously, but others seem to have left themselves wide open.

Susan Greenhalgh

We're in a new world now. We understand the states need to run elections. That's their. Their authority. But they're not cybersecurity experts.

Interviewer/Host

Susan Greenhalgh is the policy director of the National Election Defense Coalition. So, you know, you and I met at defcon, where people were hacking lots of election machines left and right. So I wonder if you could just talk a little bit more about some of the problems in Georgia with their machinery and perhaps even elsewhere, since the same machines are used across the country.

Susan Greenhalgh

Sure. The machines used in Georgia are computerized touchscreen voting machines. Georgia is one of five states that entirely has machines that don't have a paper ballot. Then there's also other machines which count paper ballots. Those are also computers. And those machines can be hacked and have digital records changed within them. And that's why having the paper ballot is so crucial, because it's that link to what the voter got to see and say, that's how I voted. And to be sure that that's what's counted correctly.

Interviewer/Host

Election security folks on the ground and people who are the vendors of these machines insist that they're not really hackable because they're not connected to the Internet. And I wonder if you'd just explain why it is that there's this discrepancy in the explanation for the safety of these machines.

Susan Greenhalgh

While many of the machines that you and I might interact with on election day at our polling location, whether It's a touch screen voting machine or an optical scanner may not be connected to the Internet. It has to get programming information from another machine, which is essentially desktop or regular laptop computer. That program, here are the candidates, here are the races, here's how the ballot should lay out. That information has to go from that computer to the voting machine that's in the polling location by some sort of removable media. And it's well known that if the device that is doing the programming gets infected with malicious software, it can be transferred to the individual voting machines. But furthermore, there's another fact that debunks that assertion, which is that many of these machines that are in the polling location are equipped with wireless modems to transmit their election results back to the county headquarters on election night. And those wireless modems go over cellular networks, and those cellular networks are part of the Internet.

Interviewer/Host

We spend a lot of time talking about hacking voting machines or hacking vote tallies, but there's this new way of hacking an election, and it has to do with the new restrictive voter ID laws in states like Ohio, North Carolina and Georgia that purge voters from the voting rolls who haven't voted in previous elections or whose names don't precisely match the name on the voter registration database.

Susan Greenhalgh

Personally, this has been a concern for me because on election day in 2016, people were showing up to vote in Durham County, North Carolina, and their names weren't on the voter rolls or in Durham county they use electronic poll books and people were showing up and they were being told, you're at the wrong polling location or you've already voted during early voting, or you already voted absentee, or your name is in here or your address has been changed. The vendor for the electronic poll books was a vendor named VR Systems. Now, VR Systems had been targeted by a Russian intelligence spear phishing attack. And the State Board of Elections did their own investigation, as did the county. The county report has been made public. It wasn't very in depth. It didn't consider a cyber attack and concluded that it was poll worker error malfunctions. But I think that's an open question as to what happened in North Carolina on Election Day.

Interviewer/Host

We heard earlier in the year that $380 million was being released to the states for election security. Can you talk about that? Is that going to make a big difference in the midterms in 2020 at all?

Susan Greenhalgh

So there was $380 million was appropriated under the Help America Vote act from 2002. So there were no specific security strings put on it. You have to do this or you have to do that with the money. And a lot of states are using that money to good effect to try to bulk up their security profile. But it would be really useful to have some federal legislation to move the states to those remedies that we know are so essential to securing our elections.

Interviewer/Host

Are you worried about the kind of legitimacy of our election system and even broader than that, our democracy?

Susan Greenhalgh

I worry that people will try to undermine the credibility of it. And the best way to counter that is if we have systems that produce evidence of the election results, which is accomplished with paper ballots and doing a post election audit. There's a term for evidence based elections, and that's what we want to see, evidence based elections.

Interviewer/Host

So the Trump administration has made it clear that they're actively not interested in a legislative fix. And the midterms are just a few weeks away, so the states are basically on their own. And it's hard to imagine election officials actually having a line of defense against cyber attacks by Russian intelligence agents or other malicious actors. But if we don't do something about this as a country, we're putting our democracy at risk.

Dorothy Wickenden

That was Sue Halpern.

Sue Halpern

Hi, this is David Remnick. We've just launched a new project that I want to tell you about, the New Yorker's Midterms 2018 newsletter. Every week, our writers and editors will check in from the campaign trail to tell you exactly what's happening across the country and why it matters. The newsletter is only running through the November midterm elections, so sign up now@newyorker.com midtermsnewsletter that's newyorker.com midtermsNewsletter.

Katie Drummond and Michael Calory

I'm Katie Drummond. I'm Wired's global editorial director. I'm Michael Colory, Wired's director of consumer Tech and Culture.

Susan Greenhalgh

And I'm Lauren Good. I'm a senior correspondent at Wired. And our show, Uncanny Valley is about the people, power and influence of Silicon Valley.

Katie Drummond and Michael Calory

And right now, Silicon Valley and Washington have never been more intertwined. So each week we get together to talk about a big story, often at the intersection of tech and politics. Right. So whether we're talking about Trump, Coin, Doge, or Elon Musk, we will always explain how these Silicon Valley forces are affecting Washington and how they affect you. Make sure you're following Uncanny Valley in your podcast app of choice so you don't miss an episode.

Interviewer/Host

From prx.