Get in touch with technology with tech Stuff from how stuff works dot com. Hey there, and welcome to Tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer at how Stuff Works in a love all things tech usually, but today we're gonna talk about a type of technology that can have either positive or negative effect depending upon how it's implemented. And joining me today is someone that, uh, I'm really excited could join us on the show. I'm talking about Bob Sullivan, a founding member of MSNBC, the guy behind Bob Sullivan dot net ak the Red Tape Chronicles. He's also a co host on a show called The Breach. It's All about Data Breaches. Season one, which is phenomenal, is all about the massive data breach that happened with Yahoo with three billion accounts exposed as a result of that data breach. And now they're gearing up. Season two is starting, and you're here to talk to us about voting machines, elect and and elections and how technology intersects with that and how that how that can be somewhat terrifying in some ways. Welcome to the show, Bob, Sure, thanks for having me. Really important topic, right now, so I'm glad we're talking about it. Yeah, me too. And for interest of full disclosure, I live in the state of Georgia here in the United States, and Georgia is a state that adopted touchscreen electronic voting machines very early, back in two thousand two, I think is when we started, and it's statewide here at Georgia and UH we we have a lot of things that I hesitate to use the word distinguish, but really kind of highlight some of the shoes I have with UH direct recording devices like this, the biggest one being that in Georgia, there's no associated paper trail with any of the voting record, So when a voter goes in and casts his or her ballot, there's no paper receipt where they can check that the results showing up on screen are reflected on paper, and therefore there's no real way to do a full audit afterward. And I think best case scenario, and Bob you can, I want to hear your input as well, but best case scenario for me is that even assuming there's no hanky panky going on, there's no interference in the election process. It it hurts the the appearance of the democratic process because it inserts the concept of doubt without being able to audit those results and say yes, in fact, the votes that were cast are the votes that were recorded. What what's your point of view on that particular topic. Well, that's the most important point at all. You've started at the punch line, which is fine. Um. Vote hacking is a complicated subject. In Georgia, you're very intimate with it at the moment, but all around the country there are Um, it's not just the machines, there's a whole life cycle of how your vote might be hacked or um suede or made to disappear. There's lots of different ways that votes can be manipulated. But something that's just the most fundamental thing about voting and about democracy is that when the election is over and the results are posted, that the losers believe in the legitimacy of the election. And when they don't, that creates a tremendous governance problem. So faith in the institution of voting itself is fundamental to America. And faith isn't an on off switch. And we're seeing this right now in lots of different ways, right, Um, But whether or not people believe in the integrity of the voting process itself. We'll say a lot about how we're governed. And in Georgia you mentioned paper. Um, the irony here we are on a tech podcast and we're talking about the latest and greatest technology, and we're here in the country with the latest and greatest entrepreneurs and the latest and greatest inventions, and anyone you talked to in the the voting hacking space will tell you the most important thing is paper. So we're going backwards here in some ways, but it all comes down to paper because there has to be some way to audit a vote afterwards. And if there's not, then you have a black box and people are walking up to it and touching a screen and you just trust that is going to work. And anybody who works in the technology world, we we're just having this conversation before we started this podcast. Tech often breaks everybody. Who's I mean, in the simplest example, how many times have you walked up to an a t M and tried to get forty dollars out of the machine and you accidentally hit the sixty button. Happens all the time. That's that can be a calibration thing. It can even be an angle thing. So that's just one of you know, fifty ways that things can go wrong just on the one kind of voting machine that we started talking about. So this is a big, rich topic. But legitimacy is the most important thing. And it's it's interesting that you bring up the A t M example because obviously there was the the it became somewhat infamous in text circles. But die Bald, the company that makes a lot of A t M s for a long time, was in the business of making these voting machines for various places, and uh in two thousand and four it was a huge story. The CEO of Diebald, Walden w Adell, had written a letter to various wealthy acquaintances he had in and a fundraising effort for the Republican Party and said that he was looking forward to delivering the electoral votes to get the president back into office. And a lot of people said, well, whether he intended it to be we're going to make sure this happens versus I want to, you know, support this candidate I believe in is kind of beside the point, because again, it brought that doubt into the democratic process. If if people point to him and say, but you make the machines that count the votes, and you say you plan on delivering these votes to a specific candidate, that kind of has a very dangerous implication in it. And as you say it's this, it's you already have this level of this hurdle that you have to overcome when you're designing any kind of system for voting. To make sure that the process is as straightforward and as difficult to mess up on the users side as possible. The whole keep it simple, stupid kind of approach really would be a huge benefit when you're designing any sort of voting system. Two give confidence to the voter that whatever choices they want to make are actually reflected in the votes that they're casting. And uh, as you say, with a T M S, it's easy enough to make a mistake. Those same companies are designing some of these electronic voting systems. And anyone who's worked with engineers for a long time understands that engineers are very good at building systems that make sense to engineers. Sometimes they build systems that are not so transparent to the end user. Sure, and the other thing that engineers, um some engineers do is they like to keep their code to themselves. So another problem with Dibuld and another voting machine companies has been, okay, so you have this who knows what he meant, I'm going to deliver the votes that. You can hear that in an innocent way. You can hear that in a suspicious way. But then when in this computer security world, what often happens is if you want to prove that you're a very secure piece of software, you offer it up to the open source community and let it let it be reviewed, and you submit yourself to vulnerability testing. You even vulnerability bounties and the voting machine industry in general has been very late to this entire process of of inviting hackers in and helping them, letting the hackers help them secure their machines. For the most part, the entire sort of voting complex has been very defensive about this process. And that's another reason for another layer of suspicion. So there's there's that black box behind what's going on in these voting machines. Until fairly recently, it was for the most part illegal to tinker with voting machine software because of Digital Rights management rules. UM, the Library of Congress recently changed rules, and that's why we're seeing and been hearing so much more about machine hacking because they've temporarily temporarily created this research window whereby hackers can actually buy machines if they can buy them on eBay or whatnot, and then try to hack them. And that's why you might recall that in the summer at the big Las Vegas Hacker Convention def Con, they had something called the Voting Village and last year was the first time. This member was the second time they did it, all because of this Library of Congress ruling. They bought a bunch of machines, They invited a bunch of packers into the room, and they said go to town. And of course the results were probably what you are are guessing. Lots of these machines are hackable. UM. I want to take one step back, though. You mentioned that your machines are from two thousand two, and that's not an accident, that's on purpose. UM. All of the country, all over the country are these fifteen year old voting machines that are essentially the byproduct of something called the Help America Vote Act and that was the result of the Bush v. Gore uh controversy in the year two thousand. Remember the hanging chads and people staring at screens all the time, and America at that point said, oh, we have to update our voting technology. Why are we using this nineteen seventies era machines with these big levers in these punch cards that you know, are like from an IBM basement computer. In the fifties, so the federal government made a bunch of money available for localities, for states and counties to buy new voting machines, and so there was a gold rush. Everybody went to buy what was then the latest technology, which looked something like an a t M machine. Um. But the problem is, and I think this is the point I'd really like to stress more than any the federal government can't tell jurisdictions how to collect votes. And there are something like ten thousand different entities all across America and overseas that can collect votes in America, ten thousand, and all of them decide on their own what kind of machine, what kind of procedures they're going to use. So anybody who's ever moved and gone to vote realizes, wait, this process is totally different from the last process that I used. Now, think about how how hard it is for a billion dollar company to secure its systems. And now I want you to think about ten thousand voting jurisdictions, all of whom need to have some cybersecurity expert connected to their process. There aren't ten thousand qualified people in the world period to do that, let alone that these jurisdictions have the money to pay for that. So it's a very very tricky problem, and we're only to beginning to come scratch the surface of how we fix it. Yes, and in the United States it is incredibly complicated. I mean in Georgia, for the longest time, the the responsibility of getting the infrastructure in place to even cast votes was left up to the county level. It was only later that it became a state level thing, which was largely to install these these electronic voting machines. We've obviously, again not to harangue my home state, but we've also had a recent controversy about the the the the central server for a counting up the votes and whether or not it was the target of Russian hackers a few years ago, and the story unfolded that the main server that was being tested was over in Kinnesaw State University, was part of the overall system that was in charge of tabulating all these votes up run by Center for Election Systems here in Georgia. And there was a lawsuit that was brought together to get more access to this technology to understand what potential vulnerabilities there might be, whether or not any hackers had actually managed to penetrate that, And then the word got out that the server had been wiped, and then a month later the backup servers had been wiped, which, again, even if nothing bad happened, casts doubt on legitimacy. And it is you some could argue a method of voter suppression, it ends up demoralizing the voting base. Uh. And it is incredibly complicated, and not just from it. This is a psychology thing, not just a technology thing. And it does not help that we know that Russian hackers were targeting various election systems, or at least probing election systems throughout the United States and two thousand you know, fourteen fifteen through two thousand sixteen, right right, I think this is a really important point, and we're racing out a mini version of the Breach podcast to deal with this, and and I actually would just like to stress one thing. Of course, when you think about voting hacking, you think about somebody switching a vote in a machine. I've voted for Bush, the machine thinks score and and so on. But but voting hacking, air quotes hacking actually has a much much wider life cycle than that, And it begins all the way with you already suggested it with voter suppression, with you deciding you're going to vote or not and who you're going to vote for, so that process can be hacked. And again we have evidence of this from that outsidentities can can create false news stories that say the the Pope has endorsed Donald Trump, for example, or one of a thousand other fake news stories that that you utilize this propaganda too, is to do one of two things. Either confuse the electorate or depress the electric so people don't bother to vote or don't bother to register. That's only one step. The next step is you actually register, and how does that happen, How does the registration process take place, and whether or not the information is lost or somehow manipulated. When you register on online or or over paper, and then that registration stays in a computer somewhere, and as long as it's in a computer, something bad can happen to it, right and magically, when you the day you show up to vote, there has to be a way that the person sitting across the table from you can verify that you're entitled to vote where you are. Um that used to be done with paper. A lot of these states now use something called e poll books. They're usually iPads, and on the fly, those poll books are downloading voter registration data to make sure that Bob Sullivan really lives in this voting precinct and belongs there. Um that the information gets there, sometimes wirelessly, sometimes over over an old network, But that's another opportunity where the information could be altered and and from the file of voter suppression. Imagine if they either erase it or just move it, move you to another district. So you show up to vote, and this happens all the time without hacking. You shop to vote and the person says, no, no, no no, you're not registered in this district. You have to vote over there, and maybe over there is an hour away, and maybe your lunch hour is gone, and now you're not voting. So a lot of times we think about vote hacking is somebody switching a million votes for some candidate, But it can happen in these smaller ways too. So and then after you vote on the machine, the machine has to tabulate, so maybe it registers the vote correctly, but the tabulation is done wrong. After that local machine tabulates and all the precinct votes are added up using some process. And then I think this is the trickiest part. All those results have to be transmitted eventually to the Secretary of State's office. Sometimes it's a sneaker net. Somebody puts a memory card in our pocket and drives it across the state. More often than not, now it's it's wirelessly transmitted over a mobile network or whatnot, And those are opportunities for hacking. And then just to put one more thought in your head, because this is something that has happened. The Russian government has done this in other nations. Let's say everything goes smoothly, everything is on the up and up, no hacking anywhere, but the moment the results come out, the secretary of State's website is hacked. So for just an instant, the results are the wrong results, and then they're switched back. The Secretary of State figures out all that's that's a mistake. Now all the people who lost are going to have screenshots of this hacked page that's say they want, And once again you can create domat in flament doubt and uncertainty and illegitimacy an election, not by doing any of this other sci fi stuff we're talking about, but simply one website hack. So protecting the vote requires you to protect every single one of these stages, and it's a mammoth task. Guys, Mr Sullivan and I continued our conversation about data secure and elections, but before we get into that, let's take a quick break to thank our sponsor. I'm so glad that I have you on here too, because it also it reinforces this idea that I have said in previous episodes when it comes to talking about hacking, because we all have the image in our heads of the Hollywood version of hacking, where it's the the either the super too cool for you person or the incredibly nerdy person sitting down at a computer terminal, typing in and on the third attempt gets through the password and then you see a bunch of meaningless characters on the screen and they say whoa or something along those lines, which is not at all, not at all close to reality. One of the biggest tools in any hackers toolbox, and it's one that you've you've mentioned, is social engineering. This idea of manipulating people to get what you want, which doesn't even involve you necessarily having contact with a device. It is an age old trick of hackers because it's it goes all the way back to confidence. Man. I mean, this is something that has been around for ages. If you know how people think, and you know what people react to, and you leverage that, you can get what you want. And it may only involve very light technology and the sense of hacking that one website that's enough to to really put things into a turmoil. Uh, it doesn't require having physical access to these voting machines. I see that often people pointing that out, that a lot of these machines would require someone to get physical access and that the likelihood of that is very low. And again all of that may very well be true, but ultimately, if the perception that it's possible these machines have been uh tam bread with is enough to cause problems. It's kind of a moot point, so uh. I've also seen one of the first articles I ever worked on when I was hired by how Stuff Works, was about electronic voting machines, and there was a section that they wanted me to do about the concept of casting votes over the internet, because the idea of giving accessibility, widespread accessibility, improving that maybe maybe improving the number of people who actually participate in the voting process. Things like that are very important and it's you can't just dismiss them. However, I'm curious what you think. Is there a is there a way do you think of implementing such a system that would be secure, or at least not just secure, but appear secure enough that people would have faith in it, or do you think that that's a non starter. I'm gonna give you two answers that are a bit contradictory. Um I I'm one who believes that the integrity of the voting process visa v hacking is incredibly important. That's in my cybrus curty friends are going to take out their pose and arrows on me right now, but that's probably third or fourth on the list of things that are wrong with American elections. You know, things like jerrymandering and just voter disinterest are even bigger. In fact, one of the conclusions not to give away the punch line to my podcast, but my conclusion at the end of it is the thing that makes America's voting system the most vulnerable, Like our biggest vulnerability in our voting process is the disinterest of our voters, who you know, half the people don't vote even for presidential campaigns, and that creates this massive opening that makes it easy for a hacker. Again, who wouldn't have to change a million votes, that could just change thirty votes in Wisconsin and Pennsylvania and Ohio and tip an election. Right. So so it's on us to participate. And as a result of that, you know, I am one, I am interested in internet voting somewhere along the line because it would increase increased participate. Patian Um, all of the cybersecurity people who respected me thirty seconds ago don't respect me anymore. All of them, in one voice would say to you know, what we need is paper and we never need internet voting. That that they're all terrified of internet voting and just really don't think that there's a way to make it secure. And they they do know, at least from the security standpoint, even better than I do. Like all the reporting says, we're nowhere near that there are. There are very limited examples even in the US of people voting over the internet. Soldiers at sea sometimes can do it overseas um, but there's a critical difference there in that they surrender their right to anonymity um and just to uh throw another concept to you and your listeners. One of the reasons this is also difficult is because we have to secure these votes but at the same time preserve the anonymity of the voter. The secret ballot box is an important part of our process and an important part of democracy, and as a result of the fact that vote is a secret, it's very hard to authenticate the vote and not identify the voter, so they do. The exception that's made for overseas voting over the internet is the soldier will actually allow for a verification of the vote that's outside of the someone someone will call or otherwise contact the voter and verify the vote itself. So there's a process for that, but in general, um, the fact that there is no real positive way to identify a person on the internet. We see this every day with spam mail and everything else. The mix of that lack of real authentication with with voting is just a toxic combination that seems like a really hard problem to solve. Well and and again that has become the a central point in in things like voter suppression, where that ends up being the the defense of those who would use more and more restrictive means of verifying of a ter's identity before allowing them to vote because of the perceived fear of people misrepresenting themselves and casting what would amount to a false vote. Uh. That that's a very popular narrative I've seen that doesn't seem to have that much evidence to support the fear, right. It's it's one of those things where it says, well, you know, we have to have these systems in place, otherwise we're going to have fraudulent votes, and apart from some small stories that you'll hear that end up being exaggerated a great deal, you know, like dead people in Chicago casting votes for the mayor, kind of thing. You don't really see it, but it ends up becoming the central argument for putting systems into place that effectively tell people, uh that their vote isn't welcome. And I certainly have a lot of empathy for people who maybe it's not that they're disinterested in voting necessarily, but it's more that they've been actively discouraged from participating in the process. And you couple that with anyone who has this sensation that perhaps their vote wouldn't even count in the first place, you can definitely see why there are some real problems. Um. I've seen a lot of people argue for things like a mandated voter registration, maybe go in Australia's direction and have mandated voting as well. I've also seen people who who don't necessarily have a solution in mind, but they say we need to make voting as easy for elections as it is to vote for American Idol. That that's like a common meme on the internet as well. And I don't I don't necessarily disagree with any of that. I think encouraging participation is really is really key. As you point out, the more people who are participates who participate, the harder it would be to really skew the outcome for one thing. Uh, it would be much more noticeable if any one word, to try and skew an outcome where you've got a very large participation unless things are just you know, super close all the way down the line among the entire population of whatever region it is that's holding the election. Uh. What do you think is a solution or perhaps the best way to move forward given all these different problems, not just the technological ones but the psychological ones. Sure well, the solution a lot of folks agree on is actually not in more technology. Um. You love technology, Evan writing about technology for twenty years, But I think all of us have a really bad habit of thinking whenever there's a problem that more technology is going to take care of it, it's a silver bullet somehow, Like a better voting machine is not going to take care of this. Um, there's a bunch of solutions, but the most important solution is the auditing of elections themselves. So, um, there has to be some sort of process s that's automatic after every election where we figure out whether or not the votes that were cast are actually the votes that were counted, and we're presented to us later. And now I'm going to tell you why that hasn't happened yet, even though pretty much everybody agrees on the election. And I'm going to draw on my first five years as a I was a reporter in small town newspapers in New Jersey, covering school boards and planning boards in the city council and mayor and all that, and elections of course, local elections. And when you're running from mayor of Pompton Planes, you know, the vote is five hundred to four every time, and the loser always demands a recount. What does the winner say when the loser demands a recount? This has happened over over in American history. Winners never want to recount. Only bad things can happen if you're a winner and there's a recount. So the people have spoken, that's it. Yeah, And because you know what, there's a there's a chance that you might lose the recount, so stop the recount. Um and Audit sounds a lot like recounts to people. So in general, here's what happens. Some election, however legitimate or not legitimate, it is again, it's it's not like a yes or no it's more of a scale of one to ten. Thing. Some election occurs, some group of people win, and that group of people has no interest whatsoever in changing whatever it was before that had them win. So if you were to implement a new process like they do, they do these sample audits. They're called risk limiting audits, and this is generally agreed to be the best way to approach this. You take a sample of the ballots that's very carefully picked, and you make sure that the results match the published results, and that's just away with like a confidence level that you see if the election was manipulated or not. The winners never want to do this because again, if you're in office now, why would you want to do something that might raise the possibility of somebody saying, oh, no, you didn't win. So it's very very hard to get get elected officials to spend the money and the focus on this problem. And then the other problem is attention span. We care about this because it's two weeks before an election in December. We'll stop talking about election security until two years from now when we talk about it again. This is a cycle that we've been through over and over again. I'm hoping because of what happened in and all the Russian news that's in the year. There might be a little more staying power this time around, but it's a very hard problem to attack. It's certainly again in my home state, it's it's front and center, in no small part because we have a governor's race this election in which one of the two candidates is the current Secretary of State, which has raised all sorts of interesting questions about processes and technologies and motivations for not changing systems even after these various controversies have happened. Uh, it almost always comes down to cost, which is I mean, that's a legitimate factor. It's you can't just wave your hand away at that, but it also becomes a very convenient one. Uh. And so again it ends up having that effect of potentially demoralizing people who otherwise would come out and perhaps support an opponent. But it's very much in front of us here in Georgia. But obviously there are other areas across the United States that have maybe not a similar situation, but just as passionate a discussion about these processes as in my home state. UM, I really appreciate you coming on my show and talking about this. I'm very much looking forward to your episode of The Breach. Season one was phenomenal, going over in great detail the Yahoo hack. If you guys out there haven't listened to the Breach, please go and do that because you're going to learn a lot. Uh. The episodes are informative and they go into great detail, and it really stresses how incredibly complicated and important and potentially scary information secure already really is. And uh, it's nice to have a journalist on to talk about this, someone who investigates this sort of stuff. I've had hackers on before. They have a very interesting philosophy and attitude that I sometimes cannot resolve. So fair enough, Yeah, I feel like I would like to if I could just throw one quick thing out to you. Though, all the election security people stressed this to me, however pessimistic they are about the state of affairs today, they all are very convinced it can be fixed and that there is a solution that that with enough energy and will, we can overcome and we can straighten on our voting process. Voting is a very very limited specific task as opposed to saying something like banking, and it can be secured and so one of the messages I don't want to leave people with is the vote can be hacked. I don't bother voting quite the opposite, right right, It's it's this is something we can fix, and it's it's it's very important that we do it, and that all it really, ultimately, all it really takes is the willpower and the support for it to go forward. And and I certainly think that we're getting into a a climate where that's going to become more and more of an issue, where there's just gonna be a demand for that. I mean, it's it cannot stand to continue, Um, as long as there is this doubt in the process. It's it's so fundamental to who we are as a nation. In order for that too, uh, it has to be addressed on a very real level and not just given lip service. I actually am fairly optimistic about this, and um, I think that maybe in the short term it may not be the smoothest ride, but I think we are going to see a lot more advocacy and movement on this front. So I have high hopes and I do look forward to hearing that episode of the Breach once it publishes. I believe it's coming out November five. Yeah, maybe a couple of days sooner than that, but right before the election. Just excellent to get your stirred up. All right, well, I look forward to hearing that. Bob, thank you so much for joining our show. Thanks for having me. I have a bit more to say about the technology of voting, so stick around, but first let's take a quick break to thank our sponsor again. I want to thank Bob Sullivan for joining us on the show and his insight into the dangers of hacking and voting. We realize, of course that you know, just the appearance of that danger is enough to influence people because we we are human beings, were affected by our emotions, and if you introduce the thought that perhaps the system is broken, that has real consequences. But before I go, I wanted to give a quick rundown, sort of a uh an overview of the advance of technology when it comes to voting and how that has changed over the years. The mechanical lever machines that have been used in voting first debuted back in eighteen eighty nine. They were patented by a guy named Jacob H. Myers, and the technology actually became known as the Myers Automatic Booth. The first time it would actually be used in an election was eighteen ninety two in Lockport, New York, and then you started to see other lever based voting machines arise in the decades following. Optical scans wouldn't be a thing until nineteen sixty two. The first optical scan voting ballot was used in Karn's City, California. This would be the sort of scans that you would see in in something like an s a t in a way where you've got or a standardized test where you have to fill in bubbles. The idea being that you're using a ballot and you're using a system that relies upon light to read that ballot and to detect which votes have been cast and then record them. Uh. Then the next moment in tech comes from my hometown in Atlanta, Georgia. We have lots of counties that make up the metro Atlanta area, but the two main ones are Fulton into cab for the heart of the city. Those were the first two counties in the United States to use punch cards with computer tally machines. That was in nineteen sixty four. The following year, Joseph P. Harris and William ruverall patented the votomatic punch card system. That was a system where you would actually have two things to to reference. You had your ballot, but you also had to have a little booklet that told you which numbers on the ballot would correspond with which candidates in the election. So you might say Choice one represents one candidate, Choice to represents another candidate. You look at the ballot. The ballot would not have the names of the candidates on there, just the numbers, and you would punch the corresponding numbers out. This was considered to actually be a superior system in the that the computer tally machines could handle these sort of ballots much more easily than earlier ones. However, you could imagine that that also introduced a bit of a barrier for people who are trying to use the system to make sure that the number that they are punching out actually corresponds with the choice they wanted to make. In ninety four, a group of inventors got a patent for a system they called video Voter, which was a direct recording electronic voting machine or d R e UH This was likely the first design of a d r E that was used in a real election. It was first used in nineteen seventy five and a couple of Illinois locations, all in the United States, would conduct a study and would issue a report that had the title Effective Use of Computing Technology and Vote Tallying. And in that report they investigated concepts like security, UH system functionality, system design, and also the ability to audit systems, which if you were listening to Mr Sullivan you realize is a very very important part of the process in order for people to have confidence that the system works. The r F Shoop or Shop Corporation I actually don't know how to pronounce it, s h o u P would produce the Shoop or Shop Tronic elect ironic voting machine. I say elect that way because the elect and electronic is all in capital letters. It was a push button d r E voting machine, so not a touch screen but a push button machine, but it was electronic. It was the first to achieve real commercial success. In another report comes out. This one's called at Your See Integrity and Security and Computerized Vote Tallying was written by Roy Saltman, and it warned that punch cards with pre scored sections. You know, a punch card that sort of has a little perforated areas for you to punch out. Uh, could be unreliable and that would come into sharp focus in the wake of the two thousand US presidential election. You heard Mr Sullivan reference that with the hanging Chad's that's what that refers to. In the Federal Election Commission released the first set of standards for computer based voting. This was called Performance and Test Standards for Punch Card mark Sense and Direct Recording Electronic Voting Systems. Marks Sense, by the way, referred to U an optical scanning technology, and those standards would receive updates in two thousand two with the Help America Vote Act. In nineteen six the Reformed Party was able to vote in their presidential primary over the internet. This was, you know, a small third party, small in comparison to other parties, and but it did show someone trying to make use of the Internet as a tool for elections. But again just a just a primary, not a an actual election election. In two thousand three, there was a group of computer scientists who would release a report after analyzing a specific model of a d R e voting machine and finding vulnerabilities that could potentially be exploited. So at least as early as two thousand three, you had concerned data security experts raising this possibility. Uh In in two thousand four, we had that moment where the CEO of die Bald wrote that letter that again raised more doubt about the system. UH. Die Bald would get out of the voting machine business in two thousand nine. They sold off their division to a company called Election Systems and Software, Incorporated, which today controls more than so many five percent of the voting machine market in the United States. Kevin Shelley, the Secretary of State of California, would ban touchscreen electronic voting machines in four counties in California and de certify all existing systems pending security improvements. This also happened in two thousand four. That same year, Nevada would pass a mandate that would require all electronic voting machines used in federal elections to produce a paper audit trail um, something again that Mr Sullivan argued. Two thousand four, a company called Unileect got into some trouble. They manufactured some voting machines that were used at Carteret County in North Carolina, and according to the company, each voting machine could store up to ten thousand five d votes, but in fact they could only store three thousand five votes, and worse than that, they appeared to accept votes beyond three thousand and five, but those weren't actually recorded, so the machine did not give any indication that its memory was full, and ultimately four thousand, four hundred thirty eight votes were lost, and when you think about it, that means that more than half of all votes were lost. Only only less than half in that voting precinct were recorded, and that's pretty terrible. Two thousand five, a company called black Box Voting would set up a mock election in Florida and to security experts were invited to try and hack the voting machine system that they were using, and they were able to change the outcome of this mock election and leave no trace of their presence behind, and it demonstrated how some systems can be vulnerable. The same company would demonstrate the following year how some systems have backdoor vulnerabilities which can be exploited and software can be injected to activate months or years later to alter election results. So if you were able to get access to these machines half a year or a year before an election, then you could actually make the alterations, and in the time span in between, when security starts to increase the elections are coming up, no knows that the machine has already been compromised. In two thousand six, Dr Edward Felton showed that if you really know what you're doing, you could install malware on a Diebold electronic voting machine in less than a minute. Now, you had to have physical access to the machine, so that does make it more challenging. You do have to get that access. But if you knew what you were doing and you had the physical access, in less than sixty seconds, you could put malware that would alter votes, could steal votes from one candidate, give it to another, and it could also act as a virus and spread to other machines if they were sharing a network. So pretty nasty stuff. In two thousand seven, the Ohio Secretary of State Jennifer L. Brunner would authorize a study of these direct electronic voting systems in Ohio, and the report would conclude that none of the computer based systems in that state met security standards and all were susceptible to breaches. In two thousand eleven, Argon National Laboratory security experts would demonstrate that they could hack a d r E machine via remote control, but that hack, again would require getting physical access to the machine. You had to install a component in the machine. Once the component was in there and connected to the system, then you could access the system from up to half a mile away and change things around using a remote control. In June two thousand seventeen, that's when the first hackathon at Defcon really focused on on voter machines, and according to the story I was reading, a Danish hacker was able to compromise one of the machines that were there for the hackers to work on while the presenters were still introducing the event, so they hadn't even concluded their introductory comments when one of the hackers had already managed to compromise one of the machines. By the end of the day, the various hackers had discovered and exploited eighteen new vulnerabilities in various e voting and epole book systems. So this is obviously a matter of major concern, and the Russian hacking scandal has done nothing but make that even more apparent. And UH, the Department of Homeland Security initially stated that twenty one different states voting systems were targeted by Russian hackers in two thousand sixteen. UH. Georgia was not among them in that report, according to the Secretary of State. But then the investigation that Robert Mueller conducts is conducting in the in Russian hacking. It included the indictment of twelve Russian military officers that were connected to election tampering allegations, and that indictment revealed that the charges included probing attacks on county websites in Georgia, thus showing that perhaps Georgia did not get away scott free during that election and that was possibly targeted. This is what led to that investigation revolving around the server in Georgia that may have been targeted and tampered with, but then was subsequently wiped and then the backups were also wiped. UH. And there's a whole scandal about that. I'm not going to go into that because I know you guys have heard way too much about Georgia and a show that's just about technology in general. I want to leave off with echoing something that Mr Sullivan said, which is that this process is incredibly important. And while there are real problems here, challenges that we need to overcome, they are totally solvable problems. These are not insurmountable. There's the things that are standing in our way are willpower and money. So we have to have legislations that are are willing to budget the money necessary to put the proper systems in place. We need to have the willpower to make sure that those are done responsibly and that no one is being told not to vote, that we aren't suppressing anyone's vote. And that goes for any political side. It doesn't matter to me whether you share my personal political philosophy or not. What matters to me is that you are able to express that in the manner of voting, and that you are not, you know, kept from that activity, that you are able to participate fully in the democratic process. That to me is the most important part. And uh, and I'm well, if it comes out where the political philosophy I believe in is on the losing side, if the election appears to be completely legitimate, and that's the will power that you know, it's the will of the people, and I just happen to be on the losing side. I can reconcile that a lot more easily than I can thinking I'll never know if the system reflects what the people really wanted, or if the system failed us because of either inherent vulnerabilities in that system or the perception of those vulnerabilities. And uh, it's a complicated thing. But again, I want to thank Mr Sullivan for joining the podcast and sharing his expertise and his thoughts on the matter. I recommend you check out the Breach podcast. I think you will really enjoy it. If you, guys have suggestions for future episodes of tech Stuff, you should send me an email. The addresses tech Stuff at how stuff works dot com, or you can drop me a line on Facebook or Twitter. The handle at both of those is text Stuff hs W. You can go over to our merchandsise store that's at t public dot com slash tech Stuff. Check that out. Don't forget to follow us on Instagram and help talk to you again really soon for more on this and thousands of other topics. Because it how stuff works dot com. Eight