By Joseph Menn
SAN FRANCISCO (Reuters) – In a reversal from a few years ago, many officials who oversee U.S. election technology and outside security experts now worry less about hacking in the November elections than about misinformation and logistics such as a shortage of poll workers and slowdowns at the U.S. postal service.
Though most computerized voting systems can be hacked, some undetectably, more states have moved away from paperless balloting and more vendors are listening to warnings about software flaws, longtime specialists told the annual Black Hat and Def Con security conferences this week.
“We finally know how to do this well,” Georgetown University professor Matt Blaze said in a keynote at Black Hat, held online this year because of the pandemic.
In addition, the sheer number of jurisdictions and varied versions of software would make fraud with a national impact impractical, officials said.
On Friday, the U.S. head of counterintelligence, William Evanina, said publicly that while Russia, China and Iran might all act to interfere in the election, substantial vote changes were a low risk.
U.S. Senator Ron Wyden, an Oregon Democrat who sits on the intelligence committee, said at Def Con he remained concerned about electronic pollbooks that could malfunction and internet voting by armed forces overseas.
But Blaze and others said they were mainly worried that many localities do not have enough funding for election-day workers to handle in-person votes under pandemic conditions, with possible protests and disruptions, at the same time as they plan for a record number of mailed ballots.
Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, said people should vote as early as possible and prepare for delayed election results.
Any delay is likely to be fertile ground for misinformation both foreign and domestic, others warned.
A Def Con panel including Kimber Dowsett, director of security engineering at Truss, said instead of flagging new voting machine flaws to an already cynical public, researchers should talk to Krebs’ agency and the vendors and hope for the best.
“The biggest disservice we can do to the American people as security professionals is convince them that their votes don’t count,” said Dowsett.
(Reporting by Joseph Menn; Editing by Greg Mitchell and Sonya Hepinstall)