Last-minute changes to proposed federal standards for new voting machines could expose the equipment to cyberattacks, according to some members of Congress and security professionals.
The Election Assistance Commission, slated to authorize new voting system guidelines on Feb. 10, amended key sections of a 328-page document less than two weeks before the decision. The amended language of the Voluntary Voting System Guidelines 2.0 would allow next generation voting machines to include components capable of wireless communications, as long as they’re disabled. The changes were made even though the EAC’s technical advisory committee recommended an outright wireless ban.
Cybersecurity experts, some of the EAC’s own advisers and members of Congress are calling for the agency’s four commissioners to vote on a version of the document finalized in July 2020 which included the prohibition on wireless capability. In a letter reviewed by Bloomberg, a bipartisan coalition of more than 20 members of Congress led by Representative Bill Foster told the EAC’s Chairman Ben Hovland that the current version would “diminish confidence in both the federal voting system certification program and the security of our election systems.”
“We cannot sanction the use of online networking capabilities when they carry the very real and increased risk of cyber-attacks, at scale, on our voting machines,” reads the letter….
Meanwhile, others are asking the EAC to explain why changes to a document 15 years in the making were made less than two weeks before the scheduled vote.
“The issue here is the EAC made changes to some of the most commented-on sections of the standard without clearly explaining who made the change, why the change was made and that’s inviting a lot of questions,” said Matt Masterson a former EAC commissioner, referring to some of the 50,000 public comments submitted to the EAC in 2020.
Masterson said there’s no reason to believe the late amendments were born out of malfeasance. “There is an opportunity here for further transparency by the commission which I hope they provide,” said Masterson, former election security lead at the Cybersecurity & Infrastructure Security Agency, part of the Department of Homeland Security.