Eric Geller for Politico:
At the heart of this election security standoff is an acrimonious relationship between the researchers who analyze voting systems for digital flaws and the vendors trying to preserve their profits and reputations in a small, difficult market. It’s a battle that goes back at least to the early 2000s, when counties and states were replacing their antiquated punch-card voting machines after Florida’s Bush v. Gore debacle.
Many states ended up adopting paperless, touchscreen machines, which are still used in some states such as Pennsylvania.
In 2006, a team of security researchers published a report saying that touchscreen voting machines made by the notably litigious vendor Diebold were vulnerable to “extremely serious attacks.” The researchers were so afraid of being sued by Diebold — now a subsidiary of the voting technology behemoth Dominion — that they broke with longstanding practice and didn’t tell the company about their findings before publishing.
The team was “afraid that [Diebold] would try to stop us from speaking publicly about the problems,” said J. Alex Halderman, a University of Michigan computer science professor who was one of the report’s authors.
When California and Ohio ordered voting technology vendors to comply with independent reviews in 2007, getting access to important data was “like pulling teeth,” said Matthew Blaze, a computer science professor at the University of Pennsylvania who worked on both reports and has since analyzed many voting systems.
In the end, researchers found “laughable” flaws in the machines, said Joe Hall, the chief technologist with the digital privacy advocate Center for Democracy & Technology, who participated in the Ohio review. “They made us jump through all these hoops for stuff that was just fundamentally insecure and fundamentally low-quality design.”