Nightmare at 1600: how an IT outage could determine the US election How an IT outage could determine the US election

Forget state-sponsored hackers, the biggest threat that Americans could face when they head to the polls in November will be staring them right in the face: the terribly outdated voting systems crisscrossing the nation

An IT outage could determine the Presidential election

A recent study by the University of Chicago sought to list the top reasons for IT failure – and discovered that the most common reason for outages is “unknown”- meaning that IT staff had no idea why their systems broke down.At a bank, that would be totally unacceptable; in an election, especially as fraught as this one, “unknown” factors that call into question the votes of thousands, or millions, could lead to civil disorder, or worse

 

With at least one candidate for president making the case for a “rigged” presidential election – rigged against him, that is – a major theme of his campaign, you can bet that there will be a great deal of oversight of the voting process by both sides.

While the discussion has so far focused on voter fraud (like votes cast by “dead people”), a much more likely scenario entails an overall failure of the voting system due to old age. Not of the voters – but of voting machines that are at great risk of failure.

What “hanging chads” were to the 2000 Presidential elections, “computer glitch” could very well be to this year’s elections, according to a recent study by the Brennan Centre for Justice at the New York University School of Law.

“Technology has changed dramatically in the last decade, but America’s voting machines are rapidly aging out,” according to the comprehensive ten-month study. “Old voting equipment increases the risk of failures and crashes — which can lead to long lines and lost votes on Election Day — and problems only get worse the longer we wait.”

While recent hacks of state voter databases and the Democratic National Committee have grabbed the headlines, the antiquated state of voting machines and voting systems across the United States could pose a much greater threat.

>See also: Inside the mind of a state-sponsored hacker

According to the 2015 Brennan Centre report (which was a follow-up to a 2014 Presidential Commission on Election Administration study), many states rely largely on electronic voting machines designed and engineered in the 1990s that have recommended lifespans of no more than 20 years – a target date that is coming due in many places.

43 states are using machines over 10 years old, and in 14 states the machines are 15 or more years old.

Older machines can also have serious security and reliability flaws that are unacceptable today.

“Several election officials have mentioned ‘flipped votes’ on touch screen machines, where a voter touches the name of one candidate, but the machine registers it as a selection for another,” according to the report.

If (or, according to these experts, when) election results are compromised or delayed as a result of this issue, many people will undoubtedly express shock.

But in 2016, the problem of aging-out equipment that can’t keep pace with modern demands should come as no surprise; indeed, it happens all the time, at banks, government offices, airline reservation systems, etc.

One recent example – a 2014 outage at ATM machines of the Lloyd’s Banking Group three days before Christmas – was attributed directly by industry experts to aging servers that shut down because they just couldn’t cope with demand.

Even worse: A year earlier, RBS customers were shut out of their accounts, some for weeks, because of equipment failure – leading company chief executive Ross McEwan to issue a mea culpa in which he bemoaned the fact that “for decades, RBS failed to invest properly in its systems. We need to put our customers’ needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on. We know we have to do better.”

>See also: Personal data of over 93.4 million Mexican citizens leaked online

But the potential for failure at the election booth is much more serious.

A cash withdrawal that can’t be made or credit card purchase that can’t be processed will, of course, cost the parties involved (banks, retailers, payment processors) some money, and require time and money to fix.

But unless actual hacking is the issue, customers’ money and credit lines should remain safe. In others words, it’s a temporary problem that, hopefully, will be resolved when the system is eventually back in operation.

An election day glitch is also, arguably, a “temporary” affair – but unlike at the bank, there is no “next time.”

A large-scale election infrastructure crisis due to failed equipment could really set off a major crisis – social, constitutional, and legal – and badly shake the confidence of Americans in their electoral system, in an election year where there has been far too much strife and divisiveness already.

The real solution, of course, would be to update machines to current state-of-the-art electronic voting systems that are much more secure and accurate than the older ones – but in an era of massive spending cuts and overwhelming government debt, there is little enthusiasm among lawmakers or the public for funding a massive multi-billion dollar project like that.

Of course, if something goes terribly awry with the 2016 election, those attitudes are likely to change – but do we really want to take a chance that something will go wrong?

Until new machines are in place, voters will have to make do with the old ones – which means that authorities must do everything in their power to protect the integrity of the voting process, right now, with the little amount of time that remains before the election.

>See also: The week of the data leak

What can jurisdictions do? Well, one thing would be to interface with experts who can make solid recommendations on ways to preserve the integrity of the election.

Performing disaster recovery tests and running an analysis of the voting systems and the networks they are connected to for possible glitches should be done immediately; if any system has a potential to short out, for example, that should be discovered and remediated before the event, not after.

What happens to a vote after it is recorded? Is everything backed-up or replicated properly? Can jurisdictions be sure that all data can be fully recovered in case of a glitch or is there a chance that some of the data will be lost? Does software need to be updated and if so, how will updates affect the voting system – or will we only find out when a machine malfunctions?

Indeed, a recent study by the University of Chicago sought to list the top reasons for IT failure – and discovered that the most common reason for outages is “unknown”- meaning that IT staff had no idea why their systems broke down.

At a bank, that would be totally unacceptable; in an election, especially as fraught as this one, “unknown” factors that call into question the votes of thousands, or millions, could lead to civil disorder, or worse.

The United States can’t afford to take a chance – not this time. Any jurisdiction that has not gotten its IT house in order had better get busy, even at this late hour.

 

Sourced by Yaniv Valik, VP product management and customer success at Continuity Software

Comments (0)