Amidst growing issue about the vulnerability of the U.S. election system to hackers, Pennsylvania informed election officials they had to update their machines last year. But according to a Saturday report in the Associated Press, though some 60 percent of those systems have actually been updated– at an expense of $1415 million– a number of them are dependent on Windows 7, which Microsoft will stop supporting on January 14, 2020.
So too are many systems throughout the nation, according to the AP:
An Associated Press analysis has discovered that like lots of counties in Pennsylvania, the huge bulk of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.
… The AP surveyed all 50 states, the District of Columbia and territories, and found several battlefield states impacted by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona and North Carolina. Likewise impacted are Michigan, which just recently acquired a new system, and Georgia, which will reveal its brand-new system soon.
” Is this a bad joke?” said Marilyn Marks, executive director of the Union for Excellent Governance, an election stability advocacy organization, upon discovering the Windows 7 issue. Her group sued Georgia to get it to ditch its paperless ballot devices and adopt a more secure system … If Georgia selects a system that runs on Windows 7, Marks said, her group will go to court to block the purchase.
According to the AP, the election market is “dominated” by 3 huge business: Election Systems and Software Application LLC (ES&S), Dominion Ballot Systems Inc., and Hart InterCivic Inc, which a 2017 research study discovered collectively control 92 percent of election systems in location in the nation. Just Dominion has actually established more recent systems that aren’t impacted by the Windows 7 problem but it has gotten other companies operating systems operate on “even older os,” the AP composed. Establishing more recent systems needs passing a lengthy federal accreditation process and would be very tough to accomplish by the 2020 main elections.
” End of life” indicates that Microsoft will stop formally supporting the Windows 7 os with totally free patches, including security updates important to safeguarding versus malware– perhaps the most significant security worry about elections, thinking about that in-person voter fraud in the U.S. is exceptionally rare and hackers thought to be connected to Russia have apparently poked around the edges of state election networks. When an operating system enters this phase, it ends up being easy victim for hackers who can exploit unpatched vulnerabilities.
Microsoft did tell the AP that it would provide security updates for Windows 7 through 2023, though just on a paid basis. As TechSpot kept in mind, annual costs for that assistance intensify year after year and are high enough that “services with hundreds or countless Windows 7 gadgets can expect to turn over a great deal of loan,” though it’s probable Microsoft will reach particular plans with bulk customers. As the AP kept in mind, it is “uncertain” whether those costs “would be paid by vendors operating on razor-thin profit margins or cash-strapped jurisdictions.”
While election systems are supposed to be “air-gapped,” implying that no system straight involved in recording or tallying votes is connected to the internet, the New York Times reported in 2015 that some systems have come packaged with remote-access software that might theoretically be permeated by hackers. Additionally, the Times composed, many regional election websites report vote totals to their county election offices by means of phone lines, a practice that “election authorities and vendors” say is safe due to the fact that it does not use the web.
The Times disputed that characterization, noting that lots of land lines now go through cellular towers or telecom routers that are, creating a risk that hackers might use an IMSI-catcher ( commonly called a Stingray) “or overturned telecom router to hack back into election systems and alter software to affect election results.” ES&S later on admitted to congressional private investigators that it offered systems with remote gain access to software to a “little number of customers” from the years of 2000-2006, which would have required installing a modem on election systems for managing remote gain access to by professionals.
According to the AP, officials in Pennsylvania and Arizona stated their vendors have actually ensured support for updating the systems when a new version is licensed:
Authorities in Pennsylvania, Michigan and Arizona state they have discussed the software application problem with their vendors. Other states mentioned in this story didn’t react to AP demands for comment.
Pennsylvania elections spokeswoman Wanda Murren stated contract language allows such a software upgrade totally free. Arizona elections spokeswoman C. Murphy Hebert said ES&S has actually likewise assured the state that it will provide assistance to counties for an upgrade.
The U.S. Election Support Commission establishes the standards by which systems are certified, the AP reported, but the company has no regulative power and compliance is voluntary on the federal level. The tests are primarily developed to inspect whether systems operate as desired and “there is no cybersecurity check,” the AP concluded.