On the last day of voting in Colorado’s June primary, a poll worker sent to wipe down a voting machine found a concerning error message on its screen: “USB device change detected.”
The machine, used to mark ballots electronically, was taken out of use, and an investigation launched. The message raised concerns that a voter had tried to tamper with it by inserting an off-the-shelf thumb drive.
The incident heightened concerns among election officials and security experts that some voters would try to meddle with — or even attempt to sabotage — election equipment. Even unsuccessful breaches, like the apparent one in the county south of Colorado Springs, could become major problems in the November general election, when turnout will be greater and the stakes higher.
Activists, who promote the idea that the 2020 election had some integrity issues, contend that electronic voting machines are being manipulated. They have specifically targeted equipment made by Dominion Voting Systems, which has filed several defamation lawsuits and said that post-election reviews in state after state have shown its tallies to be accurate.
“This is yet another example of how lies about Dominion have damaged our company and diminished the credibility of U.S. elections,” company spokeswoman Stephanie Walstrom said in a statement to The Associated Press.
The incident in Pueblo County highlights a troubling reality, that any voter could try to tamper with voting machines.
“You get people motivated and activated, and who knows what they are going to come up with to fight machines they don’t trust,” election technology expert Kevin Skoglund said.
While it’s difficult to stop such attempts, experts say the nation’s election infrastructure is well-positioned to detect them quickly, as the Colorado county was able to do. Not only does election security involve layers of defenses, but a majority of the country now uses hand-marked paper ballots. That means an accurate tally can be reached in case something does go wrong and the results are questioned.
Perhaps more concerning is what could happen during the time election officials are investigating a suspected attack and working to validate the results. That’s when people can exploit the uncertainty and sow doubt about the election outcome.
“We’ve got so many layers of security and protections that have built over years,” Michigan’s Secretary of State Jocelyn Benson said. “The bigger threats are outside infiltration, as opposed to the machines themselves, and that’s what we’re trying to prepare for — because that’s the greatest system of unknowns.”
There have been security breaches at some local election offices, including one in Mesa County, Colorado. Authorities in a handful of states are investigating whether officials provided access to their voting systems to unauthorized personnel.
Those concerns are adding to worries about the physical security of the machines, which should never be left unsecured. At polling places, the workers are trained to keep a close eye on equipment and flag anything suspicious.
Election officials also use locks and tamper-evident seals, so it becomes apparent if someone has tried to access voting equipment. Trigger alerts make machines inoperable if someone tries to tamper with them, which is what happened in Colorado on June 28.
Late in the afternoon, poll workers at the Pueblo County vote center heard noises coming from a voting booth. When a poll worker went to investigate and clean the machine, they saw the error message and notified a supervisor. Law enforcement and state election officials were immediately told of the incident.
What triggered the error message is part of the security protocols that protect voting machines.
Election officials can take measures to ensure that unauthorized devices don’t infect voting equipment. They can configure their systems to recognize only proprietary devices, such as USB drives from the voting system manufacturer, or employ a system that allows connections only with devices containing a preauthorized digital signature.
If someone attempts to insert any unauthorized USB device, an error message appears, and the machine won’t work unless someone with administrator-level access overrides it.
In the Pueblo County case, the tamper-evident seal on the voting machine appeared to be disturbed. The case remains under investigation, and prosecutors are reviewing evidence.
This year, Colorado lawmakers broadened the definition of tampering with election equipment and strengthened the penalty for it. Formerly a misdemeanor offense with a penalty of up to 364 days in jail, it is now a felony punishable by up to three years in prison.
“Any actor who tries to subvert the will of the people should be held responsible under the law,” Colorado Secretary of State Jena Griswold said.
Federal officials have been working with those on the state and local levels to improve their security defenses since voting systems were designated as “critical infrastructure” after the 2016 election — along with banks, dams and nuclear power plants.
State and local election officials who weren’t already doing so have added locks, video camera surveillance of equipment storage locations and door access cards to limit those who can enter secure areas. Other security steps include limiting access to voting equipment to only those who need it and ensuring that sensitive systems are not connected to the internet.
“I have high confidence that jurisdictions are putting the necessary tools in place to be able to prevent and detect any kind of nefarious activities,” said Kim Wyman, who leads election security efforts at the U.S. Cybersecurity and Infrastructure Security Agency.
In Pueblo County, election officials are preparing for every possibility during the November general election.
It’s not so much the security of the machines that concern us, but the PROGRAMMING within the machines. When is there going to be a court-ordered, unbiased forensic investigation into Dominion’s CODE???