Matt Blaze
DEFCON.org
University of Pennsylvania1
Us House of Representatives
Committee on Oversight and Government Reform
Subcommittee on Information Technology And
Subcommittee on Intergovernmental Affairs
Hearing on Cybersecurity of Voting Machines
November 29, 2017
From his testimony:
For the last 25 years, my research and scholarship has focused on
the security of cryptographic, computing and communications systems,
especially as we rely on insecure platforms such as the Internet for
increasingly critical applications. My work has focused particularly on the
intersection of this technology with public policy issues. For example, in
2007, I led several of the teams that evaluated the security of computerized
election systems from several vendors on behalf of the states of California
and Ohio.
In this testimony, I will give an overview of the security issues
facing elections in the United States today, with emphasis on the risks and
vulnerabilities inherent in Direct Recording Electronic (DRE
“touchscreen”) voting machines as well as the exposure of our election
infrastructure to disruption by national security adversaries.
I offer three specific recommendations:
• Paperless DRE voting machines should be immediately phased out
from US elections in favor of systems, such as precinct-counted
optical scan ballots, that leave a direct artifact of the voter’s choice.
• Statistical “risk limiting audits” should be used after every election
to detect software failures and attacks.
• Additional resources, infrastructure, and training should be made
available to state and local voting officials to help them more
effectively defend their systems against increasingly sophisticated
adversaries.