Faced with increasingly convincing evidence that electronic voting systems can be hacked to alter election results, most states are wisely moving to adopt voting methods that enhance security, in part by producing a paper ballot record that can be used to audit results. South Carolina should do the same.
In fact, that's the goal of the S.C. Election Commission, if the Legislature will come up with $40 million to purchase the 13,000 new machines needed to serve every precinct in the state. The commission has attempted to get the Legislature's attention for five years about the need to build up a fund to replace the existing machines. So far, legislators have demurred, awaiting the completion of new state standards for voting machine security.
Those standards are expected to be completed in time for legislative review next year. Timely action will be needed if there is to be any chance to replace the 13-year-old touch-screen machines before the next general election in 2020.
The latest state to make that decision is Virginia, which last month decertified the remaining touch-screen voting machines that do not create a paper trail after computer experts demonstrated how easily those particular machines could be hacked from afar.
Thirty-six states and the District of Columbia now require a paper trail for their elections, using a variety of methods, including paper ballots, punch cards, and touch-screen machines that also produce a printed ballot. Virginia is joining them.
Just five states, including South Carolina, still exclusively use voting machines that do not produce a paper trail. In all, according to Reuters, some 44 million voters, one fourth of all eligible voters in the United States, were registered in jurisdictions without a paper audit trail in 2016.
The current interest in securing voting systems is partly due to concerns aroused by evidence of alleged Russian attempts to tamper with U.S. election machinery in 2016. The evidence for that is mixed. For instance, when the U.S. Department of Homeland Security last month called election officials in 21 states to tell them that their systems had come under attack during the 2016 election, it had to issue partial retractions after its conclusions were disputed by Wisconsin, Texas and California. A suspected attempt to intrude into South Carolina's voting databases could not be definitively attributed to hostile action.
DHS has offered no evidence that Russian hackers succeeded in gaining access to the most sensitive elections data, much less in altering outcomes. But one alarming report leaked from the National Security Agency in June says Russian intelligence "executed cyber espionage operations" against a voting machine company in August 2016, "evidently to obtain information on elections-related software and hardware solutions."
That information presumably was used to "launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations." The report does not tell whether the attacks succeeded, but the threat is clear.
However, Virginia's decision to replace its remaining Direct Recording Electronic systems was triggered by the information from a cybersecurity conference where computer hackers showed that those voting machines could be compromised without much difficulty.
South Carolina uses machines from a different manufacturer than Virginia, and S.C. officials insist the voting machines now in use have not been compromised. In addition, S.C. Election Commission spokesman Chris Whitmire says recent software upgrades have improved the system's security.
Nevertheless, the experience of hacking elsewhere and the general sense of cyber insecurity with voting systems say that the time is fast approaching for the state to upgrade its aging system.
Let's hope legislators can do a better job replacing voting machines than they have aging school buses. A secure voting system is essential.
This editorial is from The Post and Courier of Charleston via The Associated Press.