Report: Miami-Dade, six other Florida elections sites left connected to internet

Seven Florida counties’ elections sites are among 19 nationally found to have early results systems vulnerably connected to the internet this week, according to an investigative report published Thursday by a technology investigative journalism team associated with VICE Media.

The article, “Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials” by Motherboard, the technology reporting arm from VICE Media., reports that the Supervisors of Elections’ backend computer systems in Miami-Dade, Bradford, Charlotte, Flagler, Wakulla, Pasco, and one not-identified Florida county were among 19 nationally that have early-results computer systems connected to the internet, possibly making unofficial, early results reports vulnerable to hackers, and risking other problems.

The article, written by Kim Zetter, states its team of elections security experts pursued elections systems coast to coast and found nearly three dozen that had, at one time, been connected to the internet.

The 19 highlighted, including the seven in Florida, were found to be connected as recently as this week, the article reports.

“We … discovered that at least some jurisdictions were not aware that their systems were online,” the article quotes Kevin Skoglund, an independent security consultant who conducted the research with nine others, as saying.

“None of this implies that the election systems in Miami-Dade or any other Florida county were manipulated in the 2016 elections,” the article states.

Florida Department of State spokeswoman Sarah Revelle said in an email response that the department is reviewing the Motherboard report.

She stated that the department continues to work with Supervisors of Elections on the Joint Election Security Initiative to identify any potential weaknesses in Florida’s election infrastructure. Any weaknesses that are identified will be addressed prior to the 2020 election.

Suzie Trutie, Miami-Dade’s deputy supervisor of elections for government affairs and media relations, said the office works very closely with the county’s central information technology security office to assure full security.

She pointed out that the elections office’s vote tabulation server is held in an isolated network with no internet access.

They all used voting equipment from Election Systems & Software of Omaha, Neb.

Katina Granger, public relations manager for Election Systems & Software, responded to an inquiry about the article by writing, “No ES&S vote tabulator is ever connected to the internet. In addition, election management systems are secured and hardened and are not permitted to be connected to the internet.

“In some states it is a common practice to modem unofficial election results at the close of the polls to help the media in releasing early projections. This does not involve direct internet connectivity to the voting system. ES&S uses industry best practices and numerous security safeguards to protect the transfer of these unofficial election night results. Also, remember that these are unofficial results. The physical ballots and printed results tapes are protected at all times,” she continued.

And Granger referred to a quote from the article: “If they did everything correctly [with the ES&S systems] as they say they do, there is no danger,” Robert Graham, CEO of Errata Security, told Motherboard. “These are all secure technologies that if [configured] correctly work just fine.”

According to the Motherboard report, there still could be problems.

VICE Media is a Canadian digital media and broadcasting company.

The internet connections are through the early polling results portals that the elections offices use to  publicly report unofficial returns for the media and others. The article suggests these early results are not necessarily secure, and that news outlets and others are at risk of receiving manipulated early results.

While elections offices tabulate final results from memory cards in the voting machines that are normally driven and hand-delivered to the elections offices for official counts, instead of via any online transfer of data, “a significant discrepancy between the unofficial tallies and the official ones would create mistrust in the election results and confusion about which ones were accurate,” the article states.

It also contends, through comments from the team of experts cited in the article, that any county that misconfigures its firewall could expose the official vote database to the internet through the early-results portal system.

The article stated its team did not find any reason to believe any of the systems it explored actually have been compromised by hackers.

The early polling results connections are supposed to last only a couple of minutes at a time, but the article states its experts found some turned on for days or months or apparently forever.