Voting Village In Vegas: Gambling Or Voting? 

As you walk through the lobby of Caesar’s Palace, you marvel at the grand marble pillars and the sea of glittering chandeliers. You are floored by the opulence and glitz that surrounds you. The lobby bustles with tourists looking to win big, and their excitement fills the air. As you open the door to the conference room, though, the atmosphere does a complete 180. Computers, voting machines and E-polling devices fill the room wall to wall, with network and power cables snaked between them. Blinking lights pulse to a steady rhythm. You’ve just stepped into the DEF CON Voting Village. 

White hat hackers (the good guys) travel here annually from around the world to hack into voting machines and report whatever vulnerabilities they find to vendors and authorities. This year, their convergence at Caesar’s Palace took place from the tenth of August to the twelfth. They’ve been meeting since 1993, figuring out how to hack anything from security systems to light bulbs to cars. They started hacking voting machines in 2017.    

That first year, it took them two minutes to hack the system remotely and manipulate the votes. This year, one participant modified the touch-screen voting platform to show a video of Rick Astley’s “Never Gonna Give You Up”—just a fun little prank to demonstrate the system’s vulnerability. But beyond that, they found many real issues. For instance, they were able to use a USB drive to scramble the machines’ tallying capabilities. Though many more issues were found, they’ve been kept closely guarded so as not to fall into the hands of bad actors. 

The hacking team provided their results to the vendors. Unfortunately, none of the vulnerabilities they discovered will be fixed in time for the election. The vendors claim that there isn’t enough time, and that the process is much more complex than the tailoring and debugging of your monthly Microsoft updates. Many of the vulnerabilities DEF CON identified in their first Voting Villages were found again this year. Harri Hursti, Voting Village’s co-founder, said in an interview at the end of the event, “There’s so much basic stuff that should be happening and is not happening, so yes I’m worried about things not being fixed, but they haven’t been fixed for a long time, and I’m also angry about it.” 

Hursti seems concerned about the threat foreign adversaries pose to US elections. He noted that it took his team only two-and-a-half days to find and take advantage of the faults in the system. “If you don’t think this kind of place is running 24/7 in China, Russia, you’re kidding yourselves,” he said. I agree. Any organization with the resources and an incentive can easily hack this infrastructure.   

Jake Braun, another co-founder of the event, noted in a podcast in August that the E-poll books are especially easy to hack and are notorious for breaking often. This could cause serious delays. He recommends that polling stations print multiple copies of the voter registration lists for each district. 

In our column on voting machines this past spring, I noted that the calibration of the touchscreen affects how the voters’ input maps to different locations on the screen.  If the calibration is incorrect, it could alter the voters’ choices.  During early voting for the November election, there are reports that this has happened in both Tarrant County, TX and in Shelby County, TN. The screen showed the proper vote, but the printed copy showed a vote for the unselected candidate.  If you are using the touch screen device, check your printed ballot. 

Although gambling might be the heart of Las Vegas, it should not be the heart of Election Day. Using this infrastructure to determine who governs our land is like pulling a handle of a slot machine in Caesar’s lobby