Though a major conference for hackers uncovered major flaws in several electronic voting systems, Del Norte County Clerk-Recorder Alissia Northrup says the California Secretary of State hasn’t notified her of any vulnerabilities in the machines used locally.

Def Con, the world’s largest hacker conference held in Las Vegas in August, brought back its voting village for the second year in a row. Participants were allowed to test more than 30 voting machines and equipment. Their findings were released in a 50-page report last month.

According to its Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases and Infrastructure, Voting Village participants uncovered dozens of vulnerabilities this year. These include a voting tabulator used in 23 states that could be remotely hacked via a network attack enabling the attacker to flip the Electoral College and determine the outcome of a presidential election, according to the report.

Another machine, used in 18 states, could be hacked in two minutes while it takes the average voter six minutes to cast a ballot, according to the report. Hackers could also use a mobile phone to reprogram an electronic card used by millions of Americans to cast their ballots, according to the report.

The Voting Village featured the following machines and equipment: Dominion: Premier/Diebold AccuVote TSx; Dominion: Diebold AccuVote OS; Dominion: ACV Edge; ES&S: ExpressPoll Tablet Electronic Pollbook; ES&S: M650; AVS:WINVote; AVC Edge activation device; and ACOSJ dual interface Java card.

Though Del Norte County uses two Dominion machines in its elections, Northrup said Monday that everyone votes via a paper ballot. In the case of the first, a Dominion ImageCast Evolution (ICE), which is used at local polling places, the voters insert their ballot into the machine, which records and tallies their vote, Northrup said. The machine also takes a picture of the ballot and holds it, she said.

The second machine, a Dominion ImageCast Central, is housed at the Del Norte County Elections Office, which Northrup says is similar to the ImageCast Evolution.

“There’s a paper version and an electronic version of all records,” Northrup said. “Basically, we have two records of everything.”

Del Norte County received the Dominion ImageCast machines in 2016 as part of a lease agreement with Dominion Voting Services. The agreement costs the county about $110,000 a year and lasts through 2021, the Triplicate reported in May 2016.

When asked about the Dominion machines highlighted in the Voting Village’s report, Northrup said Del Norte County had used the Dominion: ACV Edge a long time ago. At that time, all votes were cast via this touch-screen machine, she said. There were no paper ballots, Northrup said.

The Dominion: ACV Edge machines were eventually de-certified in California, according to Northrup, but Del Norte County precincts continued to have one available for those needing language assistance or the vision impaired.

According to Northrup, Del Norte County has never used Dominion: Premier/Diebold AccuVote TSx or Dominion: Diebold AccuVote OS.

If the Dominion ImageCast Evolution machines or the Dominion ImageCast Central machine was discovered to have flaws, Northrup said her office would work with the vendor on finding a fix.

“If it came down to it, we’d do all paper ballots,” she said.

Northrup said Monday that she was meeting with the California Secretary of State’s office on new voter registration system through the Department of Motor Vehicles. She said that as far as cybersecurity, “the Secretary of State’s office is definitely on it.”

In its report, the Voting Village included an introduction from California’s Secretary of State Alex Padilla. Originally published in The Hill on Aug. 19, 2018, Padilla states that he attended DEFCON, and while hackers are getting more sophisticated, he noted the environment at DEFCON “do not precisely reflect real-world conditions.”

“On Election Day, voting machines aren’t left on tables to be opened or exposed for hours on end and there isn’t unlimited public access to equipment at polling places or county offices,” Padilla writes. “Still, we could learn a lot from friendly hackers. Their insight can help us stay one step ahead of those who seek to undermine our democracy. It forces us to take second, third and fourth looks at systems. Elections officials must constantly scrutinize, test, adapt and upgrade security measures.”

To read DEFCON Voting Village’s report, visit https://defcon.org/images/defcon-26/DEF%20CON%2026%20voting%20village%20report.pdf.

Reach Jessica Cejnar at jcejnar@triplicate.com .

21436697