The work of J. Alex Halderman, a professor of computer science and
engineering, has made the United States election system more
secure�largely by uncovering vulnerabilities in equipment like voting
machines and ballot scanners, and by advocating for best practices and
technological advances.

Along the way, he has also run up against the limitations of our elections
systems, and even resistance from technology vendors and election
officials. Ironically, his work has also been used to prop up false
theories about fraud in the 2020 presidential election. (For his thoughts
on this, read the Q&A with Michigan News.)

Here are some of the key ways Halderman�s work has helped to strengthen
election integrity in the U.S.

Generating a paper voting record
Georgia
Challenge
In 2017, Georgia was one of only a few states that still used paperless
electronic voting machines statewide. These don�t give voters a way to
ensure that their selections were recorded accurately or provide a
physical record, which could be needed to rule out suspected electronic
fraud.

Solution
Halderman�s research helped spur a lawsuit filed by the Coalition for Good
Governance, a nonpartisan, nonprofit advocacy organization, and a handful
of individual Georgia voters. Halderman testified as an expert and
demonstrated on the witness stand how the machines could be hacked to
steal votes. As a result, Georgia replaced its machines with new ones that
produce a paper record. Manufactured by Dominion Voting Systems, the
machines were installed in time for the 2020 presidential election.

Federal court ruling prohibiting Georgia from continuing to use paperless
voting (PDF)

Patching software vulnerabilities
Georgia
Challenge
Rather than using hand-marked ballots like most states, Georgia�s new
system uses a machine to print voters� completed ballots, which encode the
selections in a barcode that voters have no way to verify. When Halderman
examined these machines after a federal court granted him access in 2020,
he found that it was possible for a hacker to change the votes encoded in
the barcode, even without physical access to the machines. The risk
increased after January 7, 2021, when confidential election machine
software and data from Coffey County, Georgia was illicitly copied and
disseminated.

Solution
After Halderman�s court testimony and 96-page report, Dominion Voting
Systems developed a patch for several of the software vulnerabilities he
discovered.

However, Georgia election officials have not implemented the fix.
Secretary of State Brad Raffensberger, who has announced that the machines
will not be updated until after the 2024 presidential election, described
the risks Halderman identified as �theoretical and imaginary.� While a
report commissioned by Dominion from the national security nonprofit MITRE
argued at the time that the attacks were infeasible as long as physical
security was sufficient to prevent access to the machines, the Coffee
County incident later showed that such access is, in fact, possible.

In-depth explanation on Freedom to Tinker

Making voting machines more reliable
Michigan
Challenge
In November 2020, election officials in northern Michigan�s Antrim County
published incorrect vote totals in their initial counts, which were later
corrected. Halderman investigated at the request of the Michigan secretary
of state and attorney general and found no evidence of fraud. Instead, he
discovered that a chain of human errors and insufficient software
guardrails led to an incorrect ballot scanner configuration, producing the
erroneous results.

Solution
Since the investigation, Halderman�s team has devised a way to bring tests
of election election equipment, a process known as logic and accuracy
testing, into the 21st century. The ways electronic voting machines can
introduce errors are more complex than the obsolete mechanical voting
machines for which existing testing methods were designed. Now, software
developed by Halderman�s team thoroughly checks the system�s configuration
in the smallest possible number of ballots, making the process
comprehensive but still manageable for election officials. It has recently
been piloted in several Michigan counties and Halderman is hopeful that it
will be ready for use statewide before the upcoming election.

Paper on investigation for USENIX Security Symposium, 2022 (PDF)

Logic and accuracy testing for 21st century Michigan (PDF) (to appear in
Operations Research, 2024)

Securing voters� privacy
21 states
Challenge
Many municipalities publish ballot-level voting results online�either as
ballot scans or lists of votes cast�to promote transparency. The data is
randomly shuffled to protect voters� identities. However, Halderman�s team
found a vulnerability in certain Dominion Voting Systems ballot scanners
that could un-shuffle the ballot information and reveal who cast what
votes, which they detailed in a study published in August 2024.

Solution
Halderman�s team reported the flaw to federal authorities and Dominion,
which developed a software patch in response. His team also developed an
open-source software tool and detailed instructions to help municipalities
sanitize the data so that it is safe to make public.

Paper about the flaw for USENIX Security Symposium, 2024 (PDF)

https://news.engin.umich.edu/2024/10/four-election-vulnerabilities-
uncovered-by-a-michigan-engineer/

moe, larry, curly wrote this copyrighted missive and expects royalties:

> The work of J. Alex Halderman, a professor of computer science and
> engineering, has made the United States election system more
> secure—largely by uncovering vulnerabilities in equipment like voting
> machines and ballot scanners, and by advocating for best practices and
> technological advances.
>
> Along the way, he has also run up against the limitations of our elections
> systems, and even resistance from technology vendors and election
> officials. Ironically, his work has also been used to prop up false
> theories about fraud in the 2020 presidential election. (For his thoughts
> on this, read the Q&A with Michigan News.)
>
> https://news.engin.umich.edu/2024/10/four-election-vulnerabilities-uncovered-by-a-michigan-engineer/

Along the way, he has also run up against the limitations of our elections
systems, and even resistance from technology vendors and election
officials. Ironically, his work has also been used to prop up false
theories about fraud in the 2020 presidential election.

Propping up false theories, Stooge?

--
tmps_base = tmps_max; /* protect our mortal string */
-- Larry Wall in stab.c from the perl source code