On April 14, the Virginia State Board of Elections voted to immediately decertify use of the AVS WinVote touch-screen Direct Recording Electronic voting machine. That means that the machine, which the Washington Post says was used by “dozens of local governments” in Virginia, can’t be used any more, though the commonwealth is holding primaries in just two months. The move comes in light of a report that shows just how shoddy and insecure voting machines can be. As one of my colleagues taught me, BLUF—bottom line up front: If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. A hacker wouldn’t have needed to be in the polling place—he could have been within a few hundred feet (say, in the parking lot) and or within a half-mile if he used a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
Now for some background. The AVS WinVote is a Windows XP embedded laptop with a touch screen. Early versions of the software actually ran Windows 2000. (An election official told me about playing solitaire on the device.) Later versions ran a somewhat cut-down version, although it’s not clear to me how much it was actually simplified. The WinVote system was certified as meeting the Voting Systems Standards of 2002 and was approved for use in Virginia, Pennsylvania, and Mississippi. Pennsylvania and Mississippi both stopped using theirs a few years ago.