Feds: Hacking didn’t cause 2016 election problems in Durham

A months-long federal assessment of electronic pollbooks used in Durham County in the 2016 election found no evidence of hacking as the cause of inaccuracies and malfunctions that at the time forced a shutdown, according to the State and County Boards of Election.

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency’s (CISA) Hunt and Incident Response Team (HIRT) conducted the analysis at the request of the Boards.

CISA analyzed 24 laptops loaded with the electronic pollbook software EViD, which is used to check in voters at polling places. CISA also analyzed 21 USB drives used to load voter registration data onto laptops used by poll workers, as well as forensic images of the desktop computer used by Durham County Board of Elections employees who downloaded voter registration data from state servers and loaded it onto the USB activators.

Specifically, CISA’s assessment found: no evidence of malware on, or unauthorized access to, the 24 laptops; no evidence of malicious software on the USB activators; and no evidence of malicious activity on the desktop computer. The agency released a heavily redacted report about its investigation.

The federal findings support what state and county elections officials concluded during their own analyses – that a cybersecurity breach was not to blame for problems with the voter check-in process on November 8, 2016, states a joint news release from the Boards.

“The CISA Report is compelling evidence that there were no cyberattacks impacting the 2016 election in Durham,” said Philip Lehman, chairman of the Durham County Board of Elections. “As we have acknowledged, there was human error in the preparation of electronic poll books. Since that time, the Durham County Board of Elections has implemented additional training, security measures and staffing changes. Elections in 2017, 2018 and 2019 were conducted efficiently and accurately with no significant incidents.”

On Election Day in 2016, Durham County Board of Elections staff reported that the electronic pollbook laptops used to check voters in at polling places presented inaccurate data to poll workers in a small number of precincts. The inaccuracies included erroneously identifying voters as having already voted, identifying registered voters as unregistered, and prompting poll workers to ask voters to present an ID when IDs were not required to vote at that time. As a result, the State Board office required Durham County to use paper pollbooks when checking in voters. Voting ultimately resumed.

State Board investigators found that the issues were most likely the result of Durham County staff and poll worker error and unfamiliarity with the electronic pollbook functions, combined with a lack of adequate staff training and quality control by the EViD vendor, VR Systems.

Durham County hired Protus3, a security consulting and investigative firm, to conduct a review of the events that occurred on Election Day in Durham County. Following its investigation, Protus3 determined that the issues that occurred during the 2016 general election were most likely caused by internal administrative error.

Karen Brinson Bell, Executive Director of the State Board, said in the news release that the 2016 issue highlights the importance of poll worker training by elections officials and the vendors whose products are used in North Carolina.

“Election security is an ongoing process, and the State Board will continue to work with the 100 county boards of elections and our state and federal government partners to improve security at every step in the voting process,” she said.

In its report, CISA provided recommendations to improve cybersecurity and protect against possible interference, but they were redacted to protect “sensitive public security information,” according to the news release.

“Many of the recommendations provided by CISA are general and would apply to all county boards of elections in North Carolina,” the release states. “Durham County has many of the suggested infrastructure protection tools in place and is working on additional enhancements to its systems.”

Election security has been a point of contention in North Carolina in the past year as fear rises over the potential for hacking in the 2020 election (after Russian interference in the 2016 election). There was also tension over voting machines this year — voting rights advocates urged the State Board to return to a system and vendor that used hand-marked paper ballots. They ultimately certified a wide-range of vendors and systems but vowed to continue bolstering security. Learn more about election security here.