Can voting machines be hacked?

This story is excerpted from the MT Lowdown, a weekly newsletter digest containing original reporting and analysis published every Friday.

Throughout the first month of the 2023 legislative session, election skeptics in Montana have raised question after question about a very specific aspect of the state’s election infrastructure: its electronic vote tabulators, or “voting machines.” Can the machines be hacked? Do they contain modems? Should voters trust the company — ES&S — that supplies them?

Last week, the Legislature’s election security select committee got a chance to direct those inquiries straight to ES&S itself. Two of the company’s executives appeared remotely to explain the inner workings of the machines, the sourcing of the components inside them and the complex testing they go through before they process a single ballot.

“Short of taking your word for it, and with all due respect, how do we as legislators know that there are no networking capabilities inside the machines?” asked Sen. Theresa Manzella, R-Hamilton, one of Montana’s more outspoken election skeptics.

Chris Wlaschin, senior vice president and chief information security officer at ES&S, dove right in.

“I’ll start off by first saying that we have attested in writing to the secretary of state’s office that the devices in use in Montana do not have any networking technology,” he said. “We also have an open-and-inspect procedure that we provide to counties where they can open up the top cover of the DS200. We show them a picture of what a DS200 with a modem looks like and one without. They can open up that cover and look down in the machine and see that there’s obviously no modem or SIM card or anything in there.”

Wlaschin also noted that the machines undergo “significant emissions testing” to ensure they aren’t emitting any radiation or signals associated with a wireless device — tests that are certified by the U.S. Election Assistance Commission.

That’s just a sampling of the company’s attempts to reassure the committee that Montana’s voting machines are in fact secure. The hearing stretched on for nearly two hours. But the latter portion featured a twist: an appearance by Ben Cotton, founder of the digital forensics firm CyFIR, who was involved in a controversial audit of Arizona’s 2020 election and was named last fall by Michigan Attorney General Dana Nessel in a request for a special prosecutor to investigate unlawful access to voting machines.

Cotton tried to make a case for change to address purported vulnerabilities in Montana. Rep. Ed Stafman, D-Bozeman, pushed back on the relevance of his presentation.

“Mr. Cotton, do you have any evidence of any widespread voter fraud in Montana?” Stafman asked.

“No, I don’t,” Cotton replied.

Subscribe to have the MT Lowdown delivered to your inbox every Friday, or check out the Lowdown archives.