Security of some ballot-marking devices could be vulnerable in California recall, researchers say

A "vote here" banner hangs above a public doorway.
Ballot marking devices used in as many as 40 California counties for in-person voting could be vulnerable to a malware attack, voting researchers said Thursday.
(John Gibbins / San Diego Union-Tribune)

A group of voting security researchers, alarmed by recent disclosure of sensitive election system software by an ally of former President Trump, want California officials to conduct a statewide post-election review of ballots cast in the Sept. 14 recall targeting Gov. Gavin Newsom.

Their request, made just days before in-person voting begins in several counties, threatens to drag California into the tumultuous national debate over election security.

“While the software versions are not identical to those used in California, differences are relatively minor,” the group said in its letter Thursday to Secretary of State Shirley Weber. “The release materially elevates threats to the trustworthiness of the ongoing California recall election and to public trust in the election.”

The researchers who wrote to Weber acknowledged California’s strong record on election security. But they argued the public discussion of Dominion products by Mike Lindell, the chief executive of My Pillow and an informal advisor to Trump, was tantamount to a serious breach of election system security.


Jenna Dresner, a spokeswoman for Weber, said Friday that the election systems used in California are secure and the state has launched a pilot program for risk-limiting audits with plans to expand the effort to all counties by 2023.

“The abrupt call for a statewide mandated implementation of Risk Limiting Audits less than two weeks ahead of the recall election is premature and in direct conflict with the thoughtful implementation we had planned over the next two years,” Dresner said in a written statement.

Lindell held an event in South Dakota last month that he billed as a symposium on election fraud where, according to news reports, details of the Dominion systems were discussed. Those systems, the voting researchers said in their letter to Weber, were similar enough to those used by some California counties to cause concern.

“For years the voting tech market has used the cloak of invisibility like a shield to protect their products from the threats that every day exploit weaknesses in computer systems,” Richard DeMillo, the chairman of the Georgia Tech School of Cybersecurity and Privacy, said in a written statement. “That shield never really existed, but now it’s not even a fig leaf.”

The researchers want California officials to commit to a sweeping post-election review of the recall’s results, an examination that would probably involve checking the marks made on millions of ballots. But their biggest concern may lie with possible vulnerabilities in the devices used to mark paper ballots at in-person voting sites — weaknesses they say were revealed by Lindell’s public event.

The devices in question are made by Dominion Voting Systems and scheduled to be used in 40 of the state’s 58 counties for the recall election. Dominion remains ensnared in unproven allegations of fraud made by Trump supporters in last November’s presidential election. The company has filed lawsuits over accusations made by the former president’s attorneys and repeated by conservative media organizations, including legal action against Lindell.

“In raising our concerns about the Dominion software release we are not accusing Dominion of wrongdoing,” the letter from eight election researchers said. “Nor do we have evidence that anyone currently plans to hack the recall election.”


Instead, the researchers told Weber, they are urging action to ensure public confidence in the recall election results that will be reported once polls close on Sept. 14. The academics did not ask Weber to ban Dominion’s ballot marking devices, a decision that could lead to widespread disruptions in planning for in-person voting.

The letter sent to Weber cites the work of Alex Halderman, a University of Michigan computer science professor, who reported to a federal court that a ballot-marking device made by Dominion has security vulnerabilities that “would allow an ordinary voter to insert malware into a [ballot-marking device] during a voting session, with little likelihood of detection.”

That malware, Halderman noted in a court filing last month related to a Georgia election lawsuit, could then “spread undetected to other voting machines and potentially to the central election management system (EMS) in the county.”

For almost 15 years, California has required paper records of all votes cast in elections as a backstop to security and accuracy concerns with voting machines. Ballot-marking devices are intended to assist the voter with clear and consistent selections while allowing review of a paper ballot before it’s placed inside a ballot box.

“The level of security that we have is much higher than other states,” said Donna Johnston, the registrar of voters in Sutter County and president of the state association of elections officials.

The warning comes during a heated public debate about election security. A poll released Wednesday by the nonpartisan Public Policy Institute of California found that while most likely voters surveyed said they have confidence in the state’s voting systems, there was a wide gap in confidence between Democrats and Republicans. Forty-three percent of GOP likely voters surveyed said they had “very little” confidence in the state’s elections systems.

More than 5 million voters have already cast ballots, according to tallies reported by elections officials. In-person voting begins this weekend in some communities for Californians who either didn’t want to cast a ballot remotely or for those who need help with their selections or their registration status.