Los Angeles County has spent the past 10 years creating what it hopes will be the voting system of the future, a $ 300 million fleet of high-end machines built from the ground up.
But as it prepares to launch the new equipment for the first time, when early voting in California's Democratic primaries begins next week, the county is in a race against the clock to reinforce the critical vulnerabilities highlighted in an alarming third-party assessment.
The technical report commissioned by the California Secretary of State identified a wide variety of security holes and operational issues, including unsecured ballot boxes and exposed USB ports that dishonest actors could exploit to alter votes.
"At first reading, it's terrifying," said Richard DeMillo, professor of computer science at Georgia Tech University, specializing in voting security. "There are things that are clear security vulnerabilities in the system that are overlooked."
To learn more about this story, tune into NBC Nightly News with Lester Holt tonight at 6:30 pm ET / 5: 30pm CT or check out your local listings.
L.A. County Secretary Dean Logan, in charge of the system, said most of the security breaches have been corrected and that the county has met the requirements set by California Secretary of State Alex Padilla. Padilla only last month approved the system for use in Democratic primaries as long as certain conditions are met.
But the issues raised by the independent vulnerability assessment are likely to remain in Los Angeles County until all ballots are counted on March 3 – and beyond. Padilla gave the municipality until August to address some of the most complex security flaws.
While it is routine for testing to reveal twists on new voting systems and conditional certification to be standard, experts say the number of issues to be identified so close to a big election is rare.
"It is not uncommon in certification tests for independent examiners to find problems with a system. That is why you do this," said Eddie Perez, a former executive at a major electoral systems manufacturer.
"But finding and reporting these issues in late December, before the presidential primaries in February, when the system is being used for the first time in a municipality of this size, that is the concern," added Perez, who is now global director of development of technology for the Open Source Election Technology Institute (OSET), a non-profit organization that conducts research on electoral technology.
Voting systems across the country are under intensified scrutiny as a result of the meddling in the Russian elections in 2016. The Iowa Democratic committee disaster, where technical conflicts and communication failures delayed the release of results, underscored the potential for setbacks.
But perhaps no county is facing more pressure than Los Angeles County. The country's largest voting district has undertaken an audacious plan to renew its outdated voting machines amid growing concerns about faulty equipment and inadequate security. The system was ready for a review – the technology dates back to 1968 when Richard Nixon defeated Hubert Humphrey as president.
Los Angeles County goal? Create a system of public ownership and operation and make it easy for all voters, including those with disabilities.
"If it makes it inaccessible and complicated, or it scares voters to the point that they think their vote does not matter, then we destroy all intention to have elections in the first place," said Logan.
The system – the first of its kind in the country – relies on modern technology. Voters make their selections on a touchscreen, and then the machine generates a paper ballot. The voter is expected to review the ballot to ensure its accuracy before voting.
Official ballots are counted independently in a separate counting system.
The system, called Voting Solutions for All People (VSAP), gives voters the freedom to vote at any of the county's 1,000 voting centers.
Logan said he believes it is especially suited to the size and diversity of Los Angeles County, which contains 5.4 million voters more than the combined total in 42 states. He emphasized that no special arrangements are needed for people with disabilities.
"This is the country's first system that allows a disabled voter to vote completely independently" without "having to reveal that he has a disability and be relegated to a corner of the room and treated differently," said Logan.
Election experts say that marked paper ballots are the gold standard for preventing tampering and allowing recounts and audits. About 70% of the country still votes this way.
The VSAP system relies on voters to ensure the accuracy of the machine generated ballots. Inaccurate ballots caused by technical errors or any other problem would not be detected. But experts say reliance on voters' diligence is problematic; studies show that most do not take time to inspect ballots.
Logan said his system produces a "human-readable paper ballot" that is equally secure and still gives voters a chance to spot errors. "The voter is in the driver's seat," he said.
But the technical report, released on Christmas Eve, identified several significant flaws:
– Open USB ports where an attacker can insert malware and potentially change votes.
– With widespread dissemination of source codes, many people have access
– Ability to insert or remove banknotes from transfer boxes.
– Serious paper jams that require a complete system reset
The machines were found to jam five times the rate allowed in California. Malfunctions often destroyed ballots during testing, which means that a potential voter would have to go through the process again. And jammed machines would have to be stopped and restarted, resulting in significant delays.
"These things were mitigated after the test," said Logan. "And one of the conditions is that we need to continue to look at this and improve it."
Logan said most of the other problems were fixed – through measures such as adding tamper-resistant seals, blocking vulnerable doors and restricting system access to a smaller group of employees.
But the county is also facing action from the city of Beverly Hills for the way the touch screens display candidates' names. The screens display only four at a time, requiring voters to press a button marked "MORE" to see the others. If voters press next, they won't see those names – a major problem in a location that has 30 contests with five or more candidates.
Logan said a large yellow circle was added around a larger "MORE" button to make it look better. But he acknowledged that some of the more complex concerns, like encrypting all server and workstation hardware, will not be addressed until closer to the general election.
As a recovery plan, Padilla, the secretary of state, determined in his conditional approval of the new system that all 1,000 new polling stations have paper ballots available on site.
Los Angeles County also has a vibrant home voting program. Any voter can request a paper vote at home and send the ballot by mail or hand it over. Logan said that historically about 60% of voters request such votes and approximately 30% of them end up voting that way.
In a statement, Padilla expressed confidence in the system.
"California is home to the most rigorous standards for testing the certification of voting systems in the country," he said. "LA VSAP – like any other voting system used in California – had to be tested for months and identified vulnerabilities addressed before it could be certified for use."
But Perez, of the Open Source Election Technology Institute, said the number of outstanding issues and the limited time to resolve them presents a daunting challenge.
"These are very high stakes," said Perez. "It's the kind of thing that would keep any clerk recorder awake at night."
. (tagsToTranslate) US Policy