PROVIDENCE, R.I. (WPRI) – R.I. Board of Elections officials are pushing back on a national article that called into question the security of its election system, saying many of the issues raised are “inaccurate or outdated.”
The board on Friday published a list of responses to some of the issues raised in an article by Motherboard, a division of Vice Media. The article showed at least 35 election management systems in 10 states, including Rhode Island, have been intermittently connected to the internet over the last year.
Rhode Island was described as “particularly problematic” because – unlike other states – it conducts its elections from a centralized office.
BOE is pushing back on the claims, saying its data communication server – which connects to the internet to transmit unofficial elections results from its 461 polling places on election night – is physically disconnected after use, and hasn’t been online since Nov. 7, 2018 (the day after Election Day).
The explanation splits hairs with the Motherboard article, which describes Rhode Island’s system as periodically popping online and offline, but not staying connected year-round.
“Rhode Island is one that kind of comes on and goes off,” said one of the researchers in the article.
The Motherboard story does not suggest any systems were hacked or manipulated, but detailed how election information — especially unofficial election results — could be manipulated and fuel uncertainty about the results of an election. Unofficial results in Rhode Island are quickly transmitted to the centralized office, while official results must be delivered in person.
The security of elections has been a hot topic since federal investigators determined Russian intelligence officers hacked the Democratic National Committee and the Clinton campaign during the 2016 election. Robert Mueller, who indicted 12 Russian nationals last year, warned Congress last month that the problem persists.
Motherboard argued its research underscored how little election officials seem to understand about the susceptibility of their election management systems.
BOE officials said they were never contacted for the report, and wrote it was “unclear” why the researchers found the system online.
“It is possible that researchers were detecting a secure network that is necessary for the maintenance of the state’s electronic pollbooks, which until August 2018 shared the same [internet service provider] connection as the data communication server, but nothing else,” the officials wrote. “Maintenance of the e-pollbooks occurs year-round for special elections and finance town meetings.”
The BOE does not dispute one part of the article that details how researchers found the state’s IP address on a publicly available document.
“It was quickly discovered and the IP address was immediately changed,” BOE officials wrote. “As a security measure, the IP address is changed prior to every election.”
Common Cause Rhode Island, a government watchdog organization, on Thursday said the Motherboard article confirmed many of its “well-founded fears.” The group has long raised concerns about the cybersecurity of the state’s election system.
“The Board of Elections response to the recent Motherboard article is welcome and long overdue,” John Marion, executive director, wrote in an email. “Common Cause Rhode Island raised several questions about our voting system in May 2018 and never received an official response.”
Marion said the nonprofit will continue to evaluate the BOE response, as many of the answers are highly technical.
“We are committed to holding the Board accountable for how they manage our elections, including their use technology,” Marion wrote. “Common Cause will be watching closely in the coming months as the Board prepares for the 2020 elections.”