Inside America's Voting Machines

America's voting infrastructure operates on a foundation that would make any cybersecurity professional uncomfortable. After months of technical investigation into the systems that count our votes, the picture that emerges is one of aging hardware, documented vulnerabilities, and a certification process that prioritizes bureaucratic compliance over genuine security. While no evidence suggests these technical weaknesses have been exploited to alter election outcomes, the capability for such attacks has been conclusively demonstrated by leading cybersecurity researchers.

The voting machine industry represents a critical infrastructure sector dominated by just three companies controlling over 90% of the market, yet it operates with less regulatory oversight than the financial or telecommunications sectors. This investigation examined the technical specifications, security architectures, and real-world deployment practices of the systems that processed over 160 million votes in 2020, revealing significant gaps between vendor promises and documented capabilities.

The Hardware Running America's Democracy

The backbone of American election technology rests on a surprisingly small number of machine types, most running on commodity hardware with consumer-grade components. ES&S systems, which process roughly half of all American votes, run on Intel-based platforms using either Windows Embedded or custom Linux distributions. The company's DS200 precinct scanners employ 12-inch LCD touchscreens connected to thermal printers, while their DS850 central count systems can process 300 double-sided ballots per minute using high-speed digital camera imaging.

Dominion's ImageCast systems, used in over 1,600 jurisdictions, run on Android operating systems for ballot marking devices and custom Linux distributions for scanners. The ImageCast Evolution combines a 19-inch touchscreen with integrated thermal printing and dual-side scanning capabilities, all contained within a motorized ballot feed mechanism that costs jurisdictions upwards of $150,000 per unit. Hart InterCivic's Verity systems employ hardened Linux platforms with touchscreen interfaces, while newer entrants like Clear Ballot build their systems around unmodified commercial-off-the-shelf laptops running Windows 10 or Ubuntu Linux.

The physical security measures across all vendors follow similar patterns: multiple locking mechanisms, serial-numbered tamper-evident seals, and locked enclosures designed to prevent unauthorized access. Yet security researcher Alex Halderman at the University of Michigan has demonstrated that these physical protections can be circumvented with tools available at any hardware store, requiring only brief unsupervised access to install malicious software.

The operating systems powering these machines reveal another layer of concern. Many systems still run on Windows 7 Professional, which Microsoft ended support for in January 2020, leaving them vulnerable to newly discovered security flaws. The Election Assistance Commission's rigid certification process actually creates disincentives for security updates: any software modification can invalidate a system's federal certification, potentially costing vendors millions in recertification fees.

Software Architecture Built on Shaky Foundations

The software stacks underlying voting systems reflect decades of legacy development practices, with many systems built on architectures from the early 2000s. ES&S systems employ Visual Basic scripts for tabulation connected to Microsoft SQL Server databases, while Dominion's Democracy Suite uses proprietary database formats for storing Cast Vote Records and ballot images. Hart InterCivic's Verity platform represents a more modern approach with its Linux and Java-based architecture, but even this system relies on cryptographic implementations that security researchers have identified as potentially vulnerable.

The documented vulnerabilities read like a cybersecurity nightmare. In 2023, researchers at the University of Michigan identified multiple severe security flaws in Georgia's Dominion ImageCast X ballot marking devices, demonstrating methods to manipulate votes through barcode alteration without requiring physical access to the machines. These findings followed earlier work by security researcher Harri Hursti, who in 2005 demonstrated the "Hursti Hack" on Diebold systems, showing how memory cards could be manipulated to alter vote counts through executable code on supposedly non-executable storage devices.

The technical attack vectors documented by academic researchers span multiple vulnerability categories. Matt Blaze's comprehensive analysis of ES&S systems revealed the ability to alter precinct results, install corrupt firmware, and erase audit records through fundamental architectural weaknesses. At DefCon's annual Voting Village, security researchers consistently breach every piece of voting equipment tested, typically within minutes of gaining access.

The formal CVE entries make the argument unambiguous. CVE-2022-1747 documented authentication mechanism forgery in Dominion's ImageCast X systems, while CVE-2022-1742 revealed Android Safe Mode access that enables direct operating system manipulation. These are not theoretical vulnerabilities—they represent documented security flaws assigned official identification numbers by the cybersecurity community.

The software update mechanisms create additional risk. The EAC's "De Minimis" category allows for approved updates across multiple systems without additional testing, while the rigid certification process means critical security patches often go undeployed for months or years. Georgia's delayed implementation of critical security updates until after the 2024 election is one example of how the certification process can make systems less secure over time.

A Certification System Optimized for Compliance, Not Security

The federal certification process for voting systems operates through a framework that prioritizes documented compliance over genuine security testing. The Election Assistance Commission's Voluntary Voting System Guidelines have evolved from VVSG 1.0 in 2005 to VVSG 2.0 in 2021, but the fundamental approach remains focused on functional testing rather than adversarial security assessment.

Only two laboratories in the entire United States hold accreditation to test voting systems: Pro V&V in Alabama and SLI Compliance in Colorado. These Voting System Test Laboratories operate under a vendor-payment model where the companies seeking certification pay for their own testing—a conflict of interest that would be unthinkable in other critical infrastructure sectors. The testing process can take six to 12 months and cost upwards of $6 million, creating significant barriers for new entrants while failing to provide meaningful security assurance.

The testing methodologies focus heavily on functional verification—ensuring machines can accurately count votes under normal operating conditions—while providing limited assessment of security resilience. Laboratory testing occurs in controlled environments that cannot replicate the high-stress conditions of actual elections, varying environmental factors, or the presence of sophisticated adversaries. This gap between testing and deployment conditions has proven repeatedly problematic.

The state-level certification processes add complexity without necessarily improving security. While 38 states plus the District of Columbia incorporate federal certification requirements, the additional state testing often focuses on ballot formatting and election law compliance rather than cybersecurity. California's requirement for source code access represents an exception, but even this enhanced scrutiny operates under confidentiality agreements that limit transparency.

The Concentrated Corporate Ecosystem

The voting machine industry's corporate structure reveals market concentration that would trigger antitrust scrutiny in most other sectors. ES&S controls approximately 50% of the U.S. market through its ownership by the McCarthy Group, while Dominion Voting Systems holds about 30% under private equity ownership by Staple Street Capital. Hart InterCivic rounds out the top three with roughly 15% market share, leaving just 5% for all other vendors combined.

This concentration creates significant barriers to innovation and transparency. The three major vendors maintain proprietary systems with limited public documentation, aggressive litigation strategies against competitors and security researchers, and business models that prioritize long-term contracts over technological advancement. ES&S has been documented taking election officials on paid trips to Las Vegas and other locations, while all major vendors maintain customer advisory boards that create ongoing relationships with their government clients.

The international dimensions of the supply chain present additional concerns. A 2020 study by risk assessment firm Interos found that 20% of components in analyzed voting machines came from China-based companies, with 59% of components coming from companies with locations in China or Russia. Dominion operates a software development office in Belgrade, Serbia, with contractors who have access to systems during vote counting periods, while Unisyn is ultimately owned by Hong Kong-based Berjaya Lottery Management.

While all major vendors claim final assembly occurs in U.S. facilities, the critical electronic components are sourced internationally due to availability and cost. ES&S acknowledges sourcing programmable logic devices, capacitors, resistors, and basic circuitry from China, while using security protocols like CTPAT for supply chain protection.

Security Theater versus Security Reality

The gap between promised security measures and actual implementation is perhaps the most significant finding here. Election officials routinely claim voting machines are "air-gapped" and "never connected to the internet," yet cybersecurity researchers have documented 35 ES&S voting machines actively connected to the internet, directly contradicting these statements. All three major vendors acknowledge installing modems in some systems for unofficial election results transmission, creating network pathways that sophisticated attackers could potentially exploit.

The paper trail systems touted as the ultimate safeguard reveal their own vulnerabilities under scrutiny. While 27 states require paper audit trails for direct recording electronic machines, the implementation relies on thermal printers that can jam, run out of ink, or produce records that fade over time. Research shows voters spend an average of only seven seconds reviewing their printed ballot verification—insufficient time to detect sophisticated barcode manipulation attacks.

Post-election audit procedures, considered the gold standard for election security, remain inadequately implemented across most jurisdictions. Only Colorado has implemented statewide risk-limiting audits, which use statistical sampling to verify election outcomes with mathematical certainty. Most states conduct traditional audits of fixed percentages—typically just 1% of machines or ballots—insufficient to detect systematic manipulation across broader populations of voting equipment.

The documented security incidents reveal how these theoretical protections fail in practice. The 2021 Coffee County, Georgia breach involved unauthorized copying of Dominion voting system software and data, while similar incidents in Mesa County, Colorado resulted in voting system passwords being posted online. These breaches demonstrate that insider threats from rogue election officials can circumvent technical safeguards designed to prevent external attacks.

The Technical Path Forward

The technical solutions to voting system security challenges are well-understood by the cybersecurity community, though their implementation faces significant institutional resistance. Security researchers consistently recommend hand-marked paper ballots as the most secure voting method, eliminating the electronic vulnerabilities that plague ballot marking devices and direct recording electronic systems. This approach reduces the attack surface while maintaining the paper audit trail necessary for meaningful post-election verification.

Risk-limiting audits represent the strongest available method for detecting outcome-altering attacks, using statistical sampling to verify election results with mathematical certainty. These audits can detect manipulation regardless of the attack method—whether through hacking, insider threats, or supply chain compromises—making them essential for maintaining public confidence in election outcomes. The statistical methods are well-established. What is missing is political will.

The certification process requires fundamental restructuring to address modern cybersecurity threats. The current focus on functional compliance must evolve to include comprehensive penetration testing, red team exercises, and ongoing vulnerability assessment by independent security researchers. The vendor-payment model creates inherent conflicts of interest that could be addressed through government-funded testing similar to other critical infrastructure sectors.

Open-source voting systems offer the potential for transparent, community-verified election technology. While requiring significant upfront investment and coordination, open-source approaches would eliminate the proprietary barriers that currently prevent meaningful security analysis. Several pilot projects have demonstrated the feasibility of this approach, though widespread adoption remains years away.

Democracy's Digital Dependency

This investigation reveals an election infrastructure built on outdated assumptions about security, operated by a concentrated industry with limited oversight, and protected by measures that often exist more in theory than practice. The documented vulnerabilities in voting systems represent genuine technical capabilities for manipulation, even as no evidence suggests these capabilities have been exploited to alter election outcomes.

The security researchers who have dedicated their careers to analyzing these systems—from Alex Halderman at the University of Michigan to Matt Blaze at Georgetown—have consistently found that the technical protections surrounding America's voting infrastructure are far weaker than claimed by vendors and election officials. Their findings represent not political advocacy but rigorous technical analysis of systems that process millions of votes in every election cycle.

The path forward requires confronting uncomfortable truths about the current state of election technology while implementing known solutions that the cybersecurity community has advocated for decades. Hand-marked paper ballots, risk-limiting audits, and transparent systems represent achievable goals that would significantly strengthen the technical foundation of American democracy. The question is whether the institutional inertia that has allowed these vulnerabilities to persist can be overcome before they are exploited by sophisticated adversaries.

As nation-state actors develop increasingly sophisticated cyber capabilities and domestic actors demonstrate willingness to exploit any available vulnerabilities, the technical weaknesses in voting systems represent a clear and present danger to democratic governance. The technical reality behind the black boxes that count our votes has been documented. What happens next is a policy problem masquerading as a technical one.

---

GhostInThePrompt.com // The black box is a bug. The paper trail is the patch. Democracy is a data integrity problem.