WASHINGTON (Reuters) - Virginia on Friday agreed to stop using paperless touchscreen voting machines that had been flagged by cyber security experts as potentially vulnerable to hackers and lacking sufficient vote auditing capabilities.
The action represented one of the most concrete steps taken by a U.S. state to bolster the cyber security of election systems since the 2016 presidential race, when U.S. intelligence agencies say Russia waged a digital influence campaign to help President Donald Trump win.
Virginia’s board of elections voted to accept a recommendation from its state election director, Edgardo Cortes, to decertify so-called direct-recording electronic machines, which count votes digitally and do not produce paper trails that can be checked against a final result.
Barbara Simons, the president of Verified Voting, a nonprofit that advocates for auditable elections, applauded the decision as “a critical step toward securing its elections”.
At least 21 states had their election systems targeted by Russian hackers last year leading up to the November 8 contest, according to the Department of Homeland Security. While a small number of systems were breached, there is no evidence any votes were manipulated, the agency concluded.
Arizona and Illinois have publicly confirmed that hackers targeted their voter registration systems. Other states said they had not been informed whether they were among those to have their systems scanned.
Most states will not hold a major election until November 2018, but Virginia will elect a new governor and other statewide officials this November.
Five states still rely solely on direct record electronic machines, according to Verified Voting. They include New Jersey, which will also elect a new governor this year.
Eight other states rely on a mix of paper ballots and paperless direct recording electronic machines, the group said.
Reporting by Dustin Volz; Editing by Andrew Hay