Are Horry County elections vulnerable to hackers? Lawsuit against state says yes

Voters' rights in South Carolina are being threatened due to aging, vulnerable voting equipment.

That's the allegation being made in a federal lawsuit against the state Election Commission that points to issues in Horry County to make its case.

The State published a report Tuesday about the 45-page lawsuit, which alleges that South Carolina's thousands of digital voting machines are antiquated, break down, leave no paper trail of votes that can be audited, and have "deep security flaws" that make them vulnerable to hacking by Russians and others.

The lawsuit was filed by Phil Leventis, a former longtime state senator from Sumter, and Frank Heindel, a Mount Pleasant businessman who has filed numerous Freedom of Information requests seeking information on how the state's voting machines work.

The suit specifically cites issues with Horry County's recent primary election and a 2005 election "in which machines in Myrtle Beach repeatedly malfunctioned and caused the supply of of emergency paper ballots to be running out," though the county didn't start using the machines until 2006, according to county elections director Sandy Martin.

The county's June primary election came under scrutiny after it couldn't immediately complete the state-required audit and three days later found 200 uncounted votes from the Ocean Forest.

Read Next

The issue led to some controversy in the race for county chairman, as incumbent Mark Lazarus waited for a recount before conceding to challenger Johnny Gardner, who won by 113 votes.

Martin said the votes were never missing, but a Personalized Electronic Ballot was not read due to an error on the part of a poll worker and the county, nothing to do with the machines.

North Myrtle Beach residents show up at their polling places to cast their ballots on the Tourism Development Fund (TDF) tax on Tuesday . The TDF, a 1-percent sales tax that goes mainly toward out-of-area marketing, will be decided by voters today. March 6, 2018. JASON LEE jlee@thesunnews.com

PEBs are cartridges that poll managers insert into the voting machines to activate the machines at the beginning of voting and deactivate and collect the votes stored on each machine at the end of voting.

Marci Andino, the state commission's executive director, explained that poll managers are required to use the same PEB to open and close each machine, but the issue in Horry County stemmed from a poll manager using two different PEBs.

She said the mistake is common and happens in some county just about every statewide election despite training.

Read Next

The issue was exacerbated, Andino said, because the county missed a step in its audit process that would have caught the error before certifying its results.

Martin said she's confident her department will avoid a similar issue in the future. Voting machines already are being delivered to precincts ahead of the July 17 special primary election for school board chair, she said.

Martin noted that the electronic voting machines are old — the lawsuit alleges they're already at the end of their life expectancy — but they work fine beyond some occasional battery and power issues.

The lawsuit points to numerous studies by computer experts that conclude the state's iVotronic system "is plagued with vulnerabilities that undermine its reliability."

Assessments of each county's election information security, conducted in 2016 by the South Carolina National Guard Defensive Cyber Operations Element, found Horry County carried "high" vulnerabilities in three key areas of security.

The report, obtained via FOIA by plaintiff Heindel, is redacted where the National Guard describes the risks and makes recommendations, but it does note that other counties carried more serious "critical" vulnerabilities.

The lawsuit also notes the U.S. Senate Select Committee on Intelligence reported in May that Russians launched cyber-attacks on election commissions in at least 18 states. Machines like those in South Carolina are "at (the) highest risk" for hacking, the suit says, noting top Trump administration officials have warned Russia will try again this year to interfere with U.S. elections.

Andino said the commission has been working with the General Assembly for years to secure funding to replace the voting machines, but in the meantime, they are working with state, federal and private partners to ensure all elections are as secure as possible.

"Every machine is vulnerable to hackers," she said. "No system is 100 percent secure."

David Weissman: @WeissmanMBO, 843-626-0305