Several Florida elections supervisors are disputing a report in Vice News on Thursday that claimed their elections systems were susceptible to hacking because they were left online, possibly for months.
The report, citing the work of a group of elections security experts, claimed seven Florida counties had exposed their systems. The six counties named in the story are Bradford, Charlotte, Flagler, Wakulla, Miami-Dade and Pasco counties. Researchers told Vice they were unable to identify the seventh county.
But two of those counties, Miami-Dade and Wakulla counties, are disputing the report.
Miami-Dade County’s Deputy Supervisor Suzy Trutie denied the report. She referred reporters to the county’s election security fact sheet, which says the vote tabulation server is held in an isolated network without internet access.
Others contacted by the Times/Herald were unaware of the Vice story or hadn’t had time to read it.
Brian Corley, Pasco County’s supervisor of elections, said it wasn’t his office’s practice to continuously connect the election system to the internet. But he did say that his office deliberately connected the election system to the web during testing and on election night when precincts transmit the unofficial results.
“I would need the time frames and the IP addresses referenced in the article to be able to comment further,” Corley said in an email to the Times/Herald.
Another county, Bradford, said that its system was online for about a day this week for routine maintenance. But the rest of the time, it’s disconnected.
“Our elections server is shut down virtually all the time,” said Bradford County Supervisor Terry Vaughan. “It’s kind of bad luck on our part. The one time we happen to have the server turned on was when (Vice researchers) were looking for it.”
A spokeswoman for Florida Secretary of State Laurel Lee, who oversees the state’s decentralized elections system, said the department is “reviewing the report.”
“Any weaknesses that are identified will be addressed prior to the 2020 elections,” Sarah Revell said in a statement.
Vice’s report said 10 experts on election security had identified 35 back-end systems in 10 states that had been left online, some for up to a year.
The systems are made by voting machine manufacturer Election Systems & Software, and they are designed to collect encrypted vote totals from voting machines on election night, according to the Vice report.
The data it collects is used to provide quick — but unofficial — results on election nights, so that the public, reporters and candidates can call races. Official results are typically stored on memory cards on the machines themselves. They are tabulated later by elections workers, Vice noted.
While the devices are online, they have firewalls intended to keep people from intruding into the connection, according to Vice, which noted that firewalls are not necessarily foolproof.
Normally, the systems are supposed to be online for brief periods, then disconnected from the internet.
Wakulla County Elections Supervisor Henry “Buddy” Wells hadn’t seen the story but didn’t believe his system was left online.
“I’m shocked,” he said. “None of our elections systems are tied into the outside world.”
Bradford County’s Vaughan said that one of the researchers Vice noted called his office on Wednesday asking for publicly available information on the server. But no reporter from Vice had contacted him, and he didn’t know a story was being written about it.
He said there was no penetration of the system while it was online this week. But he said he would be following up with his election system vendors.
“Frankly, we want to know if there’s something that needs to be addressed,” he said.
Herald staff writer Samantha J. Gross contributed to this report.