Last updated on January 23rd, 2025 at 12:44 pm
An important lesson became clear last week after a Colorado jury convicted former Mesa County Clerk Tina Peters of helping conspiracy theorists to breach her countyβs voting system in 2021. Her verdict shows us the true threat to elections is not the voting machines.
This news analysis originally appeared in Votebeatβs free weekly newsletter. Sign up to get future editions, including the latest reporting from Votebeat bureaus and curated news from other publications, delivered to your inbox every Saturday.
At the same time the trial was wrapping up, some tech whizzes were gathered in Las Vegas at DEF CON, the annual event where white-hat hackers try to break into all kinds of computer systems, from banking to aerospace, in search of security vulnerabilities.
Voting machines are among the technologies tested, and β every election cycle β some reporters cover the βVoting Villageβ at DEF CON breathlessly. For example, here is how Politico described the event last week:
βSome of the best hackers in the world gathered in Las Vegas over the weekend to try to break into voting machines that will be used in this yearβs election β all with an eye to helping officials identify and fix vulnerabilities.
The problem? Their findings will likely come too late to make any fixes before Nov. 5.β
One technologist quoted in the piece said that the vulnerabilities the researchers found spanned βmultiple pages,β though he declined to comment on what they were. He would only say that the findings were βconsistent with previous years,β Politico reported.
Jennifer Morrell, a partner at the Elections Group, has long criticized DEF CON. The Voting Village, she said, βcontinues to erode public trust by highlighting vulnerabilities in outdated voting systems that are no longer in use, serving to advance the organizerβs own interests.β
By contrast, she said, other attempts at investigating machine security β like the recent Election Security Research Forum β βfoster collaboration to genuinely strengthen the security of our election systems.β
This isnβt the first time DEF CON has sparked misleading coverage of voting security. In 2018, for example, DEF CON circulated a story that an 11-year-old had hacked a state elections website. That report was super misleading and basically not true, but it still dominated the news cycle for multiple days.
And since 2020, election conspiracy theorists often cite the misinformation about easily hacked voting machines to support Donald Trumpβs false narrative of a stolen election.
While DEF CON can be an interesting academic exercise, letting hackers take their shot at election equipment in a hotel ballroom is not an accurate simulation of how elections are run, or where the vulnerabilities lie.
The real, pressing security issues are not the things DEF CON uncovers, but rather the more boring things: chain-of-custody procedures, appropriate training, and adequate oversight.
Which brings us back to Tina Peters, an actual threat to elections systems.
βThis case was a simple case centered around the use of deceit to commit a fraud,β Robert Shapiro, a special deputy district attorney for Coloradoβs 21st Judicial District, told the jury during closing arguments in Petersβ trial Monday. βItβs not about computers. Itβs not about election records. Itβs about using deceit to trick and manipulate others, specifically public servants who were simply trying to do their job.β
Hereβs how the Colorado Sun summarizes the extent of Petersβ deceit and subversion, as recounted in court:
βProsecutors reminded the jurors that Peters had surveillance cameras turned off in the secure tabulation room before she brought in a former pro surfer named Conan Hayes to copy information from the hard drives on that system. She used an encrypted messaging system with her small band of co-conspirators. She had some of those conspirators start using burner phones so their conversations could not be monitored by law enforcement. She bragged about having a βhidey holeβ in her house where she placed a phone that was initially overlooked by law officers who searched her house.β
Itβs not sexy, but both the things Peters did, and the things investigators did to prove sheβd done them, were basically straightforward: The person in charge (Peters) allowed someone without authorization to copy technical information from her office, and then this information was posted online. An investigation followed, and Peters wasnβt particularly good at hiding her tracks. Now, she could be going to jail, potentially for many years.
None of the things Peters did to endanger the voting system were particularly high-tech. Their exploits give the vibe that Peters and her pro-Trump allies watched a few Tom Cruise movies and went from there. And yet, the tantalizing voting machine βhackingβ scenario captivates us in every election cycle. Itβs fun to think about, itβs fun to write about, sure, but itβs not really that helpful to understanding the actual problems facing us as millions of Americans prepare to cast their ballots in November: A problem of trust.
None of this should minimize the potential damage someone like Peters can cause. Exposing sensitive voting data is extremely harmful. Part of what she allowed to be posted online included passwords for voting equipment. In Petersβ case, it led the state of Colorado to decertify Mesa Countyβs entire set of machines, putting taxpayers on the hook to replace them.
Thereβs been quite a lot of coverage of election conspiracy theorists taking up positions in election offices. So, thereβs a chance weβll see more of this wrongdoing this year. Weβd encourage readers to keep their eyes on the ball: If our systems are compromised this year, the culprit is likely to be a misguided county employee rather than a faceless hacker.
Back Then
I donβt mean to suggest that DEF CON canβt be helpful. It is a fascinating test of transparency and abilities, and can lead to good outcomes. In 2017, for example, Virginia finally decertified its direct-recording electronic voting machines in part because of DEF CON.
According to the Washington Post, βThe three-member board voted unanimously to decertify Direct Recording Electronic voting machines, acting partly out of concern that their security had been compromised at DefCon β¦. The machines do not produce a paper trail, which the department described as an important security feature.β
The decision meant that 12 jurisdictions in Virginia that werenβt already planning to ditch their DREs β encompassing 140 precincts with some 190,000 voters β had to replace them quickly before the stateβs general election that November.
Jessica Huseman is Votebeatβs editorial director and is based in Dallas. Contact Jessica at jhuseman@votebeat.org.
This article was originally published by Votebeat, a nonprofit news organization covering local election administration and voting access.
