September 15, 2020
The Honorable Laurel Lee
Election Director Maria Matthews
Division of Elections
Florida Department of State
R.A. Gray Building
500 South Bronough Street
Tallahasse, Florida
Dear Secretary Lee and Director Matthews,
We, as members of the computer science, cybersecurity, and election integrity communities, are
writing to urge you to act now to protect election systems and minimize attack vectors by
eliminating the use of wireless modems and public telecommunication infrastructure, including
the Internet, in election systems.
As we rapidly approach the 2020 general elections, election administrators face unprecedented
challenges conducting elections. The COVID-19 pandemic continues to disrupt ordinary
operations and requires new procedures and protocols. As officials grapple with these
extraordinary events, we must not lose sight of the fact that our elections remain under attack by
the opponents of a free and fair democracy, who wish to compromise our election infrastructure
to sow chaos, distrust, or even manipulate the election outcome.
During the 2016 election cycle, Russian intelligence agents gained and maintained access to
State and County board election networks.1 These efforts have not abated; intelligence officials
maintain that foreign agents continue to try to hack into U.S. election systems.2 We must assume
that all election systems are under attack by hostile agents seeking to corrupt, manipulate or
disrupt our election systems.
Wireless modems connect voting systems to the Internet
It has been asserted that voting machines are not vulnerable to remote hacking because they are
never connected to the Internet, but both the premise and the conclusion are false. Election
systems can be directly or indirectly exposed to internet-based attacks. Moreover, many voting
machines currently in use around the country use embedded or integrated wireless cellular
“Assessing Russian Activities and Intentions in Recent US Elections,” Office of the Director of National Intelligence, Januar y
6, 2017. Available at: https://www.dni.gov/files/documents/ICA_2017_01.pdf
2 William Evanina, the election security czar for the White House, recently issued a statement warning that foreign agents
“seek to compromise our election infrastructure … we continue to monitor malicious cyber actors trying to gain access to U.S.
state and federal networks, including those responsible for managing elections.” “Statement by NCSC Director William
Evanina: 100 Days Until Election 2020,” Office of the Director of National Intelligence, July 24, 2020. Available at:
https://www.dni.gov/index.php/newsroom/press-releases/item/2135-statement-by-ncsc-director-william-evanina-100-daysuntil-election-2020
1

 modems to transmit unofficial vote totals to county election management systems. These vote
totals are typically received at the County on standard PCs that are regularly used to program
voting machines and aggregate vote totals. Though these systems should never be directly or
indirectly connected or exposed to the Internet, the use of wireless modems directly connects
those devices to the Internet and exposes them to Internet-based attacks.
Voting system vendors may have asserted that cellular modems utilize a different network, but
today’s cellular modems are part of the Internet, making the systems vulnerable to common
Internet-based attacks. This fact has been explicitly and unequivocally affirmed by the National
Institute of Standards and Technology (NIST).3 In fact, computer security researchers have
demonstrated that these systems are visible on the Internet to potential attackers.4
Furthermore, wireless modems introduce their own inherent weaknesses that can be exploited to
compromise an election system.5 In addition, a cellular device can be tricked into connecting to
false mobile cell towers (such as Stingray surveillance devices6) enabling significant disruption,
and if there is improper authentication of a connection, there could be false reports from devices
impersonating precinct voting machines.
Connecting to the Internet, even briefly during machine maintenance, programming, pre-election
testing, poll worker training, or on Election Day, makes the system vulnerable to attacks that
could impact current or future election results. When contemplating the use of wireless modems
and connectivity to public networks in the next generation of the federal voluntary voting system
guidelines, NIST wrote:
“There are significant security concerns introduced when networked devices are then
connected to the voting system. This connectivity provides an access path to the voting
system through the Internet and thus an attack can be orchestrated from anywhere in the
world (e.g., Nation State Attacks). The external network connection leaves the voting
system vulnerable to attacks, regardless of whether the connection is only for a limited
period or if it is continuously connected.”7

3At

a December 18th 2019 presentation to the EAC’s Technical Guidelines Development Committee, a NIST official stated that
use of wireless modems: “…make the voting system a node on the internet… [and] also could potentially provide an entryway
for remote attackers, but not just close-range remote attackers, once you’re on the internet now even further nation-state
attackers may have access to you. What’s the impact of that? It could be a loss of confidentiality and integrity of that voting
system and that information that’s on the voting system…If you’re able to inject malware into the voting system, now you can
change the data, now you can change the information that’s within the voting system, or change the behavior of the voting
system itself…” Available at: https://www.eac.gov/events/2019/12/18/eac-technical-guidelines-development-committeeconference-call-meeting-121819 29:30
4 Kim Zetter, “Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials,” Vice,
August 8, 2019. Available at: https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-beenleft-exposed-online-despite-official-denials
5 Modems are known to have been compromised by foreign agents by exploiting known weaknesses in a commonly used
Border Gateway Protocol (BGP) to re-route traffic at the direction of the attacker. This weakness has been termed the
“notorious BGP” and is reckoned to be the “internet’s biggest security hole. See: Kim Zetter, “Revealed: The Internet’s Biggest
Security Hole,” Wired, Aug. 26, 2008. Available at: https://www.wired.com/2008/08/revealed-the-in/
6 For an introductory overview of these devices, see generally, MSI-catcher, https://en.wikipedia.org/w/index.php?title=IMSIcatcher&oldid=856220555 (last visited Oct. 2, 2018).
7 “Draft Recommendations for Requirements for the Voluntary Voting System Guidelines VVSG 2.0,” National Institute of
Standards and Technology, January 31, 2020. Available at:
https://collaborate.nist.gov/voting/pub/Voting/VVSG20DraftRequirements/vvsg-2.0-2020-01-31-DRAFT-requirements.pdf

2

 NIST extended its warning to caution that wireless modems expose voting systems to
ransomware attacks, a dangerous threat that has crippled municipalities.8
Recognizing that election administrators will need other options for transferring election results
efficiently, NIST outlined several alternative ways to transfer election results which protect the
integrity of the voting by ensuring a robust airgap at the voting machines and the election
management system. This is most easily accomplished by transferring the results (by appropriate
means) to a separate device which is on the Internet, transmitting the results to another device at
the county headquarters which is also on the Internet, then transferring the data from that device
to the election management system manually or by barcode, while maintaining a secure “air-gap”
for the election system itself. We urge you to review their document9 which provides alternative
transmission methods.
Therefore, we strongly urge election administrators to cease all use of wireless modems and
provide these recommendations:
1. Voting system components—from vote capture and tabulation machines to election
management systems—should not be connected to the internet, cellular network, or other
public telecommunications infrastructure at any time, even temporarily, from the time of
manufacture until end of life through wireless modems or other means.
2. Election administrators should not transmit election results from vote tabulation devices over
any network, including cellular networks, “dial-up” connections, and the Internet. Instead,
they should adopt procedures to transfer election results on digital media such as memory
cards, thumb drives, or paper to election management systems. Removable media should not
be re-used: only brand-new storage devices from a trustworthy source. No device that is ever
connected to a voting machine, tabulator, or election management system should ever be
connected to the Internet or any other network, including cellular networks.
3. Cellular modems within voting systems should be physically removed, not simply disabled in
software.
These recommendations do not imply that posting unofficial election results on properly
configured and protected public accessible government web sites should be stopped.
Discontinuing the use of wireless modems in voting systems will not make voting systems
impenetrable. Many other attack vectors still exist. The only way to ensure resilience in voting
systems is by requiring voter-verified paper ballots, verifiably secure chain of custody of the
ballots, and robust, manual post-election audits of the results against the paper ballots.

“Baltimore government held hostage by hackers’ ransomware,” BBC News, May 23, 2019. Available at:
https://www.bbc.com/news/world-us-canada-48371476
9 Alternative methods of election results transmissions are outlined in this document “Wireless Use Case Analysis,” from the
National Institute of Standards and Technology Cyber Security Working Group. Available at:
https://collaborate.nist.gov/voting/pub/Voting/CyberSecurity/WirelessUseCaseAnalysis-OpenArea-Sept16-2019.pdf
8

3

 The undersigned thank you for your service and your immediate attention to this critical national
security issue. We stand ready to work with you to protect our nation’s election infrastructure
from all threats, foreign and domestic.
Sincerely,

Free Speech For People

Center for Scientific Evidence in Public
Issues (EPI Center)
American Association for the Advancement
of Science

Electronic Frontier Foundation

OSET Institute Inc.

Dr. Andrew W. Appel*
Professor of Computer Science, Princeton
University

Dr. Duncan Buell NCR*
Professor in Computer Science and
Engineering Dept of Computer Science and
Engineering University of South Carolina

Cindy Cohn
President
Electronic Frontier Foundation

Dr. Richard A. DeMillo*
Charlotte B. and Roger C. Warren Professor
of Computer Science
College of Computing
Georgia Institute of Technology

Aleksander Essex, Ph.D, P.Eng*
Associate Professor
Associate Chair, Graduate
Department of Electrical and
Computer Engineering
Western University
London, ON, Canada

Dr. Michael D. Fernandez
Founding Director
Center for Scientific Evidence in Public
Issues (EPI Center)
American Association for the Advancement
of Science

Lowell Finley*
former Deputy Secretary of State
California

Dr. Juan E. Gilbert*
Andrew Banks Family Preeminence Endowed
Professor & Chair
Computer & Information Science &
Engineering Department
University of Florida

Susan Greenhalgh
Senior Advisor on Election Security
Free Speech For People

Dr. J. Alex Halderman*
Professor, Computer Science and Engineering
Director Center for Computer Security and
Society
University of Michigan

4

 Harri Hurst*
Founding Partner
Nordic Innovation Labs.

Dr. Douglas W. Jones*
Associate Professor
Department of Computer Science
University of Iowa

Dr. David Jefferson*
Lawrence Livermore Laboratories
(Retired)

Gregory A. Miller
Chief Operating Officer
OSET Institute, Inc

Dr. Peter G. Neumann*
Chief Scientist,
SRI International Computer Science Lab

Mark Ritchie*
Former MN Secretary of State
Member of the EAC Board of Advisors
Former president of the National Association
of Secretaries of State

Dr. Avi Rubin*
Professor, Computer Science
Johns Hopkins University

Bruce Schneier*
Fellow and Lecturer
Harvard Kennedy School

E. John Sebes
Chief Technology Officer
OSET Institute, Inc.

Kevin Skoglund*
Chief Technologist
Citizens for Better Elections

Professor Eugene H. Spafford*
Executive Director Emeritus, CERIAS
Purdue University

Dr. Philip B. Stark*
Professor, Associate Dean of Mathematical
and Physical Sciences
Department of Statistics
University of California at Berkeley

Dr. Dan S. Wallach*
Professor, Department of Computer Science
Rice Scholar, Baker Institute for Public
Policy
Rice University

Dr. Poorvi L. Vora*
Professor of Computer Science
The George Washington University

*Affiliations listed are for identification purposes only and do not imply institutional
endorsement.

5