Author: David Dill
This article appeared originally at Scientific American on November 30, 2016.
State-sponsored cyber-attacks seemingly intended to influence the 2016 Presidential election have raised a question: Is the vulnerability of computerized voting systems to hacking a critical threat to our national security? Can an adversary use methods of cyber-warfare to select our commander-in-chief?
A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the presidential election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.
Halderman isn’t going to steal an election, but a foreign power might be tempted to do so. The military expenditures of a medium-size country dwarf the cost of a multi-pronged attack, which could include using the internet, bribing employees of election offices and voting machine vendors, or just buying voting machine companies. It is likely that such an attack would not be detected, given our current election security practices.
What would alert us to such an attack? What should we do about it? If there is reason to suspect an election result (perhaps because it’s an upset victory that defies the vast majority of pre-election polls), common sense says we should double-check the results of the election as best we can. But this is hard to do in America. Recount laws vary with each state. In states where it is possible to get a recount, it often has to be requested by one of the candidates, often at considerable expense.
In the recent election, it is fortunate that Green Party Presidential candidate Jill Stein, citing potential security breaches, recently requested a recount of the 2016 presidential vote in Wisconsin and Pennsylvania and plans to do so in Michigan. Donald Trump unexpectedly won these three states by very narrow margins, and their recount laws are favorably compared with some of the other swing states.
With the limited information we have so far, there is no convincing evidence in the reported results that the election was stolen electronically. However, there is heightened public concern because of alleged Russian hacking of campaign emails and voter registration systems. Also, Mr. Trump and his advisors broadcast repeated claims that the election would be rigged by means including fraudulent voting machines.
Now that the election is over, we must defend our voting system more effectively. It is clearly vulnerable to attack not only by foreign powers, but by criminal groups, campaigns, and motivated amateurs. If elections lose their credibility, democracy can quickly disintegrate. After every election, it is not good enough to say, “We can’t prove fraud.” In every election, we need evidence that vote counts are accurate.
The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003, an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures. This campaign has had significant, but slow, success. As of now, about three quarters of U.S. voters vote on paper ballots. Twenty-six states do some type of manual audit, but none of their procedures are adequate. Auditing methods have recently been devised that are much more efficient than those used in any state. It is important that audits be performed on every contest in every election, so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected whether perpetrated by another country or a political party.
There is no reason we can’t implement these measures before the 2020 elections. As a nation, we need to recognize the urgency of the task, to overcome the political and organizational obstacles that have impeded progress. Otherwise, we risk losing our country to hackers armed with keyboards, without a shot being fired.