State-sponsored cyber-attacks seemingly intended to influence the 2016 presidential election have raised a question: Is the vulnerability of computerized voting systems to hacking a critical threat to our national security? Can an adversary use methods of cyber-warfare to select our commander-in-chief?
A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the presidential election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.
Halderman isn’t going to steal an election, but a foreign power might be tempted to do so. The military expenditures of a medium-sized country dwarf the cost of a multi-pronged attack, which could include using the internet, bribing employees of election offices and voting machine vendors, or just buying voting machine companies. It is likely that such an attack would not be detected, given our current election security practices.
What would alert us to such an attack? What should we do about it? If there is reason to suspect an election result (perhaps because it’s an upset victory that defies the vast majority of pre-election polls), common sense says we should double-check the results of the election as best we can. But this is hard to do in America. Recount laws vary with each state. In states where it is possible to get a recount, it often has to be requested by one of the candidates, often at considerable expense.
In the recent election, Green Party presidential candidate Jill Stein, citing potential security breaches, requested recounts of the 2016 presidential vote in Wisconsin, Pennsylvania and Michigan. Donald Trump unexpectedly won these three states by very narrow margins, and their recount laws are favorable, compared with some of the other swing states. In Wisconsin, the recount took place, confirming Trump’s victory; in Michigan, the recount was ended by court order; in Pennsylvania, the recount was prevented altogether by a decision in federal court.
With the limited information we have so far, there is no convincing evidence in the reported results that the election was stolen electronically. However, there is heightened public concern because of alleged Russian hacking of campaign emails and voter registration systems. Also, Mr. Trump and his advisors broadcast repeated claims that the election would be rigged by means including fraudulent voting machines.
Now that the election is over, we must defend our voting system more effectively. It is clearly vulnerable to attack, not only by foreign powers, but also by criminal groups, campaigns and motivated amateurs. If elections lose their credibility, democracy can quickly disintegrate. After every election, it is not good enough to say, “We can’t prove fraud.” In every election, we need evidence that vote counts are accurate.
The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded.
Since 2003, an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures. This campaign has had significant, but slow, success. As of now, about three quarters of U.S. voters vote on paper ballots. Twenty-six states do some type of manual audit, but none of their procedures are adequate. Auditing methods have recently been devised that are much more efficient than those used in any state. It is important that audits be performed on every contest in every election, so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected, whether perpetrated by another country or a political party.
There is no reason we can’t implement these measures before the 2020 elections. As a nation, we need to recognize the urgency of the task to overcome the political and organizational obstacles that have impeded progress. Otherwise, we risk losing our country to hackers armed with keyboards, without a shot being fired.
David Dill’s article originally appeared as a blog post in Scientific American. Dill is the founder of Verified Voting, which consists of VerifiedVoting.org and the Verified Voting Foundation. Together, these two nonprofit organizations work to achieve evidence-based elections and transparent processes through best practices in the deployment of accessible, secure, voter verifiable systems, and to provide comprehensive resources to advocates, media, voters and election officials nationwide.