America’s Elections Could Be Hacked. Go Vote Anyway.
The system’s vulnerabilities are real, but please do not stay home.
Will November’s election be hacked? A quick sampling of news stories over the past couple of years offers little comfort.
In the months before the 2016 presidential election, Russian hackers tried to infiltrate voting systems in dozens of states. They succeeded in at least one, gaining access to tens of thousands of voter-registration records in Illinois.
In April, the nation’s top voting-machine manufacturer told Senator Ron Wyden, of Oregon, that it had installed remote-access software on election-management systems that it sold from 2000 to 2006. Senator Wyden called it “the worst decision for security short of leaving ballot boxes on a Moscow street corner.”
At a hacking convention last summer, an 11-year-old boy broke into a replica of Florida’s state election website and altered the vote totals recorded there. It took him less than 10 minutes.
All along, the nation’s top intelligence and law-enforcement officials have been sounding the alarm, warning that Russia is engaged in a “24-7 365-days-a-year” effort to disrupt the upcoming midterm elections and imploring Congress and the White House to take more decisive action.
President Trump may not believe that the risk is real, but the American people do. An overwhelming majority say they are concerned about election security, and more than 60 percent say the Trump administration should be doing more to protect the vote from foreign interference.
Numbers like these suggest that whether or not hackers manage to gain access to voting systems, they have already achieved their main goal, which is to sow pervasive doubt over the integrity of American elections. Whoever wins, this lack of confidence is as damaging to the nation’s democracy as it is to its national security. And it drives down turnout at the polls, as voters who are already skeptical of the political process begin to believe not just that their vote won’t count, but that it literally won’t be counted.
Meanwhile, the Russians show no signs of slowing their efforts to disrupt American elections through disinformation campaigns. On Friday, the Justice Department charged a Russian womanworking for a close ally of President Vladimir Putin with participating in a plot “to spread distrust toward candidates for U.S. political office and the U.S. political system.”
What to make of it all?
First, the bad news. America’s voting systems, like all large and complex computerized systems, are highly vulnerable to cyberattack — whether by altering or deleting voter-registration data, or even by changing vote counts. “The vast majority of technical infrastructure for our voting is absolutely, without doubt, woefully insecure,” saidMatt Blaze, a University of Pennsylvania computer-science professor who studies voting machine security. Both of the primary methods by which Americans cast their ballots — optical-scan machines and touch-screen monitors — can be tampered with fairly easily.
The handful of companies that design and make nearly all of America’s voting machines insist that their equipment is cordoned off from bad actors on the internet, but in fact there are multiple ways in for anyone who is motivated, persistent and willing to commit a federal crime.
These manufacturers could choose to share information in order to help researchers and experts identify security weaknesses, but instead they have zealously guarded it as proprietary, even when the outcome of a presidential election has been at stake — as John Kerry found out when his 2004 presidential campaign attempted to look into voting irregularities in Ohio.