Perhaps no time in United States history has a national election’s security come under such scrutiny.
Republican presidential candidate Donald Trump continues to beat the drum of voter tampering and fraud, yet has provided no evidence of a potentially rigged election. Security experts are quick to point out that the undercurrent of discontent amongst the electorate is based more on fear than fact. Those election officials and security consultants involved in protecting the sanctity of the voting process say the possibility of rigging a national election is virtually non-existent. They do, however, admit it would only take one or two incidents to substantially undermine the public’s confidence in the process.
FBI Director James Comey, recently testifying before the House Judiciary Committee, said that the attention being paid to the integrity of state voter registration systems is certainly justified, but given the fact that the actual voting process remains so “clunky and dispersed”, makes it extremely difficult to hack because the apparatus are not hooked up to the Internet.
Comey added that federal authorities have been advising state officials that they need to establish safeguards for their systems. He noted that the voter registration databases were especially at risk. Director Comey also cited incidents of potential probing by hackers as they search for system vulnerabilities.
So, just how vulnerable is this year’s presidential election to potential tampering and computer hacks? Dana Simberkoff, Chief Compliance and Risk Officer at AvePoint, an independent software vendor, and manufacturer based in New Jersey, says there are concerns and they should be taken seriously.
“There is an absolutely valid concern about the security (or hackability) of e-voting systems. This stems mostly from concerns about the core foundational elements of a good voting system – specifically anonymity, accuracy, security, and scalability. While voting systems need to be able to fully maintain the anonymity of voters, it’s also critical to validate the accuracy of cast votes, which is almost impossible to do without an audit and paper trail. In fact, there have been anecdotal reports of complaints in some jurisdictions with early voting that machines are changing the result on the screens of people who are using them,” Simberkoff says. “There does not appear to be any evidence that this was due to security issues. Early feedback suggests this may be user error. However, anything that casts doubt on the veracity of the election process is in itself problematic.
“Further, these machines and systems are also connected devices – allowing for many potential points of failure from both a security and scalability perspective. A single error in a line of code may cause catastrophic results. And there is simply no system imaginable that is entirely and utterly breach-proof. So we must consider both the security and integrity of the machines themselves and then the ways in which they transmit data as potential points of vulnerability.
“We have relied for some time on computers and machines to tabulate the results of manually counted paper ballots. Are we more or less likely to suffer from security issues and fraud with our neighbors manually counting votes than machines doing so? I would argue that today’s method, with checks and balances involved with paper ballots and human intervention combined with computers, is a better way to go.”
In fact, in the upcoming election, close to 80 percent of national voters will be casting in areas that either still uses paper ballots or voting machines with paper backup systems. And as Simberkoff points out, both methods are considered much more secure than the use of online systems only. But are the claims that hackers can’t influence the U.S. elections because voting apparatus is simply too decentralized and for the most part too offline to be threatened true?
“No, I think the opposite is likely true. Because of the fundamentally decentralized nature of elections, and the fact that elections are also often handled at a local level, it’s likely that there will be a tremendous variance in the sophistication and security knowledge available to the local teams responsible for handling and managing election machines.” Simberkoff says. “Smaller towns with election officials that have less sophisticated computer skills may represent bigger targets. However, whether the results of a small town or large city are undermined, even a minor hack would be enough to shake the confidence of the entire electorate. The actions of a single bad individual could be enough to subvert our election process.”
Some security experts fear the lack of security oversight and sophistication in some local voting machine technology, hinting that it might take just one disgruntled election official plugging in a contaminated thumb drive to alter voter counts and infect the system with malware. Secretary of Homeland Security Jeh Johnson recently admitted that 33 states and 11 county or local election agencies have asked for help from DHS for cybersecurity risk and vulnerability assessments.
In some jurisdictions, local rules allow the transfer of election results using WiFi rather than putting the information on a thumb drive that’s physically taken to the central tally site. How vulnerable does that make this information to hackers?
“Once election results are transmitted over the web, another potential point of failure and manipulation may be introduced. If a coder entered a bad line of code or left a vulnerability in the system, as we recently experienced with the DDoS attack stemming from IoT devices that brought down many websites, our democratic process could be compromised. Data in transit introduces more vulnerability.
"However, thumb drives may be equally vulnerable, so unless they are encrypted, this may also introduce its own level of vulnerability and potential data loss,” Simberkoff says.
For election officials and security experts alike, ensuring the public trust and maintaining confidence that the U.S. electoral system is beyond compromise is of paramount importance. When it comes to the country’s current heightened state of anxiety regarding the 2016 vote, does Simberkoff feel its overstated?
“No, it’s absolutely not. Our right to vote is fundamental to our freedoms and liberties. The idea that an election could be compromised either by a disgruntled coder, bad actor, or indeed an entire country is not only incredibly disturbing but also quite probably realistic. While it’s possible to build better and better systems, it’s also quite possible that those systems can be compromised. There will always be questions about the use of computer systems in elections. Just as there is no such thing as perfect security, there will no such thing as a perfect voting machine,” concluded Simberkoff.