Between all of the hacked documents being released by WikiLeaks, the massive Yahoo email hack and the recent super-sized DDoS attack, it's natural to wonder whether a technical hack could affect or rig the upcoming U.S. elections.
Although there is no doubt that throughout history, attempts have been made toward voter fraud, the question we ask in this post is whether it is actually possible to hack a voting machine.
The Voting Machine Hardware
In 2002, the U.S. congress passed the Help America Vote Act, in the hopes of making sweeping reforms to the nation’s voting process. The goal was to address issues with voting systems that arose following the 2000 presidential election.
The Act’s guidelines were voluntary but it came with $4 billion in federal funding for help in updating voting methods. The majority of voting machines were sold prior to 2006 and they included Advanced Voting Solutions WINvote, the Sequoia (Dominion) AVC Advantage and the Premier/Diebold (Dominion) AccuVote TS & TSx. Now 10 years old, these machines are considered vintage and have had a lot of press about their security. (Take a look at this list for some of the concerns about voting machines.)
In an interview with NPR, Rick Hasen, founder of the Election Law Blog, said that, “Voting machines themselves are not connected to the Internet - so it's not as though we have a central repository of all votes. Someone could go in and change the numbers and that's it.”
He does concede that some places, like Pennsylvania, have electronic voting machines without a paper trail. “I think that in terms of voter confidence that's a real problem. I think we have to get rid of those machines,” Hasen said.
The DDoS attack that occurred earlier this month has increased concerns about election rigging. Could a DDoS attack be used to rig the vote?
Hasen says that the election might be disrupted by a DDoS attack, but not in the way people think:
“If we had a hack that took the internet down for effective communication, took down internet-based telephones or affected traffic signals or affected get out the vote efforts, you could easily imagine that a major attack on the internet could interfere with our election, could shut down polling places that lack electricity, could make it harder to get out the vote. You could then imagine people aggrieved by what's going on running to court and seeking to have voting extended a certain period of time. And you could see that leading to concerns about the legitimacy of the election.” But such an attack would not be capable of changing votes that come in.
Shelly Palmer, writing for AdvertisingAge, says that, “even though hacking an individual machine is relatively easy, hacking the right machines in the right places to successfully and undetectably ‘rig’ a national election would take an almost impossible-to-imagine coordinated effort by an army of technicians and wizened election volunteers from both political parties.”
Chris Ashby, a Republican campaign finance and election lawyer, stated in his blog on Vox,
“I believe in election fraud — voter impersonation, double voting, absentee ballot fraud, ineligible voter registrations. It all happens. How much, to what effect, and what should be done about it are subjects of great debate. But it does happen — certainly not anywhere even remotely near the extent that Donald Trump is contending it does — and so we should guard against it. None of that, however, means our system of voting is rigged. It is not.”
Ryan Godfrey is an independent (and occasional Republican) voter who has served as a minority voting inspector through five elections, acting alongside an appointed clerk and machine inspector and, as a check and balance to, the Democratic judge of elections and majority inspector. His job is to sign in legal voters, take down their names, and keep the voting machines humming.
Godfrey addressed the question of whether voting machines can be rigged:
“If you had access to the machine's motherboard and logic chips, you could theoretically change out the hardware and get it to perform any way you wanted (although to my knowledge this has never been fully demonstrated with this machine). But you'd have to gain physical interior access to literally every machine you wanted to affect. These machines cannot be networked; there is no chance of infecting one with a virus and having that malevolent code spread to any other machine.”
Most of the pundits say that, while the odds are low, our election results could be affected by some kind of social engineering. However, they also say that everyone who can do anything about it is fully aware that it might happen and is as ready for it as anyone can be.
Toni Bowers is a veteran technology reporter and editor. She currently writes the SMB blog for IT Business Edge, which advises small businesses on how to get the most out of tech on a small budget.