In light of the recent reports about the hacks at the DNC, DCCC and Clinton campaign, several new reports out this week are examining the possibility of hacking voting machines. While there are currently no credible threats about hacking the vote in November, these reports present a somewhat troubling portrait about the country’s preparedness to deal with such an attack.
A new report on Tuesday in Wired says many of the problems we see today are a result of the Help America Vote Act of 2002. That act was passed with the goal of phasing out the punchcard systems that caused so many headaches in Florida during the 2000 election. Although the act succeeded in its primary goal of eliminating punchcard systems, it has also resulted in a number of new cybersecurity problems.
“People weren’t thinking about voting system security or all the additional challenges that come with electronic voting systems,” the Brennan Center’s Lawrence Norden told Wired. “Moving to electronic voting systems solved a lot of problems, but created a lot of new ones.”
The main problem, according to the report, is the software used in many of the electronic voting systems is outdated. Some systems still run on Windows XP, yet Microsoft has not released a security patch update for that system in over two-years. This obviously leaves the machines vulnerable to attacks. Not just attacks designed to potentially change recorded votes, but attacks that could slowdown the machines ability to process votes in a timely manner.
Norden explains, “If you have machines not working, or working slowly, that could create lots of problems too, preventing people from voting at all.”
Voter registration databases and county election commission websites are also under threat. According to NPR, election officials in Illinois last week shut down the state’s voter registration database after discovering a breach. In May, Florida law enforcement officials also reportedly arrested a man who gained access to the Lee County election website.
“Wherever there’s a fully electronic voting system, there’s potential for tampering of some kind,” Pamela Smith, president of Verified Voting, told NPR in an interview.
“Potential” appears to be the keyword, at least when discussing hacks on voting machines. Fortunately, the reports say there has not been a verified hack on a voting machine in operation during an election.
Wired reports the closest incident yet to a verified hack occurred in Virginia in 2015. In that case, thousands of votes were decertified after it was discovered “anyone within a half mile could have modified every vote, undetected.”
Edgardo Cortes, the commissioner of elections in Virginia, told NPR his office is working hard to ensure they do no have a repeat of the 2015 incident in November.
“We have somebody from outside come and take a look at our systems, look at access to those systems, look at how the data’s stored, how it’s housed, to come back and report to us and say, ‘OK, here are the things that are working well, here’s the things that you can improve upon,’ “ Cortes said.
While that provides some comfort, the article also suggests that fears of a state actor trying to directly influence our election process are also overblown. In other words, it is incredibly unlikely that the Russians would attempt to hack the voting machines to ensure a certain candidate was elected.
Ryan Maness, an international cyber conflict and Russian foreign policy expert told the news outlet Putin would not be stupid enough to try to rig the U.S. vote, especially if Russia was already involved in the other Democratic Party affiliated hacks. Maness said the risk and blowback of such an action would be far too severe, even for the Russians. He also stated that if Russia is really involved in the other hacks, they were most likely trying to embarrass Hillary Clinton more so than trying to elect Donald Trump.
However, we do not simply have to rely on Putin’s fear of blowback — at least in some key battleground states.
Both Florida and Ohio reportedly have solid electronic voting systems in place. Additionally, both states have audit requirements in place that allow for checking the electronic vote totals against a paper records. This has been described by experts as the very best system for ensuring accuracy in the vote totals.
Unfortunately, NPR reports it is a different story in Virginia and Pennsylvania, the latter causing the most concern. These two key battleground states do not use a paper-backed systems. “Security experts argue that if those machines are hacked, it might be almost impossible to know,” the article states.