How I Learned to Stop Worrying and Love the Vote: Russian Hackers and Cybersecurity in the Presidential Election

October 5, 2016

As an already contentious election season draws into the homestretch, national security officials have detected hacking attempts to at least 20 state voter registration systems. And Russia could be to blame.
With more states moving toward housing voter registration rolls online, the concern is that hackers could potentially gain access and delete voters in swing states in order to tip the scales toward a particular election outcome. Although voters could still cast provisional ballots if there is a discrepancy with their registration, this sort of breech could cause chaos at the polls with long lines and disgruntled voters. Secretary of Homeland Security Jeh Johnson assures the public that no evidence has been found of any manipulation of those voter registration systems.
The FBI is investigating Russian hackers as the potential culprits of the activity. Leads include Vladimir Fomenko, “the owner of a server rental company called King Servers used by hackers in an incursion on computerized election systems in Arizona and Illinois this year.” Multiple congressional leaders have also pointed to Russia. The White House has yet to publicly accuse Russia for the attacks, but concerns over releasing classified information to support the accusation and Vladimir Putin’s aggressive posturing towards public rebukes may explain the slow acknowledgment from the Obama administration.
Amid the hacking reports are renewed concerns that voting machines themselves may be at risk, leading to contested election results.

Fortunately, the nation’s bulky and decentralized voting system actually adds a critical layer of protection against election manipulation.

The United States has over 8000 separate jurisdictions in which voters cast ballots, and all of them use their own voting methods based on state and local rules. This means hacking the entire U.S. voting system is nearly literally impossible to penetrate much less to alter the results of the election.
Even so, FBI Director James Comey said, “We are urging the states just to make sure that their deadbolts are thrown and their locks are on and to get the best information they can from [the Department of Homeland Security], just to make sure their systems are secure.”
Some states have more to worry about than others. One in four voters live in a jurisdiction that does not have a paper backup system, which would allow states to conduct audits in a contested election. CBS reports: “Five states are completely paperless: Delaware, Georgia, Louisiana, New Jersey and South Carolina. Nine other states have some counties that use paperless systems: Arkansas, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee, Texas and Virginia.” Among that list, crucial swing states like Pennsylvania cause the most concern.
Professor Andrew Appel of Princeton University demonstrated how easily the digital voting machines, like the ones used in Pennsylvania, could be hacked. Appel and a student managed to modify a machine with their own computer chips that would throw off the machine’s results in just seven minutes. Appel and colleagues have been sounding the alarm for nearly 15 years, engaging in a series of stunts to spread a simple message: “That the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there.”
To minimize the risk of tampering at polling locations, the chief security officer of cybersecurity company Carbon Black Ben Johnson suggested that election officials should:

  • Keep individuals from having prolonged access to the physical voting machines; 
  • Turn off any communications capacities, like Wi-Fi or Bluetooth, on the machines;
  • Make sure no other devices are plugged into the machines;
  • And train polling station workers, typically volunteers unfamiliar with cybersecurity, on the importance of enforcing these measures.

While the likelihood of a massive hacking operation on voting machines remains extremely improbable, the real risk is the potential doubt sown in the American electorate. With tensions high in this election, cyberattacks may cause voters to question the legitimacy of the results.
According to a report “Democracy at Risk” by Carbon Black, “more than half (56%) of U.S. voters are concerned that this year’s election will be affected by hacking/cyber attack.” The report estimates that more than 15 million voters may choose not to vote because of concerns over cybersecurity.
Hopefully, these concerns about aging voting machines and vulnerable online systems will prompt a review of the nation’s voting infrastructure and prompt the federal government to appropriate new funds to update state systems. Until then, voters might do well to opt for paper absentee ballots in those jurisdictions without a paper backup.