“If there has ever been a clarion call for vigilance and action against a threat to the very foundation of our democratic political system, this episode is it,” former Director of National Intelligence James Clapper told senators in May. Clapper’s warning about the impact of Russian interference in the 2016 election and the potential damage from future cyberattacks around the world packed a particularly powerful wallop. Over the next few days in Las Vegas, a group of white hat hackers will run a “Voting Machine Hacking Village,” using real U.S. voting machines to back up Clapper’s alarm with a demonstration of the vulnerability of some of our voting systems. This private effort, part of DEF CON, the world’s largest hacker convention, highlights a serious public problem: our election infrastructure was attacked and will be again; our federal and state governments must do much more to protect our most cherished right as Americans, our vote.
Voting machines that produce no voter verified paper record of each ballot are in use in at least part of 15 states. With no paper record, it’s impossible to audit electronic tallies to detect malware that can alter votes or vote totals.
Just as bad, even in states using machines with voter verified paper records, most don’t have voting machine audit processes that could detect malware designed to flip the outcome.
Well-resourced hackers, whether funded by foreign governments or criminal syndicates, have the access and ability to infect computerized voting machines and tallying systems across the United States. This can occur even if the machines are not connected to the internet. Attackers can, for example, deploy software like Stuxnet and Brutal Kangaroo to target “off line” voting machines.