In August at DEFCON, the annual hackers’ convention in Las Vegas, J. Alex Halderman, a professor of computer science and an expert in cybersecurity, brought along several of his Diebold Accuvote TSX voting machines. The Accuvote is a touch-screen voting device known as a direct-recording electronic voting machine, which, as the name suggests, records votes and stores them on a memory device. Halderman’s machines were set up as part of the Voting Village, an area dedicated to the cybersecurity of voting machines, where visitors were asked to cast votes in a mock presidential election between George Washington and Benedict Arnold. “Because this is DEFCON, of course almost everyone thought they were clever and voted for Benedict Arnold,” said Halderman. At the end of the mock election, with over 100 votes cast, the machine produced the totals and the winner of the two-man race: the Dark Tangent.
That victor, unsurprisingly, was no accident. The Dark Tangent is the hacker name of DEFCON founder Jeff Moss, and before voting began, Halderman had corrupted the machines with malware that overrode all of the recorded votes and replaced them with the homage. Though the context was lighthearted, what Halderman really demonstrated is staggeringly serious: that these kinds of direct-recording electronic voting machines—ones that will still be in use in many states come November—are not secure from remote hacking.
The Center for American Progress recently released a study that highlighted that 42 states use electronic voting machines with software a decade old or more that leaves them especially vulnerable to hacking and malware. What’s more, five states rely solely on machines that leave no paper trail, and another 10 will use them in at least some districts. These paperless voting machines are especially problematic because even if such a machine were known or suspected to have been hacked, there’s no physical backup ballot to check it against—and therefore no way to determine for certain whether the vote an individual cast matched with the vote that the machine recorded. Worse still, some of the states with the poorest voting-system security are also electoral heavyweights, including Georgia, Texas, Pennsylvania, and Florida. It’s a state of vulnerability that’s especially concerning considering recent warnings from leaders like Director of National Intelligence Dan Coats, who in July cautioned that “the warning lights are blinking red” for potentially catastrophic cyberattacks on the nation’s most important digital infrastructure, including on our election systems.