Adding to the already mile-long list of reasons why the United States should never adopt a centralized online voting system, widespread internet outages on Friday serve as yet another example of how the U.S. election system benefits from keeping it old school. High-profile security breaches targeting politicians and alarms raised by the U.S. intelligence community over the possibility of an election day disruption by a malicious foreign actor have already led some states to engage in war-game-like exercises against their own election systems. But denial-of-service attacks, like the one experienced by millions in the U.S. on Friday, is a very different animal from the type of infiltration keeping lawmakers up at night. … “This is a reminder of how effective an attack on one can be an effective attack on many,” said Steve Grobman, chief technology officer for Intel Security. “An attacker seeking to disrupt services to multiple websites may be successful simply by hitting one service provider such as this, a DNS provider, or providers of multiple other Internet infrastructure systems.” The idea of creating a centralized online voting system to enable Americans to vote electronically has been roundly dismissed as bad by government and private industry experts alike. It is also very enticing, perhaps because at first blush it feels only natural to evolve in that direction.
… The election would look very differently after all if one could simply whip out a cellphone and cast a ballot: Long lines and laziness have been suppressing voter turnout since democracy was invented. But, as noted by Motherboard this week, previous attempts to construct internet voting systems have not gone as well as planned. It took a group of University of Michigan students roughly 36 hours to gain full control of a voting system designed by the District of Columbia’s Board of Elections & Ethics.
However, most cybersecurity expert say that applying the KISS principle—or ”keep it simple, stupid”—is the greatest defense Americans have against the type of “rigging” frequently raised this election season. The 50 states, plus the District of Colombia, all run their own election operations; and further, most votes are first collected at the county level. This decentralized format, while it has a lot of moving parts, would be ostensibly impossible to subvert with a computer from the other side of the planet.
The vulnerabilities that do remain are likely to be found in states that no longer offer paper ballots for voting. More than half of the country uses a Direct Recording Electronic (DRE) system to record votes, which stores the results on hard drives. While most generate a printout too, in a handful of states, including Nevada, Louisiana, and South Carolina, there’s no paper trail whatsoever—nothing to compare in audit in the event concerns about tampering are raised.