After an election marred by hacker intrusions that breached the Democratic National Committee and the email account of one of Hillary Clinton’s top staffers, Americans are all too ready to believe that their actual votes have been hacked, too. Now those fears have been stoked by a team of security experts, who argue that voting machine vulnerabilities mean Clinton should demand recounts in key states. Dig into their argument, however, and it’s less alarmist than it might appear. If anything, it’s practical. There’s no evidence that the outcome of the presidential election was shifted by compromised voting machines. But a statistical audit of electronic voting results in key states as a routine safeguard—not just an emergency measure—would be a surprisingly simple way to ease serious, lingering doubts about America’s much-maligned electoral security. “Auditing ought to be a standard part of the election process,” says Ron Rivest, a cryptographer and computer science professor at MIT. “It ought to be a routine thing as much as a doctor washing his hands.” … While there’s no indication that polling places in the three states Halderman calls out were hacked, it’s well established that electronic voting machines are vulnerable to malware that could corrupt votes. Many US voting machines today scan a paper ballot that the voter fills out by hand, and many electronic systems produce a paper record as well. In fact, Halderman notes, about 70 percent of Americans live in voting districts that leave a paper trail. record exists that can be used to check its digital results. But all too often, no one ever does, he writes. “No state is planning to actually check the paper in a way that would reliably detect that the computer-based outcome was wrong,” Halderman says.
In fact, around half of all states already do perform some form of “audit” on their electronic voting results. But strangely, those so-called audits aren’t actually designed to stop hackers from installing their candidate of choice as president, says Pamela Smith, the president of the non-partisan group Verified Voting, which focuses on election security.
Smith points out that in Wisconsin, for instance, audit rules require 100 voting places to have their votes checked for errors in any election. But that check is meant to identify reliability problems in the voting machines, not wholesale hacking. Even if widespread errors were found, the audit wouldn’t be expanded to a larger sample of the machines. And ultimately the only recourse of the auditors, no matter how many erroneously counted ballots they find, is to suspend future purchases of voting machines from that equipment vendor. “It’s almost as if it’s designed to not find out if there’s anything wrong, or if there is, not do anything about it,” Smith says.
Performing a real, statistically valid audit of electronic voting results isn’t so hard, says MIT’s Rivest. Auditing the entire national election would require checking about half a percent of paper ballots against electronic results, he and University of Berkeley statistician Philip Stark have found. For a states with close margin, like this election’s results in Wisconsin or Michigan, the audit would need a bigger random sample, but hardly a full recount. Rivest says that statisticians could perform an audit of just 2.3 percent of the ballots in Wisconsin, 11 percent of the ballots in Michigan, or just .7 percent of the ballots in Pennsylvania and determine if the results were correct with 95% certainty. (If they were found to be incorrect, Rivest notes, the audit would be expanded.)