It took me around 10 minutes to crash the upcoming midterm elections. Once I accessed the shockingly simple and vulnerable set of tables that make up the state election board’s database, I was able to shut down the website that would tally the votes, bringing the election to a screeching halt. The data were lost completely. And just like that, tens of thousands of votes vanished into thin air, throwing an entire election, and potentially control of the House or Senate—not to mention our already shaky confidence in the democratic process itself—into even more confusion, doubt, and finger-pointing. I’m 17. And I’m not even a very good hacker. I’ve attended the hacking convention DEF CON in Las Vegas for over five years now, since I was 11 years old. While I have a good conceptual understanding of how cyberspace and the internet work, I’ve taken only a single Python programming class in middle school. When I found out that the Democratic National Committee was hosting a security competition for kids and teens, however, my interest in politics fed into curiosity about how easy it might be to mess with a U.S. election. Despite that limited experience, I understood immediately when I got to Las Vegas this year why the professionals tend to refer to state election security as “child’s play.”
The Voting Machine Village at DEF CON, where attendees tackled vulnerabilities in state voting machines and databases, raised plenty of eyebrows among election boards and voting machine manufacturers alike. It’s a hard pill to swallow for the public, too: No one wants to believe that—after waiting in a lengthy line, taking time off from work or finding a babysitter in order to vote—their ballot could be thrown away, or even worse, altered.
Consequently, people started to take notice as reports came in from both the intelligence community and organizations like the DNC, a co-sponsor of the Voting Village, about the ease with which a foreign power could potentially do such a thing. Since electronic voting was introduced in the early 2000s, leaders in both Washington and our state capitals have repeatedly failed to keep up with rapid advances in information technology and cybersecurity.