The US presidential election was correct, according to a crowdfunded effort to recount the vote in key states, but the review also highlighted the unprecedented extent to which the American political system is vulnerable to cyberattack, according to two computer scientists who helped the effort to audit the vote. J Alex Halderman and Matt Bernhard, both of the University of Michigan, campaigned in favor of a recount of the US presidential election, which was eventually spearheaded by Jill Stein, the Green party candidate. Only the Wisconsin recount was substantially completed, with the recount in Michigan eventually stopped and a potential recount in Pennsylvania killed before it had even begun. But the researchers say the recounted counties and precincts were enough to give them confidence that Donald Trump is the genuine winner of the election. “The recounts support that the election outcome was correct,” Bernhard told the Chaos Communications Congress cybersecurity convention in Hamburg, where he and Halderman gave a talk summarising their findings.
In Wisconsin, the only state where the recount was finished, Trump’s victory increased by 131 votes, while in Michigan, where 22 of 83 counties had a full or partial recount, incomplete data suggests was a net change of 1,651 votes, “but no evidence of an attack”, Bernhard said. “I can sleep at night knowing that Trump won the election.” But the experience of pushing for the recount hasn’t reassured Halderman and Bernhard that American democracy is safe. In fact, quite the opposite, said Halderman. “Along the way, we found that hacking an election in the US for president would be even easier than I thought.”
His previous research had already demonstrated security vulnerabilities in every model of voting machine examined, for instance, which would enable an attacker to silently rewrite the electronic record of how many votes each candidate received. But only this election did he learn the extent of centralisation in the organisations that are in charge of maintaining and preparing the voting machines.
In Michigan, for example, 75% of counties use just two companies, each around 20 employees large, to load their machines. Compromising those two companies would theoretically be enough to swing the vote in the state. “How central these points of attack are, that was news to me,” Halderman said.