Recently, Homeland Security Secretary Jeh Johnson said the government was considering classifying voting systems part of the nation’s “critical infrastructure,” a designation currently held by systems such as the electric grid and banking networks. The announcement comes on the heels of reports of a vast infiltration of Democratic Party servers. “Everything we know about voting machines — electronic ones, computerized ones, is they’re not very secure,” says tech security expert Bruce Schneier. “They are not tested, they are not designed rigorously and in many cases there’s no way to detect or recover from fraud. So there really is a disaster waiting to happen.” Aviel Rubin, a professor of computer science at the Johns Hopkins University, agrees. “Unfortunately, I think the thing that’s improved the most in the last 10 years is the sophistication of the hackers and the number of incidents that we see that are occurring daily. If you look at the news you see that ransomware is becoming pretty common,” Rubin says. “The big change that I’ve seen has been just how sophisticated the hackers are today. And they’re sponsored by countries like Russia and China, which is a much more formidable adversary than we had in the past.”
Schneier says the validity of upcoming elections could be threatened. “My biggest fear is that we wake up on Wednesday and there is some evidence the vote was hacked,” Schneider says. “We don’t know for sure, we don’t know how, and it’s in a state, a precinct that decides something important. And we don’t know what to do now.”
… With the US presidential election looming, it’s too late to change much this time, but Rubin says there’s still more that can be done.
“Many of the precincts already have their equipment pretty much locked in. They’ve used them for the primaries and they’re not going to be able to change them. But we can increase the amount of auditing that we do and the amount of surveillance and care that we take,” Rubin says. “A professor from Berkeley has come up with a technique for reducing the risk of undetectable fraud by performing manual recounts in random spots against machines to make sure that statistically we know that the machines are counting the votes correctly.”