Since the 2016 election, there has been a good deal of commentary and reporting about the threats to American democracy from, on the one hand, Russian interference by Facebook and Twitterbot-distributed propaganda, and on the other, voter ID laws and other partisan voter suppression measures such as electoral roll purges. Both of these concerns are real and urgent, but there is a third, yet more sinister threat to the integrity of the November 6 elections: the vulnerability of the voting machines themselves. This potential weakness is critical because the entire system of our democracy depends on public trust—the belief that, however divided the country is and fiercely contested elections are, the result has integrity. Nothing is more insidious and corrosive than the idea that the tally of votes itself could be unreliable and exposed to fraud.
Although election officials often claim our computerized election system is too “decentralized” to allow an outcome-altering cyber-attack, it is, in fact, centralized in one very important way: just two vendors, Elections Systems & Software, LLC, and Dominion Voting, account for about 80 percent of US election equipment. A third company, Hart Intercivic, whose e-slate machines have recently been reported to be flipping early votes in the current Senate race in Texas between Beto O’Rourke and Ted Cruz, accounts for another 11 percent. The enormous reach of these three vendors creates an obvious vulnerability and potential target for a corrupt insider or outside hacker intent on wreaking havoc.
These vendors supply three main types of equipment that voters use at the polls: optical or digital scanners for counting hand-marked paper ballots, direct record electronic (usually touchscreen) voting machines, and ballot-marking devices that generate computer-marked paper ballots or “summary cards” to be counted on scanners.
Contrary to popular belief, all such equipment can be hacked via the Internet because all such equipment must receive programming before each election from memory cards or USB sticks prepared on the county’s election management system, which connects to the Internet. Thus, if an election management system is infected with malware, the malware can spread from that system to the memory cards and USB sticks, which then would transfer it to all voting machines, scanners, and ballot-marking devices in the county.
Malicious actors could also attack election management systems via the remote access software that some vendors have installed in these systems. ES&S, which happens to have donated more than $30,000 to the Republican State Leadership Council since 2014, admitted earlier this year that it has installed remote access software in election management systems in 300 jurisdictions, which it refuses to identify. And in August 2004, as reported by bradblog.com, the United States Computer Emergency Readiness Team released a Cyber Security Bulletin concerning the Diebold GEMS central tabulator, stating that “a vulnerability exists due to an undocumented backdoor account, which could [allow] a local or remote authenticated user [to] modify votes [emphasis added].” This central tabulator was used to count one-third of the votes in 37 states in the 2004 election.
The memory cards or USB sticks used to transfer the pre-election programming from the election management system to the voting machines, scanners, and ballot-marking devices constitute another potential attack vector. In theory, the person who distributes those cards or USB sticks to the precincts could swap them out for cards containing a vote-flipping program.
Memory cards are also used in the reverse direction—to transfer precinct tallies from the voting machines and scanners to the election management system’s central tabulator, which aggregates those tallies. Problems can occur during this process, too. During the 2000 presidential election between George W. Bush and Al Gore, for example, a Global/Diebold machine in Volusia County, Florida, subtracted 16,000 Gore votes, while adding votes to a third-party candidate. The “Volusia error,” which caused CBS news to call the race prematurely for Bush, was attributed to a faulty memory card, although election logs referenced a second “phantom” card as well. As noted recently in the New York Times Magazine, questions from this disturbing episode remain unanswered, such as “[W]hat kind of faulty card deleted votes only for Gore, while adding votes to other candidates?” The incident, however, slipped from public consciousness amid the hoopla over hanging chads and butterfly ballots.