On the agenda this summer at one of the largest annual conventions for hackers: a session for kids in attendance on how to break into America’s voting machines. If a preteen computer whiz can crack a voting machine from a hotel in Las Vegas, what might someone more experienced — and less scrupulous — be able to do if they set their sights on the November general election? As we all know, American elections have been targeted before. In 2016, Russia attacked election-related systems in at least 21 states. And reports indicate Moscow has tried to breach other election systems around the world. But while past attacks are certainly reasons for concern, cybersecurity risks exist in every field — they’re part of the world we live in. And the United States has knowledge and resources to mount a defense.
First, outdated voting machines should be replaced. Forty-one states will use equipment that’s a decade old in this fall’s elections. We’ve heard from officials that some of the machines they’re using run on Windows 2000, and they occasionally resort to buying spare parts on eBay. This is especially true of paperless voting machines, which are still used in 13 states. When an election system produces no voter-verified paper record, officials can’t audit results to help identify malfunctions or hacks. And the vote could be impossible to recover if any data is lost or tampered.
Aging voter registration databases, which store voters’ personal information from their registration applications, are also prime targets. We know Russian hackers breached Illinois’ database in 2016, and lawmakers on the Senate Intelligence Committee have said a handful of other states were also targeted. To protect voters, and to prevent people from being disenfranchised if a hack manages to wipe the rolls, states need to upgrade or replace the most outdated systems.