A majority of U.S. states are planning to conduct their November elections using electronic machines with technology invented when cybersecurity threats did not loom as quite as large as they do now. It seems like an election crisis waiting to happen. But, despite recent hacks of Democratic Party data– and suspicions of Russian government involvement—a widespread attack on electronic voting machines is unlikely, according to people familiar with existing systems. Still, states and Congress should move to upgrade and protect a legion of outdated machines from isolated attacks, they say. … There’s no evidence that a voting machine has been hacked during an election, said Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, who specializes in voting technology. Although that doesn’t mean a hack couldn’t happen, the wide variety of machines and methods used to vote from precinct to precinct would require an army of people within U.S. borders trying to tamper with machines on a local level, Hall said. “A widespread effect is highly unlikely because the resources required would be very large,” Hall said. “There are attacks you can accomplish from afar for an internet voting system that aren’t possible with the system we have now.” Hall said that doesn’t mean that small-scale electronic voting hacks aren’t a concern. Outdated voting machines are “horrifically insecure,” he said.
Last year, 24 percent of Virginia precincts used what was dubbed the “worst voting machine ever”—one with an internet connection hackable from a polling place parking lot, said Pamela Smith, president of Verified Voting, a nonprofit organization that advocates for accuracy of elections. The machine has since been decertified, and some states have enacted laws regulating internet connectivity of machines.
Online voting pilot programs, such as one that was tested in Washington D.C. in 2010, were shown to be hackable after University of Michigan students breached the system in 36 hours, Smith said. Thirty states will use some form of internet–based voting in November, but it remains limited to certain types of overseas, absentee or military voters, Smith said.
The most important element to safeguarding elections, according to sources familiar with the subject, is having a voting system that can be audited: about three-quarters of Americans will vote in November using methods that leave a paper trail. That allows even electronic machine voters to check that their vote was recorded correctly, and election officials to conduct recounts, Smith said. About half of the states require post-election audits, and most of the others can conduct them “if any other problems came to light,” Stimson said.
In short, analog methods may be the best security against a hack. “You can probably hack any system, but in some systems you can check what the intent was,” Smith said.
States with electronic machines that do not print out paper voting receipts will be more vulnerable to a hack, Smith said. Delaware, Georgia, Louisiana, New Jersey and South Carolina use these machines statewide, and ten other states have them in some locations, according to Smith.