Public discussion of hackers meddling with the election has increased concern
Experts caution that influencing the presidential election through cyberattack is virtually impossible
Editor’s Note: This is the second in a series about the security of the election system. Click here to read the first installment.
The Obama administration is accusing Russia of hacking US political organizations. States are reporting attempts – in one case successful – to breach voter registration databases. And the final days of the campaign are dominated by talk of whether the race is “rigged.”
Is the election rigged?
The public is understandably concerned about the integrity of next month’s election.
But election officials and cyber experts say it’s virtually impossible for Moscow or some other outside group to influence the election outcome.
Hackers could create mischief – some say “chaos” – but the election system is resilient enough to withstand shocks. The key concern, experts feel, is public perception: Sowing distrust is easily achieved even without successful hacks.
Here are five things you should know about the security of the election system.
1. Why is it unlikely the presidential election can be swayed by a hack?
The American election system is decentralized by design, with state, county and local governments all managing voting. Even though many precincts use voting machines, none are connected to the Internet, nor are they connected to each other.
That’s not to say voting machines don’t have vulnerabilities – those have been well documented and studied for more than 10 years. But to influence the outcome of a presidential election or statewide race would require physical tampering on a grand scale across in counties across multiple states on Election Day: In other words, it essentially can’t be done.
“Nobody is going to be able to change the outcome of the presidential vote by hacking voting machines. The system is too distributed, too decentralized, too many implementations for any individual actor or group to make substantial change,” said Nicholas Weaver, a computer scientist and cybersecurity expert at the International Computer Science Institute at the University of California, Berkeley.
“Yes, they’re horribly insecure, yes, many of them give me nightmares,” he continued, “but the attacker’s not going to be able to change the outcome of the presidential vote that way.”
2. What kind of preparation is there to ward off attacks?
Election officials are on guard for any problems on voting day. Machines go through rigorous pre-election testing every cycle, and many states do post-election audits to verify results as well. About 75% of votes will be cast on machines that generate a paper trail, adding further confidence.
States can also tap federal resources. The Election Assistance Commission creates standards for voting technology and certifies it, and provides officials to help with security preparedness. The Department of Homeland Security says at least 36 states and 11 local election officials have responded to their offer to help with vulnerability scanning, as well.
“I think that elections are as secure as they’ve ever been, and I think that with the added thought of incidents occurring, election officials are paying extra attention to this,” EAC Chairman Thomas Hicks said in an interview with CNN. “Voters should have the confidence that if they got to the polls, their votes will be counted accurately.”
3. What can be affected by hackers?
A bigger concern for most experts isn’t the actual hacking of ballots or vote totals but registration databases. Many of those are connected to the Internet as a way for voters to register, make changes or check their status.
That was the target in Illinois, where hackers successfully stole roughly 90,000 voters’ information, such as their names, drivers license numbers and last four Social Security Number digits. But no data was changed in the system itself, which would indicate an attempt to go beyond mere identity theft to cause electoral disruption.
Nearly two dozen other states have reported attempts to break into their registration databases, with the US government saying the attacks have been traced back to servers in Russia.
But it is unknown if those attempts are related to election fraud and government hackers or run-of-the-mill cyber criminals, who also tend to be based in Russia.
“Whoever did that hack really just wanted the voter data from Illinois in some way,” said Joseph Lorenzo Hall of the Center for Democracy & Technology. He explained that voter registration data is some of the most useful for committing identity fraud.
The real threat to the ballot box would be if hackers delete voters from the database entirely, meaning when they arrived at the polls, their names wouldn’t appear in the system.
4. What if something goes wrong?
By law, voters who don’t show up as registered properly can cast a provisional ballot and then follow up to verify their registration in the days following the election. The process would be tedious, but not prohibitive.
Voters can show their voter registration cards at polling stations, and many states also keep frequently updated back-up copies of their voting rolls offline or in hard copy, and. Those back-ups could be used to rectify any changes made by hackers.
“If you’re just trying to disrupt the election, there are easier ways than an attack on a voter registration database that would probably not stop people from voting anyway,” according to Travis County Clerk Dana DeBeauvoir, a Texas election official who works on election security.
Resilience in response to the unexpected is a primary focus of election officials in general. Any number of things, from natural disasters to poorly designed ballots to long voter lines, can disrupt Election Day. Louisiana Secretary of State Tom Schedler recently testified before Congress that he was making contingency plans for flooding as well as cyber intrusions.
“We don’t get a lot of sleep right before early voting starts because we just want to make sure everything’s perfect, so we check and check and check,” DeBeauvoir said. “Election administrators often play the game of what if: What if this happens, what if that happens? And we play that scenario enough so we know what to do if any circumstances arise.”
5. So should voters be worried?
Experts say rather than the hacks, it’s the reaction from the public that scares them.
Rumors of hacking – even if not successful – could undermine faith in the election and play into a losing politician’s claim that the election was “rigged.” Republican presidential nominee Donald Trump has frequently questioned whether the election results can be trusted.
“That’s what worries me, not just the cyberattack impacting the vote, but the cyber fears playing into such a narrative,” Weaver said. “The damage is not the computer hack. The damage is the reaction to the computer hack.”
DeBeauvoir also urged voters to have “patience,” saying Election Night results are always a first pass, with officials verifying results and collecting mail-in ballots over the following days.
“In World War II, there used to be a saying: Loose lips sink ships,” DeBeauvoir said. “It’s the case in this instance, too. It’s not real that there’s a concern that there’s going to be a hack that would affect voters, it’s the talk about it that’s the real hack.”
She added, “It’s cheap, easy and effective. It works really well unless we all recognize that’s what it is and give voters information.”