A vote is an act of conscience and will. It's also an act of trust. You're not just marking a ballot for your candidate of choice, your signifying your belief in the system. Your mark will be counted. Your voice will be heard.
However, as we prepare to elect a new U.S. president, the American electorate is faced with the unnerving possibility that the results could be hacked and that sacred trust could be broken.
At risk, the election system itself.
In recent weeks, the Democratic National Committee computers have been hacked and embarrassing emails leaked by WikiLeaks. More recently, Arizona and Illinois voter databases were targeted by hackers.
SEE ALSO: Can you really trust political polls?
Republican Presidential nominee Donald Trump has repeatedly expressed fears that the November 8 election “is going to be rigged.”
While the external threats are real, there is a fundamental flaw with this narrative. The American electoral process is not exactly a single, hackable system. There is no central U.S. voter database. Systems for voter registration, signing-in, voting and tallying the vote vary, sometimes widely, from state to state, county to county and from district to district (there are 180,000 voting districts). Even at a state level, electronic voting systems are not connected to the Internet or, generally, even each other. They’re islands within islands.
A better target
As most experts see it, though, actual vote-tallying systems may be the least likely target for a cyber-attack.
“We know there is some fraud in the U.S. system, but it has always been in the margins,” said Jason Healy a senior research scholar at Columbia University and a former White House Director of Critical Infrastructure Protection.
According to Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, voting systems are not “not connected to internet and…the diversity of system themselves poses a problem for anyone who wants to hack our elections. To attack them in a way to change votes would be quite difficult.”
It’s the systems that support the election process that has them, the U.S. government and cyber-security experts worried.
An attack that generates fear and uncertainty could be enough to hack the elections.
"To me, [our elections] look like a giant bulls eye with a U.S. flag in the center. Russian hackers will take aim. The recent DNC hack is clear evidence that hostile nation states can and will attempt to influence the U.S. presidential contest," said Steve Morgan, founder of the cyber security research firm CyberSecurity Ventures.
Perhaps the scarier question is not if they will try to influence our elections, but how.
An attack that generates fear and uncertainty could be enough to hack the elections, said Hall. For example, sending a text to voters warning of violence at polling places (even when there is none), could keep voters away from the polls for hours or even completely. In an election where voter turnout could play a crucial role, spreading fear and confusion among those who may have only a limited window to actually vote is a real concern.
The key, these states realized ... was simply to keep them from voting at all.
There’s also the potential that someone could hack the systems that manage the voter rolls, some of which are traditional computers. “If the laptops crash or don’t boot up and there’s no paper backup [for the voter rolls], that’s definitely something that will shut down voting for a number of hours,” said Hall.
There is, obviously, precedence, for vote disrupting tactics that predate our digital existence by more than a century. Forty years after the Emancipation Proclamation, southern states essentially created a series of barriers between African Americans (many of whom were former slaves and their offspring) and the voting booth. They instituted literacy tests, new and more complicated registration systems and poll taxes. The key, these states realized, was not to try and sway minority voter sentiment or even to intimidate them into voting the way they wanted them to. It was simply to keep them from voting at all.
Rice University Computer Science Professor and voting systems expert Dan Wallach said it's unlikely that nation-state actors like Russia, which may have been behind the DNC hack, will send anyone to attack these systems at a local level. He added, though, “Nation-state actors are very patient. They wait for that one moment that a system is connected to the Internet, maybe to download an update, that’s all they need.”
Just last month, the Department of Homeland Security offered states help in tackling potential hacking and cyber security threats to their voting systems and encouraged them to take advantage of the new Cybersecurity National Action Plan (CNAP) that the White House unveiled earlier this year. The CNAP is designed to, among other things,raise cyber security awareness and help states and local governments improve local cyber security procedures.
Not everyone is impressed.
A question of influence
“The DHS statement offering to assist states, ‘Hey we’ll help you if you come ask us for help’ is very different than saying we’ll come there and stick our nose in your business to make sure you have things up to snuff,” said Professor Wallach, who characterized the DHS’s efforts as “measured and maybe not adequate to the task.”
Elections are still state-run affairs. As a result, the Department of Homeland Security's offer to help can be little more than that. There's no mechanism for the federal government taking over national elections that are managed at a state (and even more local) level. However, growing concerns about the vulnerability of our voting system — especially to external threats — have led some to wonder if the entire voting system should be viewed differently, in a way that might give the federal government some oversight.
The threat of Russia trying to influence this election is “an absolute concern,” said Jason Healy, who has been studying election policies and the state and U.S. government approach to protecting their systems. Healy would like to see elections treated as if they’re a part of critical infrastructure, which would then afford them the same kinds of protections as the power grid, telecommunications and the water supply.
Healy believes organizations like the non-profit Information Sharing and Analysis Center, which is made up of information technology leaders from around the country, could help mitigate some of the threats to these distributed systems through greater information sharing.
But we’re running out of time. Healy suggested local secretaries of state work with organizations like the ISAC to set up an “ad hoc group to share info in [at the time we spoke] 80 days that we got left, but it’s not a lot of time to set these up,” he said.
These election officials, however do not live in a bubble.
Local administrators are focusing more on security and implementing new procedures to protect their voting systems and registrant data, said Kimball Brace, founder and president of Election Data Services (EDS), a consulting firm that tracks voting practices and assists local governments on election administration.
“From the standpoint of security, I think what you have seen over time is that the renewed concern about security has caused election administrators to be much more focused on the issue and implementing a number of procedures to tackle the issues,” said Brace.
All voting systems undergo rigorous logic and accuracy tests 30 days before each election day. Brace said they test every machine, including running marked up ballots through them to verify that they can accurately capture the votes.
Lessons of another fall
The long political season and intense presidential election race are, undoubtedly, magnifying concerns about external voting system influence and the strength and security of the voting booth systems themselves. However, while our perception is that now is the time to worry, those who work within and track these systems see this concern as a constant concern.
Anyone working in voting technology has been concerned about it for a long time.
When you speak to many people familiar with the vagaries of American voting technology, they express a surprising lack of confidence that it's all up to the task.
“It’s a concern, but not a concern that suddenly is of a bigger concern because someone running for political office may have raised it,” said CEDT's Hall. “Anyone working in voting technology has been concerned about it for a long time.”
That lack of confidence has, over the last two decades, led the American voting system down one or two rabbit holes. The all-paper system that existed well into the early oughts was fine, as long as you didn't look too closely. By-hand paper recounts, themselves subject to potential errors, could reveal oddities — for instance, votes from those who both punched and wrote in for the the same candidate were usually invalidated. Replacing these systems with electronic, direct-input systems led to the uncomfortable realization that many lacked any kind of paper trail. Finding the balance between a system that works and can be trusted has been a nearly 16-year-long journey.
The catalyst for some of the most sweeping changes in American voting system, though, was the 2000 Presidential Election, a super-tight race between then-Vice President Al Gore and then-Texas Governor George W. Bush that ultimately came down to the contested state of Florida.
Bush vs. Gore, which made it all the way to the Supreme Court, shed light on the disjointed and, it seemed, somewhat unreliable hodgepodge of voting practices scattered across America’s thousands of voting districts. In the battleground state of Florida, a punch card system taught us more about the hanging chad than we ever wanted to know.
While Bush won the count and court case, the battle would set in motion a nearly four-year effort to upgrade the U.S. voting system. Called the Help America Vote Act (HAVA), it marked the first time federal money had been used to universally upgrade U.S. voting systems at a district level. It’s the reason that lever systems, with their classic automated curtains, are virtually gone.
Early on, many were replaced with electronic Direct Entry Systems that cost thousands of dollars apiece.
This was progress. And then the bottom fell out.
“A bunch of money was injected into the system and it went to buy horrifically insecure machines,” recalled Hall.
A 2003 analysis of e-voting system software from Johns Hopkins University found numerous security vulnerabilities in the e-voting systems. The study was based on software that may or may not have been up-to-date and representative of the code in-use on Diebold AccuVote-TS systems across the nation. Even so, study co-author Professor Dan Wallach, told me in 2004, “The design and engineering of the system was astonishingly shoddy and naïve.”
In addition to sub-par encryption and a smart card design that Wallach and company thought was susceptible to hacking, the study took issue with the fact that these systems offered no paper trail. Not surprisingly, Diebold disagreed with the study findings and denied that it was based on current software. Regardless, the damage was done. According to EDS, electronic voting system use peaked in 2006.
Ever since then direct entry systems have been on the decline.
Back to the future
“At a very broad level, the market is moving away from paperless, electronic voting systems,” Professor Wallach told me recently.
Voting systems that were purchased with HAVA money a decade ago are, according to Wallach, wearing out and are, at almost $3,000 a piece, too expensive for districts to replace.
“County clerk’s offices are what you would call underfunded.”
Wallach also wonders why some districts would still consider using the systems they purchased between 2002 and 2004. “Would you keep using a computer that you’ve been typing on 10-plus years ago?” he asked.
As districts retire both lever-based and some of these aging, touch-screen, direct-entry electronic systems, they’re replacing them, in many cases, with pre-sync optical scan systems.
Sixty-five percent of registered counties use such systems, according to EDS. You may have used one of these in the last few years. They feature paper ballots that, after you mark them up with your vote, are scanned into a vote-tallying machine. The voting district keeps the paper record, which can be used to verify the vote in the case of a recount.
“We’re seeing a continued drop of electronic systems for 2016 election system. It will go downward,” said EDS's Brace.
DHS support and a shift toward a more consistent, if not unified, approach to vote gathering should be a relief. However, unity is not a word one readily uses when talking about our fractured American voting system.
Georgia's peachy with evoting
Georgia, a potential battleground state that could face almost as much scrutiny in 2016 as Florida did in 2000, is among the roughly 35% of polls that have not switched to scanning systems. All 14 of its voting districts currently use a direct-entry system called ExpressPoll from ES&S and Georgia’s voting system is centrally managed from the campus of Kennesaw State University, home of the Center for Election Systems.
A centrally-managed voting system sounds like a prime target for hackers, but Georgia's Center for Election Systems Executive Director Merle King explained that the system is actually an almost even split of centralized and decentralized. So the management of the ballot creation, voter rolls and system tests are all centrally managed at the university. However, the state election lists or electronic books are then burned to media on dedicated machines and hand-delivered to each county, so no portion of the voter rolls goes over the Internet or a network.
Considering that most experts I spoke to seemed uncomfortable with the continued use of direct-entry electronic voting systems, I had to wonder why Georgia was one of the rare states still using them.
“That’s a loaded question: Are we stuck with it or are we visionary?” chuckled King, who contends that most election fraud is conducted via paper ballots, and mostly through absentee ones.
“When jurisdictions adopt paper, many of the reasons are good reasons, but it’s not to make election more secure,” contends King.
“The idea that you’re using last year’s iPhone or iPad and you’re out of date does not apply to voting tech. You’re still just counting by one. That’s all [these voting systems] do. The notion that age is the equivalent of obsolesce is a fallacy,” he said.
Close is the question
Among election administration officials there’s, said Professor Wallach, a common refrain: May this election not be close. “Close elections magnify importance of all the little things that go wrong,” said Wallach.
Once predicted as a blow-out win for Democratic candidate Hillary Clinton, the upcoming general election is tightening, and could be neck-and-neck after the upcoming debates. If results are close, battle ground states will be scrutinized, as will their voting results and the systems that back them.
Which could bring the focus back the to roughly 40,000 precincts that use electronic systems and, especially, swing states like Georgia. The good news is that many states, including the former punch-card loving Florida, use universal voting systems like ES&S’s ExpressVote, a touch-screen system that also produces a paper record, something that could quell concerns.
Is it enough? Daily stories about brute force attacks on online voter databases and the possibility that hackers will release yet more disruptive information about either party has the parties, their candidates and the voters on edge.
“Certainly now with the Russia interest, certainly now with each side, every four years, saying, ‘This is the historic election and we can’t afford to lose this election’, there is a danger of undermined trust, and [someone saying], ‘If I lose, it proves the system is rigged,’” said Healy
Many I spoke to reminded me that for all the attention layered on this presidential election cycle, the reality is that these voter registration and polling systems are in use all the time. People elect everything from their local council people to a local fire chief on these systems.
“The media covers voting systems like they do Groundhog Day. They cover it once a year and move on,” said Merle King.
For him, the contest between Clinton and Trump is no more or less significant than any other. “Every election is important; every race is important. We’re excited about all of them.”
Source : http://mashable.com/2016/09/26/election-voting-system-analysis/