Whether or not foreign governments are planning on manipulating our election results in November, it’s past time we started taking the security of electronic voting seriously.
Even if it turns out that the FBI’s suspicions that Russian government forces are behind the hacking of the Democratic party turn out to be untrue, the fact our government is willing to publicly speculate on the possibility should be cause for some alarm. While it’s true that from a hacking sense the Democrats’ computers were probably low lying fruit and easy pickings, so are many of the voting machines that will be called into service in November’s general election.
For decades we’ve known that many voting machines are subject to tampering, and many reasonable people are suspicious that tampering on the state level has already affected the outcome of some elections. This year we can double down on those concerns. In an era when politically motivated officials have been putting in place draconian voter restrictions in order to quell largely unproven fraud by a handful of individual voters, we’ve connected our voting machines to the Internet, which is an open invitation to foreign governments that might have a reason to want to have control over who governs us. In light of the recent allegations against Russia, that should be worrisome.
It’s not just me who’s concerned. In an article published Wednesday by the Washington Post, security technologist and open source advocate Bruce Schneier expressed his concerns that if the recent Democratic party security breaches were indeed carried out by the Russian government, they may be a precursor of things to come.
“If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.”
Schneier is particularly worried about the vulnerability of the technology used in balloting. “[W}e need to secure our election systems before autumn,” he wrote. “If Putin’s government has already used a cyberattack to attempt to help Trump win, there’s no reason to believe he won’t do it again — especially now that Trump is inviting the ‘help.'”
Trump supporters and adversaries alike, I’m sure, will agree that no good can come from foreign governments manipulating our election results.
Again, we are vulnerable to such attacks. Most if not all voting machines in use in the U.S. are proprietary, meaning there’s not only no way to determine if there are back doors available to corrupt state officials, there is no way to check for other security vulnerabilities either. The fleet of machines being used is also aging, with CounterPunch reporting that in South Carolina all voting machines are more than 10 years old and in no state are all machines less than 10 years old.
They are often vulnerable in other ways as well. In the Post article, Schneier points to a year old item in the Guardian reporting that in Virginia “[t]ouchscreen voting machines used in numerous elections between 2002 and 2014 used ‘abcde’ and ‘admin’ as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report.”
“But while computer security experts like me have sounded the alarm for many years,” Schneier says, “states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.”
Schneier is calling for immediate and independent testing of all voting machines and for pulling those that don’t pass muster offline. Going forward, he suggests that we “return to election systems that are secure from manipulation,” in part meaning no voting machines without a voter-verified paper audit trail and absolutely no Internet voting. “I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.”
All of this makes great sense and although Schneier is so far the only voice suggesting we protect the vote from a Russian intrusion, he’s not the only one sounding an alarm over voter security. In December, New York University’s Lawrence Norden and Christopher Famighetti pointed out on Phys.org: “Many older voting systems rely on outdated operating systems, like Windows XP and 2000, which are no longer supported. Several election officials told us that they stockpile refurbished laptops that can run obsolete versions of Windows.”
It seems doubtful we’ll see anything more than a band aid approach before November, which is unfortunate. A large number of U.S. citizens already feel our election system is rigged and that the individual’s vote doesn’t matter. A wholesale hacking of the voting system of just a single state, whether by a foreign government or someone else, would only further erode voter confidence in the system.