Election hacking FAQ: 2016 US presidential election edition

election hacking US election

With all the recent headlines about “hacking the vote” and “voting hacked” quite a few people are asking if hackers could change the outcome of the 2016 US presidential election. Unfortunately, it is impossible to provide a responsible answer to that question in just a few words, so for folks interested in the many complex issues that this question raises I’ve compiled a list of objective, non-partisan answers to 10 Frequently Asked Questions on the topic of election hacking.

I’m going to start with a fundamental question, the answer to which provides some necessary context for the rest of the questions.

Q1. It’s 2016, why aren’t we voting online?

A1. Voting for the 2016 US presidential election is not online because secure internet voting is not possible in the US given the currently deployed technology. The vast majority of voting in the US presidential election takes place on systems that are not connected to the internet (in my professional opinion given the current state of internet security, this is a good thing). There is more about the technology requirements for internet voting in the answer to Question 10.

For a comprehensive overview of the security issues unique to voting, I recommend reading “If I Can Shop and Bank Online, Why Can’t I Vote Online?” by David Jefferson, a computer scientist at Lawrence Livermore National Laboratory. Although it was written a few years ago, this essay remains an accurate statement of the bottom line: The highly distributed and diverse voting processes used for the US presidential election give a level of security that is different from, and higher than, that required for online banking or shopping. In other words changing the outcome of the US presidential election through digital manipulation of the voting process is a lot harder than stealing money from an ATM or making a fraudulent online purchase.

Q2. If it’s so hard to rig the election by hacking the vote, why is everyone talking about it?

A2. There are several reasons for the current conversations about vote hacking.

i. Some polling places still use badly designed electronic voting machines. For many years, security and voting experts such as myself have called for these machines to be removed from the process. Because they are unfortunately still in use in some places, they show up in the media during every election cycle under headlines about voting machine hacking. Sadly, these articles often fail to address how these admittedly deplorable machine vulnerabilities could be exploited in an actual election-rigging scenario. The reality is that it would be very difficult to produce undetectable bogus voting outcomes without a large and coordinated effort by a determined entity that has a considerable in-country presence.

ii. One of the two leading 2016 presidential candidates has repeatedly claimed that the election is rigged and, despite a lack of evidence, some people assume that this candidate’s assertions mean fraudulent voting can take place at a scale that would determine the outcome of the election. They tend to cite headlines about “vote hacking” without reading the whole article, which may go on to say “this security issue will have no effect on the election” (other than a possible psychological effect, see Q8).

iii. Historically there have always been some politicians and public figures who find it convenient to say the presidential election is rigged. For example, if you think your candidate is going to lose, then claims of a rigged election before the votes are counted offer an excuse if they lose. Claims of a rigged election can also serve to undermine the authority of the eventual winner of the election, something you might want to do if you think it gives you political advantage (although there are numerous potential downsides to this strategy including the eventual repudiation of your strategy by voters in future elections).

Prior to the introduction of computers into the election machinery, claims of vote rigging centered on fraudulent balloting by dead people or people voting more than once, and so on. Those strategies led to the complex system of checks and balances in the voting processes that are used today. This system can block fraudulent voting before it happens and also detect it after the fact so that it can be remediated.

iv: In 2016 we have seen several hacking incidents directed at parts of the voting system and some of the players in the election. However, none of these have impacted the integrity of the voting process (see Q6).

v. A popular television program called Mr. Robot uses the tag line “Our democracy has been hacked” although frankly I didn’t see much democracy hacking in the program. I did see numerous realistic depictions of hacking activity that were technically accurate, but it is important to remember that Mr. Robot is not technically accurate in its portrayal of reality (my own take is that Mr. Robot is a science fiction/fantasy taking place in an alternative reality where the world economy is dominated by a single “too-big-to-fail” corporation.)

Q3. What exactly do you mean by “hacking the vote” and “hacking the election”?

A3. By hacking the vote I mean unauthorized access to, or manipulation of, information systems used in the voting process. This includes breaking into digital devices used for voting and denial of service attacks targeting any of these systems. What is not included is “hacking the election” in the sense of manipulating public opinion, like a disinformation campaign. Such actions are more accurately described as “information warfare” and not hacking, although information warfare may well use hacking. For example, you might be able to influence the outcome of an election like this: first you hack source A which has ties to your opponent; then you make sure the public knows that source A has experienced a security breach; finally you publish documents that appear to come from source A and have been doctored to make your opponent look bad. However, this is an indirect swaying or disruption of the vote, in that the votes would still reflect the intentions of the voters who cast them.

Q4. Can the voting machines used in the 2016 US presidential election be hacked?

A4. Yes, some of the voting machines used in the 2016 US presidential election can be hacked, but that in itself does not mean the election can be hacked. Millions of cars and trucks on the road today can be hacked, but that doesn’t mean they are being hacked or that we should stay off the roads. Converting the exploitation of vulnerabilities in certain electronic voting devices into fraudulent vote totals on Election Day would require considerable “meatspace” resources (meatspace = people in the flesh, real world operatives prepared to commit crime as opposed to criminal hackers who remain relatively untouchable in cyberspace).

There are two main reasons that hacking voting machines to affect an election outcome does not scale well. First, the US has not embraced internet voting. Very few voting machines are networked and even less are on the Internet. The lack of network connections between voting systems actually works as a safeguard and imposes a manpower burden on would-be fraudsters. Second, voting in US presidential elections is a highly fragmented process. Each state votes separately and within each state there are scores of different voting jurisdictions (some 8,000 altogether). So, for example, it is not like you can use a phishing email to infect Arizona’s voting machines and thereby steal the election.

A further level of protection against translating election machine vulnerabilities into a rigged election outcome is the numerous checks and balances in the US voting system, as discussed in Q5. So, even if you individually hacked Arizona’s unconnected voting machines to produce fraudulent vote totals on Election Day it is highly probable that this would be detected and subject to intense scrutiny, auditing, even a recount. And yes, I know that some voting systems make doing an audit and a recount very difficult (the main problem is Direct Recording Electronic or DRE machines that have no paper trail for backup). But if the goal is to get away with a fraudulent outcome by hacking voting machines, my opinion is that such a goal would be very hard to reach, even if the attempt produces a logistical problem that is very difficult to solve.

Q5. What checks and balances exist to ensure people don’t get away with hacking votes?

“election laws anticipate human error and cheating, and guard against them at multiple levels”
A5. I’m inclined to let Chris Ashby answer this. Chris is a leading member of the Republican National Lawyers Association with a lot of election experience. His recent article “The Election Is Not Rigged” provides a pretty good summation of the checks and balances so I am quoting him at length here as he explains how “election laws anticipate human error and cheating, and guard against them at multiple levels”:

  • Private citizens — not government bureaucrats — serve as the “clerks,” “inspectors,” “officers” or other election officials who run our polling places and conduct the voting.
  • Most state laws permit local political parties to appoint or nominate these officials, and require a roughly even partisan balance between them.
  • The law also permits parties and candidates to send pollwatchers into each polling place to stand over the election officials and monitor them as they work.
  • Election officials count votes and tally results.
  • Candidate and party representatives also observe this process.
  • Following the election, there is a public canvass at which the election night results are redetermined, to make sure that they are aligned.

I urge everyone to read Mr. Ashby’s article, which goes on to list five very difficult things you would have to do to rig the election, on top of which “you’d still have to Jedi-mind trick lawyers, political operatives and state election administrators, all of whom scrub precinct-level returns for aberrant election results, and scrutinize any polling place result that is not in line with what they would have expected, based on current political dynamics and historical election results.”

Still not convinced? How about this recent quote from Senator Marco Rubio of Florida, where voting is carried out by the state’s 67 counties, with each one operating independently of the other: “I promise you there is not a 67-county conspiracy to rig this election.” Or this, from Texas Secretary of State Carlos Cascos: “Texas has 254 counties using a variety of voting methods. The decentralized system in addition to layers of checks would make changing the outcome of a statewide election essentially impossible.”

Q6. What are voter rolls and if they’ve have been hacked, how can we be sure voting is accurate?

A6. Voter rolls are the lists of people who are registered to vote. These are managed and scrutinized at the local level by the 8,000 different voting jurisdictions into which the country is divided, but are typically aggregated at the state level. Numerous voter roll hacking scenarios exist, like deleting a bunch of your opponent’s supporters from the rolls or adding a bunch of fake supporters. The problem with turning these scenarios into a fraudulent election outcome is that you still need people to execute the plan at the scale required to change the outcome. For example, the fake supporters you added to the rolls need to vote, and someone needs to deflect the legitimate voters whose names you erased. And you need to do this without detection by an election workforce made up of people from both parties.

Of course, some media headlines are not helpful, like this example from Illinois: “Voter Rolls Hacked”. Yes, unauthorized persons did access records pertaining to thousands of voters, but no, they were not able to change them, as the article notes. So, as upsetting as the above-mentioned incident in Illinois might have been to the people whose information was exposed, that hack is unlikely to materially affect voting there. (For the record, some states actually allow your voter registration information to be published on the internet, see Q9.)

Q7. Could unauthorized access to the voter rolls enable hacking of the vote?

“If someone tries to go to the polling place and vote as you, then they are very likely to fail. Clearly, affecting the outcome of an election using this strategy is highly labor intensive.”
A7.You could potentially use data gleaned from the voter roll to find people who are likely to vote for the opposition and then find people to pretend to be them and cast votes for your candidate instead. But this is a tricky strategy to execute because in most voting scenarios in most states you need actual people to vote. The classic, time-honored “pen and paper in person” voting system works by having voters show up in person at the polling place and get a ballot. At that point their name is marked on the electoral roll. This is still the essence of the system under which the majority of votes are cast in the US presidential election.

If someone tries to go to the polling place and vote as you, then they are very likely to fail. Obviously they will fail if you have already voted. But even if they turn up before you and successfully pretend to be you – perhaps by knowing personal information about you that they gained by hacking – their vote is going to be invalidated when the real you turns up. Clearly, affecting the outcome of an election using this strategy is highly labor intensive.

Q8. Could all the talk about hacking during the election campaign affect the election outcome?

A8. Yes, this is a possibility. A large amount of imprecise media coverage about vote hacking could undermine confidence in the voting process. Consider articles that start with a news item – something to do with hacking and voting and the US presidential election – then proceed to a list of things that can go wrong with voting. Experts are quoted. Fear is generated. Uncertainty is expressed. Doubt is cast. And there you have the FUD trifecta, a hat-trick with the potential to undermine the US presidential election. That could mean the biggest threat to the 2016 US presidential election ends up being fear of threats to the election.

Casting doubts on the legitimacy/accuracy/security of the voting process in advance of voting is indeed one way to disrupt an election. Consider these two strategies:

i. Get people to believe that the voting system is liable to get hacked, so it’s pointless for them to vote, which could help your candidate if they are likely to benefit from low voter turnout.

ii. Get people to believe that the voting system is liable to get hacked, so if you lose you can claim the system is rigged and deny the legitimacy of the outcome.

It is interesting to note that talk of rigged elections is nothing new in American politics. Indeed, one of the current candidates openly rejected the outcome of the 2012 election, as shown in these tweets that were later deleted. It is also interesting that many of the officials overseeing elections in key “battleground states” this year are Republicans, some of whom have come forward to reassure the public about the security and legitimacy of the voting process in their respective jurisdictions, like the Florida, Iowa, and North Carolina officials quoted in this article. Additionally, it should be pointed out that the people who process our votes come from all political parties and work side-by-side in polling stations to facilitate free and fair voting.

Q9. Is it true that voter registration information from some states is published on the internet?

A9. Yes. For example, anyone with an internet connection can legally download the voter roll for every county in Florida. This information includes names, addresses, birthdays, phone numbers, even email addresses for some people. Some Floridians have two homes, so secondary out-of-state addresses are also listed for some voters. The publication of this data on the world wide web may strike many people as a huge violation of personal privacy; however, its legality stems from the idea that the voter rolls should be a matter of public record and open to challenge. Unfortunately, some public officials have not figured out that “on the internet” is categorically – and possibly catastrophically – different from “available for personal inspection in the registrar’s office during normal business hours”.

Q10. You said secure internet voting is currently impossible in the US so does that mean secure internet voting is possible in other places?

A10. One of the main prerequisites to secure internet voting in the US is a reliable means of digitally identifying and authenticating voters, of whom there are over 200 million. But there is no official national digital identification system in the US. Furthermore, past efforts to create one have run into serious opposition. Back in the 1990s I spoke with the CEO of a smartcard manufacturing company who had received death threats after President Clinton suggested all Americans could carry chip cards that gave healthcare providers access to a national database of their medical data.

That said, some countries have embraced digital identities, notably Estonia, which has carried out some national elections over the internet. One factor on Estonia’s side is scale: it is a small country with a population less than half that of San Diego County, just one of 3,000 counties in the US. Furthermore, Estonia is where the NATO Cooperative Cyber Defence Centre of Excellence is located (the CCD COE is an international military organization that develops the cybersecurity capabilities of NATO countries).

In other words, it may be possible to vote securely over the internet in a tightly controlled environment that is heavily defended, with a small population of digitally-savvy citizens. That said, it is still possible for errors to occur. Just take a look at this slide from a talk a few years ago at a meeting of non-partisan organisation Verified Voting. It shows actual lines of code from Estonia’s internet voting software. Admittedly that was a few years ago, and I’m assuming the problem has since been addressed, but still, this is not reassuring.


election hacking US election

The slide was in a presentation by Joe Kiniry, a researcher who has studied internet voting for many years. Joe is a former professor at the Technical University of Denmark where he was Head of the Software Engineering Section. He is now CEO and Chief Scientist at Free & Fair, an elections technology consultancy, and a Principal Investigator at Galois in Portland, Oregon. In other words, he knows a thing or two about voting systems. He is widely quoted in that article I cited in Q4 about DRE voting machines.

Bonus Question! Could a DDoS attack be used to hack the 2016 US presidential election?

A. On Friday, October 21, a large Distributed Denial of Service (DDoS) attack caused sporadic internet service disruption in the US (we wrote about the attack here). This has raised fears that such an attack could happen on Election Day, November 8. However, while such an attack could interfere with internet-enabled media reporting of election-related activity, the above-mentioned lack of internet connectivity among voting systems would shield them from a DDoS attack. Election officials would still be able to count votes and report totals.

Summary

Hopefully this FAQ has been helpful. To be clear, I agree with many of my fellow security researchers that the US needs to get rid of vulnerable voting equipment, preferably long before the 2020 presidential election. And I acknowledge the feasibility of scenarios put forward by some of my colleagues in which a relatively small amount of election hacking/rigging could change the outcome in a close race. Yet I still believe that, as things stand right now, such efforts would be detected and eventually thwarted.

What seems undeniable when you examine these issues is that we all need to do a better job of educating our fellow citizens about how voting actually works in practice so that we can have meaningful discussions about its security and legitimacy, preferably unencumbered by myths and misconceptions, not to mention unsupported and illogical allegations.

Author Stephen Cobb, ESET

  • Donna England

    You fail to mention the following instances which have been proven to occur…
    1). Voting machines already having a number of votes cast on them prior to election polls opening and machines that will change a person’s vote to the other candidate automatically.
    2). Fraudulent voting thru early voting and absentee ballots which occurs when people are registered (mostly college students) in more than one state. They either early vote in one state and then vote on election day in another state or cast absentee ballots in one state and vote on election day in another as was the case in Ohio in 2008 when the state was allowing registration and early voting at the polls on the same day. There were busloads of college students coming into Ohio and registering and voting early and then going back to the state they attended school, doing early and absentee ballot voting there and in some cases casting a third vote in their home state too. There was even a case that allegedly a professor was telling students it was perfectly legal to vote in the state they went to school and in their home state since that was considered dual residency. These instances were widespread in Ohio in the 2008 and 2012 elections with some precincts showing more percentages of cast ballots than registered voters as high 150%. A Cincinnati precinct captain even admitted she cast eight votes and allowed others whom she knew to do the same, yet she was never convicted of anything. This type of fraud with early and absentee ballot voting is very easy to commit with the current voting system and once a person is on the voter rolls in multiple states then it is very easy for the absentee ballots to be cast. Most states do not publish voter rolls information and their is no cross checking unless there is ample evidence of fraud taking place as was the case in GA in 2008. The secretary of state in GA during the 2008 elections seeing what was occurring in Ohio began cross checking the voter rolls in GA with other states and found thousands of people on voter rolls in GA, Ohio and Florida, and actually showed proof of one individual that had voted both in GA and Florida. She was then advised to shut down the cross checking and her investigation immediately.
    3) Dead voters are another easy way to commit fraud since many states do not require IDs or even proof of residency to cast ballots. Those wanting to cheat the system get a list of voters and cross check names thru obits and other public records and then pay many of the homeless, mentally incompetent and those in the country illegally to pretend to be the dead person and cast ballots. Again there have been proven incidences of this in California and other states in the larger populated cities. One man in California in 2012 was registering mentally challenged individuals in group homes and then “assisting” them with filling out their absentee ballots. Several family members were outraged of this exploitation of their loved ones by someone who was trying to assist in rigging the vote. But since technically he had broken no laws, nothing was done.
    These are just a few examples how an election can be rigged given how our Presidential race is decided with the electoral college, which I do support the electoral college system completely.
    Now lets consider whether or not there could be enough fraud thru these means to change the outcome. In todays society of ends justify the means mentality and lack of ethical and social morals my opinion is yes.
    In 2008, Ohio’s electoral delegates decided the Presidential race. It was not proven until well into Obama’s administration that the fraud was found thru the cases stated above. Whether or not the fraud was enough to change the outcome in Ohio was never determined since no official statewide recount and cross checking of votes cast in Ohio and other states was ever completed along with verification of residency of the thousands of newly added voters on the voters rolls there due to a change in law that allowed voters to register and early vote at the same time and thus remained on the rolls for future elections along with very easy and flexible absentee ballot rules.
    Question two is there a realistic possibility that a very organized and concerted effort can be utilized with enough people who are willing to rig an election using the fraudulent means outlined above and again my opinion is yes.
    Thru social media and the internet this is very plausible as we have seen with organized movements such as the Occupy movement that promoted not only protest but rioting, chaos, disruption and destruction of property as well as another more recent movement Black Lives Matter. And no I am not a racist and I do promote tolerance of all people and belief systems as well as the right to peaceably protest. We also witnessed the systematic recruitment of people thru the internet who were payed to protest and riot, again solely for disruption, chaos in an attempt to undermine the election protest thru intimidation and violence.
    With all of the PACS and 501c political organizations operating and the fact we allow donations to be filtered thru these organizations from foreign entities the real likelihood of an organized effort to rig a Presidential election is a very real threat in these times and has been for quite some time now.
    When billionaires like George Soros and the Koch brothers have vested interests in election outcomes and are allowed thru dark money and their 501c organizations to invest millions into an election then the probability of corruption and rigging is very real and scary especially when Soros wants nothing more and has openly admitted to wanting to break the dollar and dissolve the United States thru flooded immigration and open borders that ultimately will overwhelm the system. Soros proven history in breaking currencies across the globe and his organized efforts in massive immigration have shown the destruction his political ideas and agenda have created in other countries. He has also pumped millions into the Occupy and BLM movements and was behind the paid protestors in the past few months. Soros has also pumped millions into the secretary of state elections in many of the so called swing states and has heavenly influenced changes in voter laws in states such as Ohio that makes fraud much more easy. He is also behind a lot of the local immigration policies of sanctuary cities and many of the laws giving illegals housing, drivers licenses, government entitlements and laws eliminating voter ID requirements. Need I say more?
    With elections coming down to being decided by one or two swing states voting outcomes it does not take a lot of fraud or a nationwide effort to decide the Presidential race. And though election day has come and gone, Soros is still fanning the flames of division and is behind a lot of the protest movements wanting the results reversed, throwing out the electoral college and giving the Presidency to his hand picked candidate, Hillary Clinton, after all, according to Soros and his followers in this case, it is only fair given the popular vote so heavenly favored for Clinton that she is the true President not Donald Trump. And does not anyone find it just a little suspicious that the so called popular vote continues to rise daily and vote totals are still not completed in Michigan at this late date? Given voter turnout pretty much falls in line more or less with past elections on the average then why is taking so long to get final totals in this particular election.
    And now there is a growing movement for recounts in FLA, Michigan (though the vote totals are not even allegedly complete there) PA and Wisconsin as well as a petition circulating to be delivered to Obama to intervene using Executive Order powers to suspend the results and demand a nationwide recount. There is a concerted and organized effort of people contacting electoral delegates attempting to intimidate them to go against the voters in their state, ignore voter outcomes and cast their electoral vote for Hillary Clinton when the electoral vote is undertaken in every state in December. After all, according to this effort to disrespect the rules and undermine the election process, no one is officially the new President until the electoral votes are cast and the new President is sworn in office in January.
    if one were to dig into all of these efforts and investigate I just about guarantee once again it will come back to Soros and possibly the Koch brothers. They want to create chaos and undermine the American peoples confidence in the election process, throwing out the laws, ignoring the rules to achieve the outcome they want, not the will of the American people.
    I am not an expert in voting laws, voting machines and such but it doesn’t take a lot of educated expertise to use some good old fashion common sense to see how corrupt our Presidential election process has become and that the very real possibility of a rigged election or enough disruption to the process to change the outcome does exist. And btw, I am neither strongly Republican or Democrat in my political leanings. I don’t tow a party line or support a particular candidate solely for their political party affiliation. I am truly a centrist who votes for a candidate based on whether or not they come close to standing for those things I believe to be best for the direction of the country. Some things I have liberal leanings while other issues I may lean more conservative. That is what a centrist believes and that is how compromise and tolerance is achieved.
    My best and God bless and be with us in these trying uncertain times.

  • Donna England

    Oh and lest I forget to mention one other fact… George Soros is the owner of a company that sells and services voting machines in I believe it was 26 states in the United States. Humm.. now what would a billionaire hedge funder, who btw is hedging against the dollar, and self described philanthroper want with a measly little voting machine company? Just asking… makes one wonder.

    • Hello,

      Uhm… no. See Claim that George Soros owns U.S. voting machines is Pants on Fire! [Site: Politifact] and Soros Subject [Site: Snopes] for detailed discussions of Smartmatic.

      On the other hand, the former CEO of Premier Election Solutions, back when it was Diebold, was a top fund-raiser for President George W. Bush and in 2003 penned a letter that “committed to helping Ohio deliver its electoral votes to the president next year“, leading many to worry that Diebold’s election machines had been tampered with. He resigned from the company in 2005 over allegations of insider trading.

      In 2012, HartInterCivic came under scrutiny for alleged ties to GOP Presidential Candidate Mitt Romney’s son, Tagg Romney, but this turned out to be false. One of the major investors was a only an investment firm whose employees had donated hundreds of thousands of dollars to the Romney campaign. [Site: FactCheck]

      There are a lot of fake news sites out that rely ob putting out all sorts of outrageous news stories in order to generate page views for their ad banner traffic–the more crazy-sounding, the better. Please be very cautious when sourcing information from these, because aside from amplifying wrong information, these web sites occasionally are seen to host malvertising, which are advertisements with malware embedded in them.

      Regards,

      Aryeh Goretsky

Follow us

Copyright © 2018 ESET, All Rights Reserved.