Ever since hackers broke into the Democratic National Committee’s email server, the specter of a foreign government controlling the election has become a near panic-inducing fear for some voters — especially if you follow social media chatter.
After all, if hackers could break into the DNC and steal emails about staffers’ pizza orders, what’s to stop them from changing the entire outcome of the 2016 election? A lot actually — including government officials regularly checking voting machines for suspicious activity.
That doesn’t mean there isn’t cause for some concern. A good number of machines out there are still vulnerable to attack. And some are so laughably easy to hack, or just so plain faulty, that the vast majority of states have completely done away with them. Still, about 25% of voters will have to use those older machines.
It’s unlikely anything will happen during the national election, but it’s worth understanding the risks and how we got here.
Bush, Gore and the Help America Vote Act
Our current voting predicament goes back to the 2000 election pitting George W. Bush against Al Gore. At that time, Florida voters cast their ballots using punch cards. Some of those cards weren’t punched properly, causing counting errors. A number of lawsuits over the election were filed, and eventually the Supreme Court ruled in favor of Bush.
To stop similar issues from arising in the future, Congress passed the Help America Vote Act (HAVA) to provide states with money to buy new all-electronic voting machines. But it didn’t exactly go according to plan.
That’s because security researchers found those new computerized machines to be incredibly vulnerable to hackers. What’s more, the machines didn’t have paper backups that could be checked in the event of a hack or software malfunction.
Since then, many states have retired their all-electronic machines. As a result, about 75% to 80% of the US uses newer systems that use both electronic voting with paper backups or regular paper ballots. But five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — currently rely on the old all-electronic systems. Others including Indiana, Kentucky, Pennsylvania and Texas use a mixture of old electronic-only machines and newer mixed and paper-based systems.
What are the odds of the election being hacked?
Even though so many Americans still use outdated machines, the chances of hackers stealing the election are incredibly small. That’s because voting machines use what are called “air gaps,” which means they never connect to the internet. So hackers can’t break into these systems they same way they can crack into your uncle’s laptop.
That doesn’t mean they’re impenetrable, though. According to Jeremy Epstein, a computer scientists with SRI International, a person dedicated to disrupting the election could break into a machine and infect it by loading it with a virus through a USB stick.
When the elections officials take that machine’s storage device out and plug it into the server that does all of the vote counting, the server will become infected with the virus. From there, the virus will spread to every other storage device that’s plugged into the server. Reinstall those drives into their machines again, and the entire voting system will be infected. Hackers could cast their own votes, change existing votes or delete certain ballots entirely — thereby throwing the outcome of the entire election into question.
Sounds terrifying, right? And that’s exactly why government officials are taking any threat to the election seriously. The National Association of Secretaries of State, which coordinates communications among the 50 states’ chief elections officials, is working to ensure the vote goes off without a hitch.
Naturally states that use all-electronic voting machines are also working to protect the integrity of the election. According to Stephanie Raphael, director of communications for the New Jersey Department of Homeland Security, the Garden State is working with state and local authorities and third parties to secure New Jersey’s election system.
Raphael said the state is monitoring its systems for signs of suspicious activity, conducting risk assessment and penetration tests, hardening its network and providing security awareness training.
Cash and the ballot
So why don’t states that use electronic-only machines simply go out and purchase newer, safer systems? One word: money.
Voting machines, it turns out, are expensive, and without an initiative like HAVA, states can’t afford to purchase all new systems. The burden then falls to individual counties, which have even less free cash available to invest in replacement voting machines.
“Where I live in Virginia, most of the state has replaced its equipment,” explained Epstein. “But in Virginia money for [voting machines] is at a local level, not a state level. So each has to decide when they can afford it.”
Epstein is keenly aware of the problem with old voting machines. That’s because he was instrumental in helping to kill Virginia’s WINVote systems, which were so insecure experts hacked them in under a minute.
It’s not just about the ballot booths
Hackers might have a minuscule chance of breaking into ballot booths, but that doesn’t mean they can’t impact the election in other ways. Take, for example, the recent distributed denial of service (DDoS) attack that shut down major websites and services including Netflix, Twitter and a slew of others for hours last month.
In that instance, hackers marshaled an army of infected devices (likely internet-connected cameras) to continually ping, or request data, from domain host Dyn. Dyn’s servers couldn’t handle the massive number of requests coming at them and eventually failed, taking a huge chunk of the internet with them.
How does that fit into Election Day? Well, if a hacker uses the same approach to take news sites offline, readers won’t be able to check polling information to see if their candidate is winning. That wouldn’t impact the election, but it sure would be annoying.
A more nefarious way for hackers to twist the election would be if they attacked sites that tell voters the locations of their voting stations. Without an easily accessible way to check where to to cast their ballots, some voters might simply stay home.
The only way to prevent that? Look up where your voting station is ahead of time and get out there and vote.
More from Dan:
Email Daniel at firstname.lastname@example.org; follow him on Twitter at @DanielHowley.