How hackable are American voting machines? It depends who you ask
With the midterms looming, concerns about vote hacking have never been higher.
To hear Alex Halderman tell it, hacking the vote is easy.
The University of Michigan professor is on a crusade to demonstrate how vulnerable American voting machines are, and some of his arguments are quite compelling. He has rigged mock elections. He has testified to the machines’ vulnerabilities in Congress and in court. He has even managed to turn a commonly used voting machine into an iteration of the classic arcade game Pac-Man.
“They’re just computers at the end of the day,” said Halderman, who told the Senate Intelligence Committee last year that states should move back to paper ballots. “Often with voting machines, when you open it up, it’s not that different from a desktop PC or mobile device. The only difference is that it’s going to be 10 years out of date, or sometimes 20 years.”
Election officials, on the other hand, say those concerns are overblown. Hacking the vote, according to them, would be all but impossible, because it would be too difficult for hackers to gain physical access to the machines on Election Day without drawing notice.
“In the real world of elections, it’s ludicrous,” said Clifford Rodgers, administrator of elections in Knox County, Tenn. “We’ve got people watching people come in to vote.They’re not coming in with screwdrivers to open it up. They’re not coming in with computers.”
With the midterms fast approaching amid the ongoing fallout from Russia’s interference in the 2016 elections, concerns about vote hacking have never been higher. But while academics, cybersecurity professionals, and hackers say American votes can be hacked, election officials insist they can’t. Understanding the dispute is key to understanding how secure – or not -- American elections are.
In a January 2018 report, the Congressional Task Force on Election Security warned that “many jurisdictions are using voting machines that are highly vulnerable to an outside attack.” Cybersecurity professionals concur. Voting machines are “not designed to face any sort of hostile environment,” said Ryan Kalember, a vice president at cybersecurity firm Proofpoint, which says they work to combat phishing attacks against election officials.
And organizers of the annual DEF CON hacking conference wrote of this year’s effort to probe three different types of voting machine models that “the number and severity of vulnerabilities discovered on voting equipment still used throughout the United States today was staggering.”
Most states still use either paper ballots or machines that record votes both individually on a cash-register-style roll of paper and store them electronically, but thirty percent of U.S. voters choose their candidates on electronic voting machines that involve no individualized paper record, according to Verified Voting, a group that advocates for paper ballots. Five states — Delaware, Georgia, Louisiana, New Jersey, and South Carolina — use paperless electronic voting machines statewide, and another ten used them in some counties in 2016, according to the independent, bipartisan Election Assistance Commission.
Those paperless machines have drawn the most concern, as election-security experts worry that a hack won’t be detectable without a paper trail. And while there is little doubt that many machines are technically hackable, there is widespread debate over whether it is practically possible.
One major point of contention is physical security.
For example, with regard to the AVC Edge – a voting machine used in 956 counties in 10 states – DEF CON’s report notes that hacking the vote would involve opening the machine casing with a screwdriver, swapping a removable memory device with a hacked one, and closing the machine back up.
But the DEF CON report has drawn both praise and pushback. The National Association of Secretaries of State pointed out that the “unlimited physical access” to machines at the hacking convention “does not replicate accurate physical and cyber protections” when votes are actually cast.
Questions have also been raised about how securely the machines are stored prior to Election Day. Verified Voting President Marian Schneider suggested unattended machines could be tampered with by bad actors.
“They’re not secured all the time. Nobody enforces it,” Schneider said. “They’re delivered to where they’re going to be voted on, and they sit there for a week.”
Vulnerability via Internet is another matter of debate.
Election officials make a consistent point: Their machines are not connected to the Internet, meaning hackers can’t reach them from afar. Nor are they (usually) connected to each other, meaning a hacker would have to attack many machines to change votes on a broad scale.
“I don’t think anybody can get into our machines, so security wise, I am not concerned about them,” Delaware Election Commissioner Elaine Manlove told ABC News in August.
Cybersecurity experts, however, aren’t so sure. Sophisticated hackers can breach even those “air-gapped” networks, they say, and voting machines might come into contact with the Internet in other ways. Experts point to potential vulnerabilities along the supply chain of a vote, perhaps in the computers used to program the voting machines or those used to tally the votes.
“The argument that you have to hack them one by one is a misconception, in my opinion,” DEF CON organizer Harri Hursti told ABC News, because “the programming of the voting machines is always coming from a central location” that could be hacked.
Practices vary widely county by county , and some states have been more active than others in addressing threats, which can make the overall landscape of vulnerabilities difficult to assess.
“It’s absolutely a patchwork of strengths and weaknesses,” Halderman said.