When it comes to cybersecurity preparations for the 2016 election, it is now officially too late. The success, perceived and actual, of the election on Tuesday will depend on the efforts officials have made thus far, the willingness of adversaries to interfere, and vulnerabilities that make those threats real.
A first possible target of malicious actors is the voter registration and check-in systems. These are the databases that let users sign up to vote and verify that they are eligible on Election Day itself. It’s reported that the registration systems in more than 20 states have been targeted over the internet in recent months, with hackers gaining access in at least one case to confidential data.
The bigger concern, though, is whether malicious actors will be able to modify the registration databases themselves or the sometimes-electronic poll books that workers use to check voters in. If they can, one method of interference would be to delete voters from the rolls, either at random or based on political affiliation. This would force the use of provisional ballots, create longer lines, and gain a great deal of coverage during Election Day. This coverage might fuel a perception of a rigged election, even if in fact all votes ultimately get counted.
Once a voter checks in, they often vote using a voting machine. This is a much-discussed area of possible vulnerability. Security audits have found weaknesses in a variety of machines, including a 2015 audit in Virginia that found machines with Wi-Fi connectivity and weak passwords - but those machines won’t be used in 2016’s elections. All voting machines should be entirely disconnected from the internet, which makes gaining remote access much more difficult. This so-called “air-gap” from the internet makes it much harder for hackers to gain access, especially to large numbers of machines in different jurisdictions.
Another key factor when it comes to machines is the presence or absence of a voter-verified paper trail. These kinds of machines can take two forms: either a voter marks a paper ballot that is scanned by a machine or a voter uses a machine to mark a digital ballot and the machine generates a paper ballot that the voter verifies is correct. Either way, the anonymized paper trail is retained for later examination by election workers. In the case of recounts, routine audits and—most relevant for 2016—fears of hacking, the paper trail provides a surefire way to see each voter’s actual choice.
Most states and counties do use machines with voter-verified paper trails, but not all. Five states lack them entirely. Other states, such as the battleground of Pennsylvania, lack voter-verified paper trails in a majority of their counties (for a detailed map, see Verified Voting). Should questions of hacking arise in these areas, they will be harder to dispel.
Once the voters have made their choices, the next important system is the tabulation and dissemination infrastructure. Here, the 2014 election in Ukraine provides a useful—though worrying—example. Three days before that election, a hacker or hackers wiped the systems used by election officials. One investigator said that “Literally, nothing worked.” Fortunately, the Ukrainians were prepared and relied on backup systems.
The hackers didn’t give up, though. They gained accessed to the systems used to publish the election results. On election night itself, they prepared to disseminate fake results to Ukrainian citizens and the media. The false outcome showed a fringe extremist candidate winning the vote. Once again, the Ukrainian officials found the trickery in time - forty minutes before the results were to go out - and blocked the attempt. Curiously, pro-Russia television nonetheless reported the fake results exactly down to the decimal point.
The recent denial of service attack against key parts of internet infrastructure might also be repeated on Election Day, making it harder for citizens to find out the results.
This leads to a final broader concern: it’s not just the integrity of an election that matters, but the perception of integrity. Just as Russian operations over the past few months have sought to influence the perceptions Americans have about candidates and parties, an information operation on Election Day might seek to undermine the perceived legitimacy of the election. Hackers might gain minor access, claim credit for an ordinary machine accident, or seek media attention; if these claims go viral, they might do damage to perception regardless of whether they are in fact true.
American election officials have spent a great deal of time getting ready for Tuesday, but no system is perfect. It’s certain that some correctable flaws—such as the lack of a voter-verified paper trail—will persist. While flipping the actual result from one candidate to another is exceptionally hard to do, creating perceived or actual disruption is less difficult.
There’s an old saying that elections have two purposes: first, to pick the winner, and second, to convince the loser and associated supporters that he or she has lost. We’ll know soon whether hackers are capable of thwarting one or both of those objectives.
