In a time where even our coffee orders are data-driven, electronic voting machines promise to bring efficiency and speed to the age-old process of casting ballots. Yet, amid contested election outcomes and legal skirmishes, most notably surrounding the 2020 U.S. presidential election, faith in these technological marvels is waning.
As allegations of election fraud clash with assurances of system security, the public is caught in a whirlwind of confusion and skepticism.
Controversies Surrounding Electronic Voting Systems
Headlines surrounding electronic voting systems have become a battleground of accusations and counter-accusations. The Trump camp has notably claimed instances of election fraud and tampering in the 2020 U.S. election, winning 22 of the 30 cases that have actually been heard based on information provided by the Healthy Elections Project by Stanford University.
While many of these cases have been centered on late ballot counting and specific instances of alleged fraud, the focus of public discourse has often been directed at companies like Smartmatic and Dominion Voting, which actually provide the voting machine systems.
Contrary to claims that Smartmatic was involved in nationwide fraud, the company has a relatively small footprint in the U.S. electronic voting systems market. Rudy Giuliani, Donald Trump’s personal lawyer, claimed Smartmatic was “founded in 2005 in Venezuela for the specific purpose of fixing elections.”
Smartmatic was actually founded in Boca Raton, Florida, and is now headquartered in London, England.
Dominion Voting Systems has also been at the center of contentious claims. However, Dominion’s machines are used in states like Iowa, Ohio, and Florida, and also in jurisdictions in Alaska, Kansas, Louisiana, Missouri, Tennessee, and Utah – most of which voted for Trump in 2020.
Tired of what it views as a distorted narrative, Dominion has initiated a defamation lawsuit against Giuliani which, at the time of writing, is still ongoing.
So does that mean electronic voting systems themselves are secure?
Security Challenges and Vulnerabilities in Electronic Voting Systems: Assessing the Risks
Voting machines are an element in a digital system, and there’s no such thing as a 100% guaranteed secure digital system. However, to attack the voting machines and alter the results would present a significant set of challenges to the threat actor.
- Many different makes and models of electronic voting machines are used across the U.S. There is no standardization. The electronic voting infrastructure is made up of diverse, decentralized technologies. They’re also running numerous versions and revisions of software.
- They’re not connected to the Internet. Before the election, they’re hardly ever turned on. This means the window of opportunity to compromise them is slim.
- Modern systems produce a verifiable paper audit that can be used to cross-reference and audit the electronic results.
On the face of it, that sounds good. But those challenges are by no means insurmountable. And it gets worse.
Every analysis of electronic voting systems that has been conducted has discovered basic errors that can be exploited by skilled and determined threat actors. Buffer overflows, the ability to execute remote code or install backdoors, and even backdoors pre-installed by the manufacturers have all been found.
In September 2020, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, gave a talk and live demonstration of how to hack an election at an MIT talk. Three audience members were selected to vote. It wasn’t a private ballot – their votes were cast in full view of the audience using a Diebold AccuVote TS-X voting machine.
All three participants voted for one candidate, and yet the other candidate won, 2-1.
Some of the voting machines haven’t been updated for years, literally. This is one of cybersecurity‘s basic principles. You must update and apply security patches. This isn’t as easy to accomplish with systems that are not Internet-connected. It is still manageable, but it requires more human interaction.
Because voting systems are not 24/7/365 systems – in fact, they are quite the opposite – there’s no shortage of opportunities to apply patches and updates. Not applying updates is inexcusable.
Likewise, although most of the machines in use don’t have a robust and risk-free paper trail audit facility, some do. However, the paper audits are rarely referred to, and a cross-reference to the electronic results is not performed. That is due to poor governance. All available verification steps should be performed every time the electronic voting systems are used.
Lacking an Internet connection, the details of the election are electronically transferred to the voting machines using removable memory cards. These contain election parameters such as the names of the candidates, the rules for voting, and the rules for counting. The voting rules are created by election management software systems used by election officials.
Without an Internet connection, you might assume that a hacker has to access the voting machine physically to compromise it. And that is one way to perform an attack. It doesn’t scale very well as an attack model, but it is a genuine attack vector.
A more sophisticated and effective attack would be to compromise the removable memory cards before they are created and dispatched to each voting jurisdiction.
A threat actor could do this by compromising the network of the memory card creation facility. A simple phishing attack that installs a remote access trojan would be sufficient. The threat actor can then inject their malicious software into the image that will be burned onto the removable memory cards.
When the cards are inserted into the voting machines, the malware is transferred to the voting machine. It compromises the voting machine’s software and interferes with the election.
If you can get your malicious software into the voting machines used in critical or swing states, a small percentage change can swing a ballot count – and several of those can swing an election.
The other paraphernalia of an electronic voting system can be targeted too. Forged or compromised voter cards, for example, can be used to give unlimited votes to the cardholder.
Why are People Suspicious of Electronic Voting Systems?
When you walk into a voting booth and place a cross against a candidate’s name, you know who you’ve voted for. As long as the count is performed accurately and fairly, you know your vote has been registered correctly.
A directly recording electronic voting system doesn’t give that sense of certainty. You think it registered your vote for the candidate you selected. But you can’t find out if it did or if it didn’t. And everybody knows electronic systems have glitches and that computerized equipment can be hacked and compromised, right?
There’s nothing to make electronic voters feel safe about the integrity and robustness of the process. It’s a bigger leap of faith than dropping your ballot paper into the slot of the ballot box.
Paper ballots are easily verified: there’s the heap of ballot papers, go count them for yourself.
A verifiable audit is available in some systems but not in all. Inserting a voting card causes an audit-capable voting machine to print some items of information onto a paper tape.
The voter’s name, the time and date, and possibly an ID number are commonly used data points. The tape is displayed to the voter but is behind a transparent screen so that it is inaccessible to them. The voter must acknowledge the information is correct before being permitted to vote. This provides a voter-verified paper audit trail.
Another type of safety check is a statistical analysis of the spread of votes that were cast on paper and those that were cast electronically. Differences that cannot be explained need to be investigated.
Transparency of the process, both in paper-based and electronic systems, is vital. Postal ballots are usually counted on voting day. When they have been counted, their totals are added to the running results. This is why sudden jumps in numbers take place.
If this isn’t explained to the public, they will see an inexplicable spike in the figures and have doubts about the veracity of the results.
Innovations and Initiatives: What Can Be Done?
Lots of people are working on ways to improve the security of electronic voting.
Mobile apps have already been used to allow remote military personnel to vote. They use selfies to verify the voter’s identity and blockchain-encrypts the vote, which is delivered to a digital lockbox. On ballot day, the digital lockbox is accessed, and the votes are decrypted, printed, and scanned into traditional vote scanning and counting machines.
Microsoft is working on a system called ElectionGuard. They have partnered with governments, non-governmental organizations, academia, and industry to develop a voter-visible end-to-end verifiable voting system.
The Secure Elections Act S. 2261 is a bill that empowers and instructs the Department of Homeland Security to protect the administration of Federal elections against cybersecurity threats.
Interestingly, the Secure Elections Act also calls for the Department of Homeland Security to establish and run an annual ‘Hack the Election’ competition, akin to a bug bounty scheme for electronic voting systems.
Securing the Current Voting System, Protecting Democracy in the Interim
Until the new systems in development are completed, tested, and rubber-stamped for deployment, the current system must be bolstered by:
- Adopting and adhering to cyber security best practices, including applying patches and safeguarding, testing, and verifying the contents of the removable memory cards that carry the election rules.
- Restaurants that give you a view into the kitchen from the dining room have nothing to hide. Giving visibility to all possible areas of the process to officials from all parties will do the same thing. Transparency defeats misinformation every time.
- Where the facilities allow it, the auditing of results should be mandatory.
This is a problem that has to be solved. One person, one vote is the central tenet that underpins the principle of equal representation in voting.
The price for failure is a loss of true democracy.