Skip to Content

How Hackers Could Send Your Polling Station into Chaos

Election security experts say officials should prepare for cyberattacks that target data about voters.
October 5, 2016

Hackers looking to disrupt the election on November 8 could have better luck stealing your voter registration information than your ballot.

Indeed, election security experts say Internet-connected voter registration databases could prove to be the biggest vulnerability this Election Day. They say election officials should develop contingency plans to safeguard their precincts from cyberattacks, like ensuring that there is a paper record or other kind of reliable backup of the voter database on hand at the polling station.

During this election season we’ve seen cyberattacks on the e-mail servers of the Democratic National Committee and state voter registration databases, which have heightened concerns that a nation-state adversary like Russia could use the Internet to disrupt the U.S. elections in November.

Attacks on voter registration databases are the biggest cybersecurity threat facing the election, argues Dan Wallach, a computer science professor at Rice University who studies the security of electronic voting systems. If an attacker could damage or destroy these databases, say by deleting names, they could effectively “disenfranchise significant numbers of voters,” Wallach told the House Committee on Science, Space, and Technology last month during a hearing on election security.

Federal legislation passed after the “hanging chad” debacle during the presidential election in 2000 requires that each state maintain an electronic database of registered voters. These databases are now typically online, making them vulnerable to cybercrime. In August, we learned that foreign hackers attacked voter databases in Arizona and Illinois. Just last week, Department of Homeland Security officials revealed to the Associated Press that in recent months hackers have in fact targeted voter registration systems in 20 states.

A dedicated adversary could plausibly pursue a number of strategies to disrupt elections by infiltrating voter registration databases in key states. For example, an undetected deletion of voter data before Election Day could lead to a larger-than-expected demand for so-called provisional ballots, which are available for people whose verification info is not immediately available at the polling station. The provisional ballot process is time-consuming, so an attack like this could lead to long lines and wait times, which might cause people to leave without voting.

Hackers could also target a relatively new technology called digital poll books, which election officials are deploying in polling stations all over the country. These systems are essentially computerized versions of the paper lists that poll workers have traditionally used to check in voters. They can shorten wait times and generally improve the convenience of the voting process. But officials in a number of jurisdictions have connected these to the Internet so they can conveniently send information about voter check-ins to other machines important for election management, says Gregory Miller, cofounder of the Open Source Election Technology Foundation, a nonprofit elections technology research institute.

Though most digital poll book systems provide the option to connect to the Internet, we don’t have much information yet regarding the extent to which this is actually going on in polling stations across the country, says Miller. 

There is no federal guidance to date regarding the use of digital poll books. In May, the Election Assistance Commission, the federal body in charge of testing and certifying voting systems, published a checklist of best practices for securing voter registration data. It does not explicitly recommend that this data be kept from the Internet, however.

Ultimately, the Constitution gives states dominion over their elections, so it will be their responsibility to protect databases and polling stations from cyberattacks. According to the AP, 21 states have asked the Department of Homeland Security to help with scans of key websites for vulnerabilities before the November election.

Keep Reading

Most Popular

The inside story of how ChatGPT was built from the people who made it

Exclusive conversations that take us behind the scenes of a cultural phenomenon.

ChatGPT is about to revolutionize the economy. We need to decide what that looks like.

New large language models will transform many jobs. Whether they will lead to widespread prosperity or not is up to us.

Sam Altman invested $180 million into a company trying to delay death

Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

GPT-4 is bigger and better than ChatGPT—but OpenAI won’t say why

We got a first look at the much-anticipated big new language model from OpenAI. But this time how it works is even more deeply under wraps.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.