Skip to Content

How Hackers Could Send Your Polling Station into Chaos

Election security experts say officials should prepare for cyberattacks that target data about voters.
October 5, 2016

Hackers looking to disrupt the election on November 8 could have better luck stealing your voter registration information than your ballot.

Indeed, election security experts say Internet-connected voter registration databases could prove to be the biggest vulnerability this Election Day. They say election officials should develop contingency plans to safeguard their precincts from cyberattacks, like ensuring that there is a paper record or other kind of reliable backup of the voter database on hand at the polling station.

During this election season we’ve seen cyberattacks on the e-mail servers of the Democratic National Committee and state voter registration databases, which have heightened concerns that a nation-state adversary like Russia could use the Internet to disrupt the U.S. elections in November.

Attacks on voter registration databases are the biggest cybersecurity threat facing the election, argues Dan Wallach, a computer science professor at Rice University who studies the security of electronic voting systems. If an attacker could damage or destroy these databases, say by deleting names, they could effectively “disenfranchise significant numbers of voters,” Wallach told the House Committee on Science, Space, and Technology last month during a hearing on election security.

Federal legislation passed after the “hanging chad” debacle during the presidential election in 2000 requires that each state maintain an electronic database of registered voters. These databases are now typically online, making them vulnerable to cybercrime. In August, we learned that foreign hackers attacked voter databases in Arizona and Illinois. Just last week, Department of Homeland Security officials revealed to the Associated Press that in recent months hackers have in fact targeted voter registration systems in 20 states.

A dedicated adversary could plausibly pursue a number of strategies to disrupt elections by infiltrating voter registration databases in key states. For example, an undetected deletion of voter data before Election Day could lead to a larger-than-expected demand for so-called provisional ballots, which are available for people whose verification info is not immediately available at the polling station. The provisional ballot process is time-consuming, so an attack like this could lead to long lines and wait times, which might cause people to leave without voting.

Hackers could also target a relatively new technology called digital poll books, which election officials are deploying in polling stations all over the country. These systems are essentially computerized versions of the paper lists that poll workers have traditionally used to check in voters. They can shorten wait times and generally improve the convenience of the voting process. But officials in a number of jurisdictions have connected these to the Internet so they can conveniently send information about voter check-ins to other machines important for election management, says Gregory Miller, cofounder of the Open Source Election Technology Foundation, a nonprofit elections technology research institute.

Though most digital poll book systems provide the option to connect to the Internet, we don’t have much information yet regarding the extent to which this is actually going on in polling stations across the country, says Miller. 

There is no federal guidance to date regarding the use of digital poll books. In May, the Election Assistance Commission, the federal body in charge of testing and certifying voting systems, published a checklist of best practices for securing voter registration data. It does not explicitly recommend that this data be kept from the Internet, however.

Ultimately, the Constitution gives states dominion over their elections, so it will be their responsibility to protect databases and polling stations from cyberattacks. According to the AP, 21 states have asked the Department of Homeland Security to help with scans of key websites for vulnerabilities before the November election.

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.