How to hack an election—and what states should do to prevent fake votes
Donald Trump won the 2016 presidential election thanks to the votes of just 107,000 people in three states. The intricacies of the Electoral College help create situations where a relatively small number of US citizens can decide who wins the presidency. How susceptible could these votes be to tampering? The answer: a lot more than you might realize.
In a live demonstration at MIT Technology Review’s EmTech conference today, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, showed just how easy it would be to meddle with vote tallies to directly change election outcomes.
Halderman brought an AccuVote TSX machine to the stage in a live demonstration of the dangers. He had three volunteers use the machine to vote in a mock election between George Washington and Benedict Arnold. Cameras pointing at the screen and projected above the stage showed the three voters casting their ballots for Washington. Yet when Halderman printed the returns from the machine, the reported result was a two-to-one victory for Arnold.
How did it happen? Through tampering with the ballot programming. For every election, officials have to program the candidates into the machine using a physical memory card. Halderman infected this card with malicious vote-stealing software before any voters got anywhere near the polling booths.
“This machine you saw here is used in 18 states, and some of the states, including Georgia, use an even older version of the software than I showed here today,” he said.
Beyond the machines people use to cast their votes, the main targets for someone trying to tamper with a US election are voter registration databases and the electronic devices used to check voters in at polling stations, according to Ron Rivest, Institute Professor at MIT.
If this all sounds terrifying, don’t panic. There are simple steps the authorities can take to mitigate the threat of an attack.
“We need paper verifiable ballots, no internet voting, and we need to ensure we can audit ballots properly. Some kind of paper trail the voter can use to verify their vote is very important,” Rivest said.
At a national level, $380 million was allocated for shoring up election security in March, and the Secure Elections Act is currently working its way through Congress. This would require states to have audit processes and paper trails for their elections, moves both Rivest and Halderman strongly support.
Meanwhile, West Virginia is set to use a blockchain to verify votes this fall. Might this be the answer?
Rivest is unequivocal. “Absolutely not. For many applications, voting included, blockchain is just a poor database choice. It takes things you put in it and preserves them forever. It’s a very poor fit for voting,” he said.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
IBM wants to build a 100,000-qubit quantum computer
The company wants to make large-scale quantum computers a reality within just 10 years.
The inside story of New York City’s 34-year-old social network, ECHO
Stacy Horn set out to create something new and very New York. She didn’t expect it to last so long.
Making the world a data-driven place with the cloud
Cloud data modernizations is a key enabler to spur innovation and get real value out of your data, says PwC’s Anil Nagaraj and Microsoft’s Kim Manis.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.