A View from Christopher Mims
How Long Before Hackers Steal Votes?
In the U.S., the only things standing between democracy and election fraud are a few pieces of adhesive tape.
When the stakes are high enough, hackers have figured out how to defeat all manner of computers not even connected to the internet: ATM machines, credit card readers on gas pumps; you name it. How long then, in a society in which elections are already bought and sold through political action committees and K-Street lobbying, before the monetary incentive to steal votes from the latest generation of voting machines exceeds the difficulty of pulling it off?
That, indirectly, is the question asked and answered in a just-released judge’s summary (pdf) of testimony from a trial conducted in 2008-2009 in which the state of New Jersey was sued for insufficiently guaranteeing the physical security of its electronic voting machines.
Experts called during the trial asserted that that the state’s existing security methods, consisting primarily of tape that should reveal evidence of tampering if key parts of a voting machine are removed or opened, were insufficient. So New Jersey expanded the number of physical seals on its machines from three to six. Subsequently, the same experts testified that these measures were essentially useless in the absence of training for election workers in the proper use of these seals, and that the seals interfered with legitimate maintenance of the machines.
In other words: New Jersey’s electronic voting machines, which are emblematic of machines across the U.S., remain vulnerable to attack by hackers who could inject software or hardware to skew vote counts.
If the idea of motivated hackers turning to this method of election fraud sounds far-fetched, check out this scenario from an October 2010 paper (pdf) by Andrew Appel, chair of the department of computer science at Princeton University:
Candidates for the presidency of the United States routinely spend hundreds of millions of dollars to get elected; candidates for Governor of New Jersey sometimes spend tens of millions. Independent groups not associated with the candidates routinely spend millions of dollars. Volunteers and party workers routinely devote hundreds of hours to political campaigns, even separately from the flow of money. Even candidates are quite honest can sometimes attract supports who are willing to use unethical or fraudulent means. If there is a limitation on resources, it is not in “how much is it worth to get elected?,” but more in “how many people can be involved in an election fraud before word leaks out?”
Appel goes on to describe the myriad circumstances in which voting machines are accessible to members of the public. Insiders like election workers and those with access to the warehouses in which machines are stored could have continuous access to voting machines for long periods of time.
Outsiders also have access to voting machines, which, owing to their size and weight, are often left unattended for days in polling locations like schools and community centers.
Literally the only guarantee that these machines haven’t been compromised are the physical seals on them. The machines are locked, of course, but beyond locks, these seals primarily consist of measures that should show evidence of tampering, if they’re broken. If these measures are truly as inadequate as experts believe they are, the next step is hacking the software of the machine itself:
DRE voting machines are very vulnerable to software-based fraud: if an attacker replaces the firmware (software) that determines how the computer interprets button-presses on the user interface, then he can make the machine fraudulently miscount votes according to an algorithm he determines. He can choose the algorithm so as to resist detection by black-box testing, that is, not to cheat in circumstances other than in real elections. In real elections, of course, the privacy of the ballot prevents interviewing the voters to learn how they voted, so unlike (for example) bank ATMs there is no end-to-end way to audit a “paperless” DRE.
Ironically, it’s the sanctity of the voting booth that makes fraud through electronic voting machines potentially undetectable. Remember the U.S. presidential election of 2000? At least we had hanging chads to count.
h/t Andrew Appel
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today