Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

How Hackers Could Send Your Polling Station into Chaos

Election security experts say officials should prepare for cyberattacks that target data about voters.

Hackers looking to disrupt the election on November 8 could have better luck stealing your voter registration information than your ballot.

Indeed, election security experts say Internet-connected voter registration databases could prove to be the biggest vulnerability this Election Day. They say election officials should develop contingency plans to safeguard their precincts from cyberattacks, like ensuring that there is a paper record or other kind of reliable backup of the voter database on hand at the polling station.

During this election season we’ve seen cyberattacks on the e-mail servers of the Democratic National Committee and state voter registration databases, which have heightened concerns that a nation-state adversary like Russia could use the Internet to disrupt the U.S. elections in November.

Attacks on voter registration databases are the biggest cybersecurity threat facing the election, argues Dan Wallach, a computer science professor at Rice University who studies the security of electronic voting systems. If an attacker could damage or destroy these databases, say by deleting names, they could effectively “disenfranchise significant numbers of voters,” Wallach told the House Committee on Science, Space, and Technology last month during a hearing on election security.

Federal legislation passed after the “hanging chad” debacle during the presidential election in 2000 requires that each state maintain an electronic database of registered voters. These databases are now typically online, making them vulnerable to cybercrime. In August, we learned that foreign hackers attacked voter databases in Arizona and Illinois. Just last week, Department of Homeland Security officials revealed to the Associated Press that in recent months hackers have in fact targeted voter registration systems in 20 states.

A dedicated adversary could plausibly pursue a number of strategies to disrupt elections by infiltrating voter registration databases in key states. For example, an undetected deletion of voter data before Election Day could lead to a larger-than-expected demand for so-called provisional ballots, which are available for people whose verification info is not immediately available at the polling station. The provisional ballot process is time-consuming, so an attack like this could lead to long lines and wait times, which might cause people to leave without voting.

Hackers could also target a relatively new technology called digital poll books, which election officials are deploying in polling stations all over the country. These systems are essentially computerized versions of the paper lists that poll workers have traditionally used to check in voters. They can shorten wait times and generally improve the convenience of the voting process. But officials in a number of jurisdictions have connected these to the Internet so they can conveniently send information about voter check-ins to other machines important for election management, says Gregory Miller, cofounder of the Open Source Election Technology Foundation, a nonprofit elections technology research institute.

Though most digital poll book systems provide the option to connect to the Internet, we don’t have much information yet regarding the extent to which this is actually going on in polling stations across the country, says Miller. 

There is no federal guidance to date regarding the use of digital poll books. In May, the Election Assistance Commission, the federal body in charge of testing and certifying voting systems, published a checklist of best practices for securing voter registration data. It does not explicitly recommend that this data be kept from the Internet, however.

Ultimately, the Constitution gives states dominion over their elections, so it will be their responsibility to protect databases and polling stations from cyberattacks. According to the AP, 21 states have asked the Department of Homeland Security to help with scans of key websites for vulnerabilities before the November election.

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.