RSN Fundraising Banner
FB Share
Email This Page
add comment
Print

Halderman writes: "There is one absolutely essential security safeguard that protects most Americans' votes: paper."

Voters cast their ballots on electronic voting machines. (photo: AP)
Voters cast their ballots on electronic voting machines. (photo: AP)


Want to Know if the Election Was Hacked? Look at the Ballots

By J. Alex Halderman, Medium

25 November 16

 

You may have read at NYMag that I’ve been in discussions with the Clinton campaign about whether it might wish to seek recounts in critical states. That article, which includes somebody else’s description of my views, incorrectly describes the reasons manually checking ballots is an essential security safeguard (and includes some incorrect numbers, to boot). Let me set the record straight about what I and other leading election security experts have actually been saying to the campaign and everyone else who’s willing to listen.

ow might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs — though the country might be surprised when results in several close states were off from pre-election polls.

Could anyone be brazen enough to try such an attack? A few years ago, I might have said that sounds like science fiction, but 2016 has seen unprecedented cyberattacks aimed at interfering with the election. This summer, attackers broke into the email system of the Democratic National Committee and, separately, into the email account of John Podesta, Hillary Clinton’s campaign chairman, and leaked private messages. Attackers infiltrated the voter registration systems of two states, Illinois and Arizona, and stole voter data. And there’s evidence that hackers attempted to breach election offices in several other states.

In all these cases, Federal agencies publicly asserted that senior officials in the Russian government commissioned these attacks. Russia has sophisticated cyber-offensive capabilities, and has shown a willingness to use them to hack elections. In 2014, during the presidential election in Ukraine, attackers linked to Russia sabotaged the country’s vote-counting infrastructure and, according to published reports, Ukrainian officials succeeded only at the last minute in defusing vote-stealing malware that was primed to cause the wrong winner to be announced. Russia is not the only country with the ability to pull off such an attack on American systems — most of the world’s military powers now have sophisticated cyberwarfare capabilities.

Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other. The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania. Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts.

What’s to stop an attack like this from succeeding?

America’s voting machines have serious cybersecurity problems. That isn’t news. It’s been documented beyond any doubt over the last decade in numerous peer-reviewed papers and state-sponsored studies by me and by other computer security experts. We’ve been pointing out for years that voting machines are computers, and they have reprogrammable software, so if attackers can modify that software by infecting the machines with malware, they can cause the machines to give any answer whatsoever. I’ve demonstrated this in the laboratory with real voting machines — in just a few seconds, anyone can install vote-stealing malware on those machines that silently alters the electronic records of every vote.

It doesn’t matter whether the voting machines are connected to the Internet. Shortly before each election, poll workers copy the ballot design from a regular desktop computer in a government office, and use removable media (like the memory card from a digital camera) to load the ballot onto each machine. That initial computer is almost certainly not well secured, and if an attacker infects it, vote-stealing malware can hitch a ride to every voting machine in the area. There’s no question that this is possible for technically sophisticated attackers. (If my Ph.D. students and I were criminals, I’m sure we could pull it off.) If anyone reasonably skilled is sufficiently motivated and willing to face the risk of getting caught, it’s happened already.

Why hasn’t more been done about this? In the U.S., each state (and often individual counties or municipalities) selects its own election technology, and some states have taken steps to guard against these problems. (For instance, California banned the use of the most dangerous computer voting machines in 2007 as a result of vulnerabilities that I and other computer scientists found.) But many states continue to use machines that are known to be insecure — sometimes with software that is a decade or more out of date — because they simply don’t have the money to replace those machines.

There is one absolutely essential security safeguard that protects most Americans’ votes: paper.

I know I may sound like a Luddite for saying so, but most election security experts are with me on this: paper ballots are the best available technology for casting votes. We use two main kinds of paper systems in different parts of the U.S. Either voters fill out a ballot paper that gets scanned into a computer for counting (optical scan voting), or they vote on a computer that counts the vote and prints a record on a piece of paper (called a voter-verifiable paper audit trail). Either way, the paper creates a record of the vote that can’t be later modified by any bugs, misconfiguration, or malicious software that might have infected the machines.

After the election, human beings can examine the paper to make sure the results from the voting machines accurately determined who won. Just as you want the brakes in your car to keep working even if the car’s computer goes haywire, accurate vote counts must remain available even if the machines are malfunctioning or attacked. In both cases, common sense tells us we need some kind of physical backup system. I and other election security experts have been advocating for paper ballots for years, and today, about 70% of American voters live in jurisdictions that keep a paper record of every vote.

There’s just one problem, and it might come as a surprise even to many security experts: no state is planning to actually check the paper in a way that would reliably detect that the computer-based outcome was wrong. About half the states have no laws that require a manual examination of paper ballots, and most other states perform only superficial spot checks. If nobody looks at the paper, it might as well not be there. A clever attacker would exploit this.

There’s still one way that some of this year’s paper ballots could be examined. In many states, candidates can petition for a recount. The candidate needs to pay the cost, which can run into millions of dollars. The deadlines for filing recount petitions are soon — for example, this Friday in Wisconsin (margin 0.7%), Monday in Pennsylvania (margin 1.2%), and the following Wednesday in Michigan (margin 0.3%).

Examining the physical evidence in these states — even if it finds nothing amiss — will help allay doubt and give voters justified confidence that the results are accurate. It will also set a precedent for routinely examining paper ballots, which will provide an important deterrent against cyberattacks on future elections. Recounting the ballots now can only lead to strengthened electoral integrity, but the window for candidates to act is closing fast.

Much more needs to be done to secure America’s elections, and important new safeguards could be put in place by 2018. States still using paperless voting machines should replace them with optical scan systems, and all states should update their audit and recount procedures. There are fast and inexpensive ways to verify (or correct) computer voting results using a risk-limiting audit, a statistical method that involves manually inspecting randomly selected paper ballots. Officials need to begin preparing soon to make sure all of these improvements are ready before the next big election.

e-max.it: your social media marketing partner
 

Comments   

We are going to return to our original fully-moderated format in the comments section.

The abusive complaints in the comment sections are just too far out of control at this point and have become a significant burden on our staff. As a result, our moderators will review all comments prior to publication. Comments will no longer go live immediately. Please be patient and check back.

To improve your chances of seeing your comment published, avoid confrontational or antagonistic methods of communication. Really that is the problem we are confronting.

We encourage all views. We discourage ad hominem disparagement.

Marc Ash
Founder, Reader Supported News

 
+32 # LiberalRN 2016-11-25 22:42
I will be astonished if all the ballots are found. The elections officers of these states are, after all, Republicans.
 
 
+4 # grandlakeguy 2016-11-27 23:23
Now that the recounts are going forward I certainly hope that they look at the Senate and house races as well!

It is nothing new that Republicans have been stealing elections in ever increasing amounts since 2000.

Who can forget the classic 2012 Karl Rove meltdown on Fox "news" when his scheme to steal Ohio (again) backfired?
 
 
+23 # ReconFire 2016-11-25 23:17
Least we forget the real test for honest elections are exit polls. If they vary from the results, you've got a problem.
 
 
+5 # ptalady 2016-11-25 23:55
If you can trust the pollsters.... According to RSN article of November 16, the MSM pollsters routinely adjust their exit poll results to reflect the "actual" (or fake) vote count.
 
 
-16 # MidwesTom 2016-11-26 09:39
One of the largest areas of voter fraud are those who are registered in one location, and then move and register in a different location. There are 46,000 people register to vote in Florida, who are also registered in NY.
 
 
+14 # HowardMH 2016-11-26 10:34
Just because those people are registered in more than ONE State, sure doesn’t mean they voted there. Get real.

I lived in SC, MS, OH, MI, CO, CA, MD, VA, ND and NY. Wonder if I am still registered to vote in all those states, because I sure didn’t tell them I was leaving when I got transferred? I also voted absentee with I was in Turkey.
 
 
0 # California Neal 2016-11-26 16:43
Someone distracted me when I was about to "minus" Tom, & I accidentally "minused" Howard here. I actually wanted to "plus" him. So Howard's total should be +2 on what shows. Sorry, Howard.
 
 
+1 # REDPILLED 2016-11-26 20:43
Voter fraud is so rare as to be insignificant.

Election fraud, however, has been perpetrated many times by both major parties. In my own lifetime, in 1960, probably with Chicago giving JFK the election, and definitely in Florida in 2000 and in Ohio in 2004.

2016 may very likely be yet another example of election fraud.
 
 
+17 # Ted 2016-11-26 09:55
ALERT!

A lot of MIS-INFORMATION (and DIS-INFORMATION ) is being circulated by the corporatist media outlets concerning the "re"count effort.

NO, the filing window for the "re"count in Pennsylvania has NOT passed.

NO,the Green Party CAN NOT and Will not be able to use any "re"count funds raised for any other purpose except the "re"count.

For more in-depth and truthful information about the "re"count, visit these sites;

https://jillstein.nationbuilder.com/recount

http://www.alternet.org/green-party-recount-update-lawyers-activists-organizers-get-going-wisconsin-and-pennsylvania

(on a personal note, I strongly suggest cancelling your cable bill.)
 
 
+29 # grandlakeguy 2016-11-26 00:02
Until we have a nationwide standard of hand counted paper ballots all results will remain highly suspect.
Election theft has been the norm here for years...look at what the DNC did to Bernie Sanders in the Primaries.

It is all "election theater" and it is nothing less than the theft of our freedom!
 
 
-15 # MidwesTom 2016-11-26 09:45
Strangely when the US is playing it's role as a nation builder one of basic requirements we impose on the population is a strict system of voter identification. Yet were we have people opposed to voter identification. For decades has been the Liberals calling for loser and loser voting rules, and they got them. and what did those lose rules bring us---Trump. Over ID laws may have swung the vote.
 
 
+12 # California Neal 2016-11-26 16:57
No, Tom. Republican voter suppression laws brought us Trump. A flood of those laws followed the vote of 5 Republican SCOTUS Justices to gut the Voting Rights Act.

Also, Republican campaign money brought us Trump. They've been free to buy elections since the same 5 Justices scuttled campaign finance laws in Citizen's United.

Finally, Republican destruction of unions over the decades, & the failure of both parties to fund job programs in the Rust Belt & elsewhere, destroyed the working class & left millions of angry voters who wanted the "change" candidate. And millions of "respectable" Republicans were willing to vote for a racist xenophobic misogynist with no government experience & clear conflicts of interest.
 
 
+1 # RLF 2016-11-28 07:55
To the shame of the Democratic party...they have become the party of no change/corporat e collusion.
 
 
+25 # lfeuille 2016-11-26 00:59
Enough with the Russians. Podesta was hacked by a simple phishing scheme that any teenage hacker novice could have pulled off. I don't know how Podesta managed to remain unaware of the danger of phishing,, but he fell for it. I'm sure we will eventually find the same holds for the DNC, and if there was hacking of election machines it was done by the RNC who has decades of experience in dirty tricks. No need for sophisticated Russian cybercriminals.

I agree we should only use paper ballots.
 
 
+13 # LionMousePudding 2016-11-26 03:07
If I hadn't seen such aggressive and vicious voter suppression I would be more appeased by this certainly very helpful solution. If i didn't know so much about caging and other ways Democrats are kept from the voting booths.

Even as I managed to get past the guy sending people home on spurious errands before they could vote, and saw there was actually a paper trail, I don't know why a machine that changed votes wouldn't change them at the outset. I was not shown my paper slip.

Optical scanning is the best i can think of. The papers come directly from each voter and can be counted.

But really what we need are UN help and oversight. I do not believe this country will ever have an honest electoral system until serious nationwide attention can come from outside the political mechanism.

Will they oust Trump? If it weren't such a world-wide disaster, it would be exciting.
 
 
+22 # gentry cooper 2016-11-26 03:13
Oh just stop it with this silly Russian hacking crap. The elite corporate, banking, and financial interests stole this election as they have others in the past. I'm just sick of this stuff about about Americans not taking responsibility for and blaming others for their evil ways. Get it through your thick heads people the U.S. as it is today is run by evil people who are americans. Not Russian. The U.S. has always been run to some extent by evil people. Just look at history. Those leaders were evil enough to commit genocide and concoct slavery and a good portion of good wholesome Christian Americans went along with the enslavement of Black people and darn near every American went along with the genocide against the Native Americans. And yes today a good portion of Americans would do the same thing right now today. I know the police and U.S. military would. And corporate, financial, and banking interests would for profit. As far as stealing, hacking, interfering with other countries'elect ions and elections here in this country, the U.S. takes a back seat to no one. And the same for murdering and bombing other peoples. I believe since WW2, the U.S. has killed more people than all other nations combined. Can hardly get much worse than that. Oh, yes they even force poor cities to drink poisoned water. Yes I'do say they are capable of hacking their own elections.
 
 
+8 # PeacefulGarden 2016-11-26 04:53
Could not have said it better. Thank you Gentry Cooper!
 
 
+2 # librarian1984 2016-11-26 13:07
Totally agree -- and quite cathartic too :-)
 
 
+13 # polfrosch 2016-11-26 05:09
What is left of a democracy, if some group can manipulate the election?

What kind of democracy is offering the chance to tamper with the elections?

In the NSA country 3rd rate procedures are used for elections, the founding stone of any democracy?

What does that tell you about the state of the US democracy?

"It´ enough the people know there was an election. The people who cast the vote decide nothing. The people who count the votes decide everything." Josef Stalin

Obviously democracy is not what our political systems in the "free world" - not only yours in the USA - cherish the most.

Will we all just swallow this corruption and go on working (or stay unemployed), shopping, watching ever more empire wars on tv?

A first, crucial step is counting paper in elections, like this excellent article states. A basic procedure. Any politician acting against it has told you which side he is on.

There are far too many people in your US jails. And the right ones are missing. (pun intended)
 
 
-6 # markovchhaney 2016-11-26 08:07
And why is it so certain that the folks doing the manipulating here are all Republicans pushing Trump? No possibility of Clinton supporters doing any stripping or flipping? Did the people who helped HRC steal the nomination in some states suddenly get taken to heaven by The Rapture?

No domestic hackers, right? They're all bomb-throwing, bearded anarchists and commies from Red is for Russia. Or Chinese Nationals, as someone claimed yesterday here.

How did Obama win two terms? In elections where the GOP had to know that lots of "colored" people would be voting for him, why not massive strip and flip campaigns to give the White House to McCain or Romney? Or maybe the parties take turns. Two terms for Georgie Boy, two for your dark neoliberal, now two for the Donald.

How is it that Michigan, which is controlled by the GOP and has been for longer than the 25 years I've lived here, has had two Democratic US senators for all but six years in that time, a one-and-done win by the execrable and pathetic Seth Abraham? That's a lot of senatorial races to let go to Dems. Heck, we even had a two-term Democratic (albeit Canadian) governor.

If Wisconsin couldn't get rid of Scott Walker, it's not so shocking that it went for Trump.

As for Pennsylvania, I blame the Penguins and Sid Crosby.
 
 
+4 # gentry cooper 2016-11-26 09:53
Because those two so called democratic senators are Dino's. They are centrist Democrats who vote with republicansome on all issues financial, banking, and war making. Just go check their voting record during the years you mentioned and you fill find that on those issues they are virtually indistinguishab le from the most conservative republican.
 
 
+4 # librarian1984 2016-11-26 13:15
Yes, it's easy to throw accusations around or to believe the worst is all around us, but we have to be willing to examine the evidence.

I believe we cannot trust voting machines with proprietary software, though I have no way to judge their performance other than the external evidence, and that evidence is not totally consistent with GOP cheating -- or at least not ONLY with GOP cheating.

Remember Rove having an apoplectic fit when the 2004 OH results came in? THAT was pretty good evidence that a 'fix' had not gone according to plan. But there are so many types of cheating going on -- purged rolls, malfunctioning or missing machines, ID laws, gerrymandering, flipped votes, manipulative polls etc. -- who is to know what an honest election would deliver?
 
 
+2 # revhen 2016-11-26 10:29
"Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other."

The more I read the more I'm convinced the vote results were changed. The one screaming against vote rigging was the one most guilty of it. A combination of distractive rhetoric and psychological projection.
 
 
+6 # tedrey 2016-11-26 11:12
People (being people) are determined to monitor and investigate the parties, voting methods, and results they want to change, and ignore those they'd like to accept. Even this very article, with its complete ignoring of such matters as the Republican fiddling wih Diebold machines in Bush elections and the DNC manipulations during the recent primary, raises doubts about its impartiality.

I myself am not unbiased and would not trust myself to decide which elections, voting methods, and results should be monitored in future elections. What this election does teach me is that no entity involved can be trusted to rise above such biases. ALL must be monitored. A new squeaky-clean system must be put in place. (Also, imho, there should be a significant non-American contingent involved in the monitoring.)
 
 
+5 # tedrey 2016-11-26 11:14
By the way, this should cost significantly less than the $1,000,000,000, 000s slated for refurbishing the nuclear arsenal that past electoral winners have planned for us and that future ones could brandish.
 

THE NEW STREAMLINED RSN LOGIN PROCESS: Register once, then login and you are ready to comment. All you need is a Username and a Password of your choosing and you are free to comment whenever you like! Welcome to the Reader Supported News community.

RSNRSN