Russia’s recent hack of the Democratic National Committee has some voters concerned that the 2016 presidential election could become the target of hackers looking to manipulate its outcome. GOP candidate Donald Trump has added fuel to the anxiety, casting doubt on the legitimacy of Tuesday’s election and suggesting that he might not accept the results if he loses.
But how vulnerable is the election to hacking, really?
According to the Department of Homeland Security and the Office of the Director of National Intelligence, not very. In a joint statement released last month, the agencies said it would be “extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion.”
The statement credits “the decentralized nature of our election system” and “the number of protections state and local election officials have in place” for the agencies’ confidence.
Among those protections is the disconnection of voting machines from the internet, which precludes the targeting of any system used across the country by hackers. Furthermore, each system is determined locally by individual states and counties, making it difficult for meddlers to sway the results of a national election.
“We don’t have a national voting system. What we have is voting systems that are specific to a local jurisdiction,” Pamela Smith, president of the non-partisan lobbying group Verified Voting, told TheWrap. “And that matters because there have been international elections that have been tampered with over the internet, but they’ve been situations where there’s been a national election service or system. We don’t have that.”
Individual local results, however, could easily fall victim to tampering. Researchers like Andrew Appel, a Princeton professor and member of Verified Voting’s board of advisors, have found that hacking electronic voting machines is “child’s play.”
“It’s not just the voting machines themselves — it’s the desktop and laptop computers that election officials use to prepare the ballots, prepare the electronic files from the OpScan machines, panel voter registration, electronic poll books,” Appel said in an interview with Politico Magazine. “If any of those get hacked, it could significantly disrupt the election.”
There were some who wondered if last month’s massive DDoS attack, which affected major sites including Amazon and Twitter, may have been a mere trailer for a larger, more destructive Election Day attack.
“If someone really wanted to, they could possibly disrupt the reporting system, the process by which jurisdictions report their results on election night,” Smith said. “That of course would be disruptive, but it wouldn’t affect the actual vote. It might just take longer for everyone to know what the count is.”
The far more likely scenario, though, is a simple voting machine error resulting in an incorrect result.
“There was a case in Long Beach County in 2012, where they did a post-election audit and found out there was a programming error which resulted in the wrong people being declared the winner,” Smith said. “And it affected more than one contest. They found it because they audited one contest, but it turned out it affected other parts of the ballot.”
In either case, Smith says the best defense against errors in voting results is the same: A paper trail. Whether that means a paper ballot physically marked by voters or a printout from an electronic voting machine, paper results can be double-checked for accuracy.
“Paper is a technology that just works really well for elections,” she said. “It seems old school when you think about it, but if you have a polling place where the voters are using a machine interface to mark their choices, if those machines broke down on election day or failed to boot up, you’d need emergency paper ballots to service voters … It solves a number of problems even beyond tampering.”
The good news is that most of the country does have some kind of paper trail for voting results — especially in the critical swing states — which Smith says is a big improvement from previous years. “The only ones that we still have concerns about are the parts of Virginia that are still paperless, and most of Pennsylvania is paperless,” she said.
Local officials take a number of precautions to ensure the accuracy of results come election day, including a pre-election check of the voting machines and, in most states, a post-election audit.
“You could boil down what we advocate for into five words: Auditable systems being robustly audited,” she said. “There’s no reason not to pilot an audit. Just go ahead and do a manual check if you have the authority to do so. Check a percentage of the ballots after the fact to make sure the tally matches up.”
But even if the voting process is too decentralized for a technical error to affect the outcome of the 2016 presidential election, experts warn that the uncertainty is the real danger.
“You have to have a certain level of confidence. The one way to be sure your vote won’t count is to not show up,” said Smith.
Related stories from TheWrap: