After a cyberattack forced a local Alaska government to disconnect its computer systems from the Internet this summer, employees were ready with a Plan B. They picked up pens and paper — and even resorted to typewriters — so that the government could continue its daily work, from collecting property taxes to checking out books at public libraries.
In a Cybersecurity 202 column, the Washington Post references security professionals who recommend that government officials “should just assume they will be hacked.”
Although the focus of this column is cybersecurity planning, similar to crisis communication planning, let’s extend the premise (assume you’ll be hacked) to voting.
There are two places where computing systems are vulnerable: voter registration databases and ballot tabulation.
Voters who arrive at a polling place to be told that they are not on the rolls should insist on a (paper) provisional ballot. It’s possible that their voting records were purged; but it’s also possible the system was hacked.
Tabulation systems should not be connected to the Internet, but news reports suggest that this best practice is sometimes violated. If a recount is needed, best to recount paper ballots. If a computing system counts its own numbers twice and reaches two different outcomes, there is a serious problem.
Five states vote entirely on computers (direct recording equipment or DREs) with no paper back-up: Delaware, Georgia, Louisiana, New Jersey, and South Carolina.
Georgia's voting systems are one of five states that are all electronic and have no paper trail — leaving it especially vulnerable to manipulation. A federal judge ruled in Sept that state offficals have "buried their head in the sand" rather than make changes https://t.co/eIEqMer1BJ
— Astead (@AsteadWesley) October 19, 2018
According to the Brennan Center for Justice at the New York University School of Law, 13 states use paperless voting systems or computers (DREs) that are no longer manufactured (Arkansas, Delaware, Georgia, Indiana, Kansas, Kentucky, Louisiana, Mississippi, New Jersey, Pennsylvania, South Carolina, Tennessee, and Texas).
The U.S. House Committee on House Administration included Texas in a list of the “Top 18 Most Vulnerable States” for election hacking. From a Texas Monthly analysis of that state’s voting system, Dan Wallach, computer science professor at Rice and expert on election security issues:
From a security perspective, the systems that we use, these electronic voting systems, were never engineered with the threat model of foreign nation-state actors… I have no idea if anybody’s planning to exploit them, but there’s no question that the vulnerabilities are present.
USAToday provides recent examples of flawed voting systems that impaired voter ability to cast a correct ballot (not direct manipulation of tabulation processes):
- On Election Day 2016 in Durham, NC, “scores of voters were turned away from polling places or incorrectly told they had already voted because of inaccuracies” in polling books. “It was unclear what the problem was, but hacking is a possibility and could happen again.”
- In Nevada’s June primary, more than 300 voting machine malfunctions, including some candidates being left off ballots, led to “a rare special election in Clark County.”
- In Arizona’s August primary, “contractors in one county failed to set up electronic poll books in 62 locations until hours after the polls opened. Some people who couldn’t wait did not get to vote.”
Voting on paper won’t resolve all of these problems, but it would have helped in Nevada.