Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level.
Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology — and leave old-fashioned paper tallies behind — created new sets of vulnerabilities that have taken years to fix.
“There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”
The alleged Russian hacks to voter registration systems in Arizona and Illinois exposed one of the major weak spots in election systems. Deleting or altering data on voter rolls could cause mayhem on Election Day, disenfranchising some voters. Many voting machines themselves also are vulnerable, especially touch-screen systems that do not create a paper record as a guard against fraud or manipulation.
Several swing states, including Pennsylvania, Florida and Virginia, have insecure touch-screen systems in some jurisdictions. Other states, such as Georgia and New Jersey, still use them at every polling station.
At stake are not just the results themselves. Faith in the reliability and transparency of balloting, experts say, is crucial to democracy, especially in a year when allegations of voting irregularities already have been aired by politicians, most notably Republican presidential nominee Donald Trump.
While there are few documented cases of electronic systems producing flawed voting results in the United States, experts say fears of potential hacks by foreign intelligence services are legitimate. Government databases of all sorts have been routinely pilfered by hackers for years, meaning that voter rolls likely are vulnerable too.
“I am not an expert on reading Vladimir Putin’s mind, and I don’t know what he’s up to if anything, but if your goal is to simply cause chaos, then destroying the voter registration databases would be an excellent way to cause chaos,” said Dan S. Wallach, a Rice University computer science professor who has long studied the security of election systems.
When it comes to voting machines, experts say the most secure systems rely on the strengths of old technologies and new ones. Voting machines with optical scanners, for example, use computer technology to read paper ballots in which voters fill in a bubble next to their preferred candidates. This creates both an electronic tally and a paper record, as do some newer touch-screen systems.
The combination is difficult for even the most sophisticated hackers to defeat. Some states require automatic auditing of selected results to verify that computerized and paper totals are the same. In the case of controversy, recounting is a possible if cumbersome remedy.
Systems that collect only digital records offer many possible targets for hackers — at polling machines, at counting stations and on the computers that collect and tally up overall results for a jurisdiction. Princeton researchers showed in 2006 that one widely deployed electronic voting machine was vulnerable to a virus that could be carried on memory cards used to collect totals. Once installed, such a virus could quietly tweak results for years without detection.
Even when electronic systems are insecure, paper records allow for auditing and verification. Such reviews have caught software errors that could have affected the outcomes of elections.
In a 2006 Republican primary in Pottawattamie County, Iowa, an election official noticed that a little-known candidate was close to beating a popular incumbent. When the official ordered a hand count of the ballots, they uncovered a programming mistake that was tipping the election toward the challenger.
Fairfax County, Va., probed its new voting machines in 2003 after Election Day malfunctions, including one where some machines appeared to subtract 1 out of every 100 votes for a candidate who lost a close school board election.
Maryland recently switched to secure optical scanners for its elections. Virginia has been upgrading its systems and is expected to complete the transition by 2020. (For a map of the technology used in particular jurisdictions, look here.)
The nationwide trend is toward adoption of systems that produce paper and electronic records; they are deployed universally in 35 states and in many counties elsewhere, according to tracking by Verified Voting Foundation, a California-based nonprofit group that monitors voting technologies. Pamela Smith, president of Verified Voting Foundation, estimated that more than 75 percent of U.S. voters cast ballots on machines that create a reliable paper trail.
"When you have voters marking a physical ballot, it's pretty easy to check — and it's obvious what's being counted,” Smith said. “Those physical records of voter intent can be used for a postelection audit to check the software on a system counting the votes or if a candidate requests a recount or one is required because the margin of victory is small. It lets election officials use that record to demonstrate that the count was correct.”
More than just vote tallies can be in peril. The alleged Russian intrusions into voting systems in Arizona and Illinois, which prompted the FBI to issue warnings to election officials in June, could have targeted voter lists or other personal data kept on state databases. Altering lists of registered voters could potentially cause long lines or other problems on Election Day, leading some people to not cast ballots.
The 2000 presidential election, won by George W. Bush after weeks of wrangling over “butterfly ballots,” “hanging chads” and other flaws with paper balloting systems, prompted Congress to outlaw punch ballots and allocate $3 billion to help states switch to supposedly secure electronic systems.
Much of the first wave of new technologies, however, left no paper record of voter intent and often relied on outdated hardware and software. Technology experts warned of the security risks, but several states made major investments in flawed machines before there was widespread consensus among election officials that paper verification was essential.
"The systems are absolutely horrible,” said Joe Hall, chief technologist for the Center for Democracy and Technology. "Some of these systems are essentially 15- to 20-year-old computers, and there's only so much you can do to try to protect them, unfortunately.”