Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Lyndon French
  • Connectivity

    Hackers are out to jeopardize your vote

    Cyberattacks on the 2016 US election caused states to bolster the defenses of their voting systems. It hasn’t been enough, says the University of Michigan’s Alex Halderman.

    Russian hackers targeted US electoral systems during the 2016 presidential election. Much has been done since then to bolster those systems, but J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, says they are still worryingly vulnerable (see “Four big targets in the cyber battle over the US ballot box”). MIT Technology Review’s Martin Giles discussed election security with Halderman, who has testified about it before Congress and evaluated voting systems in the US, Estonia, India, and elsewhere.

    Lots of things, from gerrymandering to voter ID disputes, could undermine the integrity of the US electoral process. How big an issue is hacking in comparison?

    This story is part of our September/October 2018 Issue
    See the rest of the issue
    Subscribe

    Things like gerrymandering are a question of political squabbling within the rules of the game for American democracy. When it comes to election hacking, we’re talking about attacks on the United States by hostile foreign governments. That’s not playing by the rules of American politics; that’s an attempt to subvert the foundations of our democracy.

    How much has election security improved since the 2016 US presidential election?

    One thing that’s improved is awareness. States are taking the first necessary steps to protect their systems—things like making sure they run vulnerability scans on software, and that electoral staff have security clearance to receive threat intelligence from the federal government. Progress accelerated in March when Congress allocated $380 million in new funding that will help states afford to upgrade insecure equipment and make other improvements, but there’s still a lot more work to be done.

    What element of the voting process worries you the most?

    The part that keeps me up at night is the electronic voting machines. Every machine has to be programmed with the ballot design, and that programming is copied in by election officials on a USB stick or memory card. If someone can infect that programming, they can spread an attack to the machines and potentially tamper with a fraction of the votes without anyone detecting it.

    See related sidebar story for more information on voting and hacking

    So what can be done to address this risk?
    We need to make sure that every vote is recorded on a piece of paper, too. Without paper, there may be no evidence we can go back and look at that would reveal vote tampering. We also need to make attacks as difficult as possible by making sure systems used to program ballot design are locked down and never accessible from the internet.

    What other areas beyond voting machines are vulnerable?
    Voter registration systems connected to the internet are a major concern. In 2016, one of the most worrying cyberattacks was Russian attempts to probe, and in some cases hack into, voter registration databases. We also need to worry about electronic poll books that many states use to check voters in on Election Day. This equipment is often networked, and if it fails it could lead to chaos at the polls.

    How can we bolster defenses here?
    The main thing is to apply the same good security practices developed for protecting other government and industry databases. We also need to have backup procedures in place in case the technology fails.

    Auditing results can catch vote manipulation. Are post-election audits in the US sufficiently robust?
    No. Some states don’t check ballots at all; others examine them in a fixed fraction of precincts, but in a close contest, that might not catch vote tampering concentrated in precincts that aren’t checked. We need “risk-limiting” audits. Here you agree in advance the probability you’re willing to tolerate of an election outcome being manipulated and not detected. You then look at enough paper ballots so the odds of someone getting away with fraud are lower than the target percentage.

    Why don’t we have these audits everywhere?
    States have been slow to adopt new ways of countering cyberthreats. Fortunately, risk-limiting audits don’t have to be particularly expensive. When an election isn’t close, you might be able to confirm the result with high statistical confidence by examining a few hundred ballots across a state; in extremely close elections, you often have to do an automatic recount anyway.

    Would it be better if the US had a federally mandated, nationwide voting system rather than many different state and local ones?
    It might be easier to secure a single, unified voting system, but election administration in the US is the responsibility of state and local governments, and I don’t see that changing soon. What we can do is to set national standards for election cybersecurity that states should meet or exceed.

    Could one tie federal money for securing elections to the adoption of those standards at the state level?
    That could be quite effective, and there’s a bipartisan draft bill in Congress called the Secure Elections Act that would do just that.

    What would have to happen for online voting, Estonia-style, to become broadly viable in the US?
    Online voting carries extremely big risks. You need to protect internet-­connected servers running the election from sophisticated adversaries and protect voters’ own devices from malware. That’s why Estonia is the only country where national elections are largely online, and its system is unlikely to withstand a concerted attack. It may be decades before we’re able to secure online systems to the same level we expect from voting in polling places today.

    Some people have floated the idea of blockchain-based voting systems. Are you a fan?
    Blockchain doesn’t fix the hard parts of securing online elections. It’s just another form of recording votes. If attackers compromise voters’ devices or the servers that record votes and log them to the blockchain, they can still manipulate election outcomes. There are no easy solutions here.

    AI is here.
    Own what happens next at EmTech Digital 2019.

    Register now
    More from Connectivity

    What it means to be constantly connected with each other and vast sources of information.

    Want more award-winning journalism? Subscribe to Insider Plus.
    • Insider Plus {! insider.prices.plus !}*

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      Print + Digital Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

      Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

      10% Discount to MIT Technology Review events and MIT Press

      Ad-free website experience

    /3
    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.