Hacking the Vote: Security Vulnerabilities and the Future of Voting

With primary elections ongoing, and November quickly approaching, voters are worrying about hacking and how it might affect voting outcomes. From databases on personal voter info to ballot machines, the entire infrastructure continues to be insecure. Let’s look at a few major vulnerable points and what can be done to shore up security: The 2016 Vote A plethora of evidence points to , but what exactly did they do? We know that online systems of 21 states were by Russians, but no information was actually stolen. Russia hacking the 2016 election scanned Illinois, however, was compromising up to 200,000 personal voter records, though no records were changed. Meanwhile, in Arizona, an election official opened a malware-infected email, compromising the official’s credentials. The system itself, however, was not compromised. hit with an attack On a higher level, the Election Assistance Committee, a federal agency that regulates voting machine security, discovered a Russian-speaking hacker had and was looking to sell them. VR Systems, an election system provider for eight states, was also targeted by a Russian phishing scam. . obtained 100 EAC employee credentials At least one of the seven targeted accounts was compromised Whether any of this swayed the vote is moot; the point is that the systems are still vulnerable. Databases One threat is hackers gaining access to voter information databases, such as what happened in Illinois. In theory, information could be changed. is key here. Not only should access be limited, but passwords should be secure and changed often enough to confuse hackers. Database management Voting Machines Stingrays After the databases, the next point of security that’s troublesome is the voting machines themselves. Voting data is sent from voting machines to a central tabulating computer. The problem is that the Department of Homeland Security revealed that . They do not know who is operating the devices. a number of rogue Stingrays, cellphone simulators, were discovered in Washington, D.C Stingrays could intercept results by mimicking cellphone towers. The results could then be altered, shifting the vote in favor of a candidate or bill. The DS200 The DS200 is a popular voting machine that optically scans paper ballots. It’s air gapped — there is no connection to the internet — but it can transmit unofficial results via modem. The problem, Princeton computer scientist , was that there was nothing stopping the poll workers from also sending the official votes via modem. The information could be encrypted, both sender and receiver would need to know the encryption, and a Stingray could still intercept the data. Andrew Appel told the New Yorker While Elections Systems and , the DS200 makers, claim this would be extremely rare, it could still happen. Still, New York, Maryland, Virginia, and Alabama prohibited the use of modems to transmit elections results. Software Ballots There are 13 states that contain counties where the voting machines . These are the most vulnerable, as paperless touchscreen machines are insecure. The actual vote can’t, for example, be verified by a hard copy. The voter may touch one candidate’s name, but the machine could record a different vote; there would be no marked copy to prove who the voter actually voted for. This could be accidental, or it could happen thanks to the introduction of malicious code. This is not a hypothetical, either, as a machine in Pennsylvania’s Venango County , where touching a candidate on the touchscreen caused the vote to count for another candidate. don’t use ballots at all “flipped” votes Worse yet, there’s no actual way to know if the vote was truly counted or not. Again, with no paper copy to back the vote up, the machine could tell the voter their choices were recorded, but then throw out all or part of the vote. In 2017, because of these concerns, 22 voting stations in Virginia converted to paper ballots, and decertified their touchscreen-only machines. While going paper-only is the most secure option, it’s also more time-consuming. Striking a balance between security and ease of use for both voters and poll takers is tricky. It’s clear that the Russian hack of the 2016 election should join the likes of other , such as the Sony breach, which leaked employee data, or the Target data breach, which leaked 40 million credit and debit card records. However, unless voting data and machines are made more secure, votes could be just as fraught with hacking, possibly changing the outcome and altering the future of voters. major security breaches that shaped history future