Stronger election security with less technology
- By Chase Gunter
- Sep 11, 2017
With the wide variety of voting systems technology and uneven security requirements in local jurisdictions across the country, the best defense against election hacking may involve less technology, experts said.
"I don't have a lot of confidence" in the security of election equipment, said Alex Halderman, who is director of the University of Michigan's Center for Computer Security and Society and researches voting machine security.
"The machines have vulnerabilities that could allow someone to hack in and alter the software that's running on them," he said at a Sept. 8 Brookings Institution discussion. "You don't even need physical access to the machines."
Nor do the machines need to be connected to the internet to be prone to manipulation, Halderman added.
"With just momentary access to the memory card that's used to program the ballot for the election, we could insert vote-stealing software that would then reprogram the machine ... and select whoever we wanted as the winning candidate," he explained.
Halderman added that even if American machines were not manipulated by a foreign government in 2016, "I think it's a matter of time" before vote tampering occurs, if the vulnerabilities are left unaddressed.
Retired four-star Gen. John Allen said that "now, in many respects, the first line of defense of American democracy, and last line of defense of American democracy, is in the hands of our states and our counties."
Allen, a 40-year Marine veteran and co-director of Brookings' Center for 21st Century Security and Intelligence, added, "while the process of voting is certainly a local issue, it's really a national security issue."
"The problem is, there are very unlevel approaches from county to county and state to state across the country" whose capacities for cyber defense can be very limited, said Allen. "One of the reasons is because we don't impose federal standards on this process."
Halderman suggested that while installing layered defenses and purchasing more secure technology would help, he advocated for less reliance on technology in the electoral process.
"Essentially, what we need is a system that relies on physical fail-safes" and conducts paper-based post-election audits, he said.
A Brennan Center study estimated that replacing paperless machines nationwide would incur a one-time cost between $130 million and $400 million. Halderman added that, based on his own estimate, conducting post-election audits for every federal race would cost about $20 million annually.
Chase Gunter is a former FCW staff writer.