US elections and the hacking of e-voting machines
As the day when US citizens cast a vote for their preferred presidential nominee quickly approaches, the issue of whether the actual voting process can be tampered with is a topic that interests many.
It is widely believed, but never officially confirmed, that the DNC hack – and subsequent leaking of data stolen during the breach – is the work of hackers backed by the Russian government and president Vladimir Putin.
As Harvard law professor and former US assistant attorney general Jack Goldsmith pointed out to Ars Technica, the Russian government has, in the past, used “social media disinformation, denial of service attacks, and hacking campaigns to shape the political landscape in former Soviet states and elsewhere in Europe frequently over the last decade.”
But would they attempt to infiltrate the US e-voting machines and system in order to influence the actual voting outcomes? It’s possible. Is it likely, though? That’s up for debate.
It’s not that they – or anyone else – couldn’t. Since late August, the Institute for Critical Infrastructure Technology has been publishing analyses about the ease of hacking voting machines, interfering with campaigns, stealing data, and so on.
Andrew Appel, a professor with Princeton University’s Computer Science Department, has also recently published a rundown of some of the electronic voting machines used in the US, and their vulnerability to hacking.
While some of them can be hacked through the Internet, all can be hacked by attackers with physical access to them, and only a few allow for the possibility of an audit or recount of (paper) votes in order to check for possible interference.
Generally, security experts have been warning for years about the “hackability” of electronic voting machines, with few positive results. As with any other technology so far, security is still in the back seat, even though there is confirmation that tamperings with electoral systems has already been happening.
US Congressman Hank Johnson is currently trying to minimize this risk, by introducing two bills for the US Senate to vote on:
- The “Election Infrastructure and Security Promotion Act of 2016”, which would make voting systems part of the country’s critical infrastructure. The bill would require the Department of Homeland Security to protect it, and would promote the development of security standards and innovative security solutions.
- The “Election Integrity Act” that (among other things) would limit the purchase of any new voting systems that do not provide durable voter-verified paper ballots, and enable verifiable manual audits of federal elections.
These bills will surely not be voted into law before these presidential elections, but it’s good to see that some legislators are taking the threat seriously.