Hacking The American Election System: Getting It Right

In every area of life, but especially in the overlapping realms of technology, science, and health, misunderstanding how things work can be widespread, and that misunderstanding can lead to problems.

In the area of voting, the main problem seems to be the expenditure of great amounts of outrage and concern over things that are not real. At the same time this happens, things that are real matter a great deal.

I’ll give you one example. Remember the special election for the Congressional Representative for Georgia’s 6th district, earlier this year? Several media outlets reported “voting machines stolen,” which, in turn, caused great outrage and concern on The Internet because, well, voting machines had been stolen.

Now, pause for a moment and think what this means. What does it mean to have voting machines stolen? What is a voting machine? What would you do about voting machines being stolen? How might you try to solve the problem of voting machines being stolen just before an election was happening (like,the day before)? How might this affect the election? Who likely did it? How would you find them and what would you do to them?

I hope you did not spend a lot of time on those questions because if you did, you probably wasted it (unless you already know about the Cobb County Georgia story).

A voting machine is a machine that sits there in a polling place, and that voters use when they vote, to cast their ballot. Right?

The “voting machines” that were stolen in Georgia were not that. Not even a little.

When you go to vote, depending on what state you are voting in, you sign in, and they check off your name, or verify your existence, or something. This involves paper and pen, books and lists, whatever.

However, in at least some polling locations in Georgia and elsewhere, instead of pen and paper and lists and stuff, they have a turn-key device which is something like a laptop, and on it are the voter rolls for that voting location. The election officials can find your name and check off that you voted, etc. using this computer rather than a big bound stack of paper with voter names and addresses on it.

That is NOT a voting machine. It was the device stolen in Georgia.

It is not good that a device with this information on it was stolen. The election officials simply used printouts, and went old style, but that is inconvenient. The data on the machine is secure and in theory can not be obtained by a thief who took the device. It would be of some but not much value.

Also, this machine was not stolen by a Putin or Trump stooge or some vote-repressing Republican. It was stolen by some 18 year old kid who thought he had copped a laptop. He was caught.

Election hacking is one of our number one problems

In the above outlined example, there was great outrage and concern when the “voting machine” was stolen, but there was very little mention of the fact that a voting machine was not actually stolen. However, I’m sure a lot of people added this to their list of things that are wrong with our election system, and now feel that the Georgia elections, generally, are untrustworthy because, well, they have voting machines that are stolen!

And that is a huge waste of great outrage and concern, because, in fact, the prospect that we have had elections hacked in the past or could have them hacked in the future is of great concern and we must address it. So, wasting great outrage and concern on things that are not real is problematic.

This example has been repeated, in one way or another, over and over again. A vague or inaccurately reported story about an event that may or many not have happened spreads and substantially increases the degree to which American voters believe that our system is already hacked beyond repair, and distracts people from engaging in properly focused policy discussions about threats that are real and matter. And there are threats that are real and matter.

Today DEFCON conference will release a report of an experiment they carried out several weeks ago. This is a hacker organization that is interested in security. They created a “voting village” for hackers, with represntative machines of various kinds, but I assume mostly or all actual voting machines, and let the hackers try to hack them.

Preliminary reports suggest that hackers got into the voting machines with wireless connections and controlled them. But, did they actually get into actual voting machines using a method that would work when they are turned on and functioning, and control actual parts of the voting machine? Or did they hack into something that isn’t really a voting machine, or into a machine that does not have wireless access but somehow they added that, and did they really get to the guts of the machine?

The reason I ask these questions is that I simply do not trust even a tiny bit any of the secondary reporting or information on this. All a business reporter or political commenter needs to do is to string together a few words like “voting machine” and “hack” and “access” in a few paragraphs to generate the Great Outrage and Concern. Those words may have nothing to do with anything that we need to actually be concerned about.

A bear can turn over a log to get at a grub. A woodpecker can fly through the forest at 40 miles per hour. Fungus can eat a pile of wood, digesting it in place. This does not mean that if you build a house in the woods it will be disassembled, transported a great distance away, and consumed by the wildlife. Thinking that would require a level of conspiratorial ideation that, well, we actually see out there in the cultural human wild. Somebody can steal a voter database laptop out of a car in Georgia, access the bluetooth upgrade circuit of a voting machine in Illinois that is automatically turned off during voting, and somebody in Arizona can convert the Secretary of State’s voting result web site into a porn site. That does not mean that the voting system has been hacked or that a single vote has been changed or falsely cast.

It is very important to get this right.

In my view, everyone should vote like they do in Minnesota. We use paper ballots, and when we need a recount, we can use those ballots. they are counted by machines (which are not voting machines, they are paper ballot counters) but there are ways to see if the count is legit. A certain random percentage of piles of ballots are checked by hand in an audit that happens no matter what. A recount is automatic if the vote is closer than a certain amount. If there are suspicions, there can be a recount otherwise. And, all citizens can vote if they simply show up, though if you are not on the list you have to prove yourself, which is not hard. Another person on the voter roll can simply vouch for you, on paper, right there, and you can vote.

(We also have among the highest turnout rates of any state.)

The point of all this: Look at the report coming out critically and carefully and learn what there is to be learned from it. Do not take bits and pieces and innuendo and uncertainties from it (and here and there from elsewhere) and from that create a construct of conspiratorial thinking that does damage and helps not at all.

Share and Enjoy:
  • Twitter
  • StumbleUpon
  • Facebook
  • Digg
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • LinkedIn

9 thoughts on “Hacking The American Election System: Getting It Right

  1. I completely agree with your points Greg.

    Having some form of paper backup is critical, or how would we even know if a voting machine or precinct was hacked?

    So we need to prevent hacking, ensure that if there is hacking it can be caught and ensure that an after the fact audit can detect hacking.

    Paper backup provides the answer to all of these issues.

    Even if we transition to voting by phone (someday), a copy of the vote should be sent to the voter and to the voter’s princinct. That way you have a backup of the vote (although you lose anonymity).

  2. Right, any kind of mechanistic voting can actually be used to create the paper ballot which can later be confirmed or inspected.

  3. The voting system that uses the same system as standardized tests makes sense. I.E. you are given a 8.5×11 paper ballot with names and bubbles to be filled in. You select the folks you want to vote for and fill in the circles by their names. Besides the paper trail this provides and the ability if need to count by hand. There is another important feature, if you need more voting positions it just takes a table some chairs This does and a cardboard screen and a pen/pencil to add a place, i.e. very low investment. This means that it is easy to have extra voting positions on hand to set up quickly, (set up the table and chairs and lay out the shields and pens) Another very nice thing about this system is the absentee ballot is identical to the one voted in person.
    Of course this is a low tech system so of course no good. Not for handicapped you could have a fancy machine that fills in the form if desired.

  4. Lyle, Minnesota uses the bubbbles. Some places, maybe even Minnesota sometimes, also uses the “connect the two lines” method. Typically, an arrow broken in the middle, and you make the arrow, pointing to your vote, whole by connecting the two ends with a black line.

  5. I think they could expose voter fraud very easily.

    When you get your voter registration in the mail have it come with a pass code. After you vote and all votes are tallied then ask people to log into a site that can access the votes and type in their info and pass code and verify that what is recorded is what they actually voted. If it is not trace back the baker trail.

    Simple.

  6. @ Greg and Lyle

    Agree completely. A paper ballot, marked by the voter and optically scanned, with the original saved for electronic or manual recount, is cheap, fast, reliable, secure and low-tech. To further increase security and the ability to audit the count of used/unused voting forms, polling station ballots could be sequentially (or at least uniquely) numbered, though not tied to the voters they are randomly handed out to.

    The focus of some states on elaborate, costly and insecure electronic voting is either deeply stupid or deeply suspicious.

  7. @ Dirk

    Simple idea, but with a fatal flaw. If your candidate loses, and you are the type of ultrapartisan voter concerned only with the ends and not the means, what easier means to cast an election’s legitimacy into doubt than by thousands of false claims that your votes were wrongly recorded?

    Don’t forget that one party has been systematically attempting (and often succeeding) in disenfranchising millions of American citizens while making absurdly false claims of systematic electoral fraud via ineligible voters. (If that party excels at only one thing, it’s projection.) Consider not just the uses of a new tool, but how it will be abused as well.

  8. I know one of the people at the Defcon. I’ll see if I can get a report from him.

    All of these electronic machines came about because of Bush v Gore and hanging chads. It was pretty obvious at the time that this was a ridiculous idea, but the reformers and computer folks wouldn’t have it. People then said ATM’s don’t make mistakes, so why can’t we have voting machines like that? The premise is likely flawed, but then people drove out the leading ATM maker from the market for election machines(Diebold). On top of that, there is the need to maintain a secret ballot, so you can’t get a receipt for your vote.

  9. This is a subject that I have given a lot of thought to and as MikeN mentions the fad for touchscreen machines came about because of the fiasco in Florida. I really wondered about HAVA at the time and its seeming love for high-tech and I still have a lot of concern. Security, reliability, lack of a paper trail, etc. etc. But my greatest concern about electronic voting machines is voter suppression.

    Why voter suppression? Those specialized touchscreen voting machines are expensive: between $2500 and $3000 according to the Pew Trusts. This provides a perfect excuse to limit the number of polling places as well as the number of machines at each polling place. The result? Long lines. You may have noticed that reporting of long lines has dominated the last few presidential elections, even when ultimate turnout was lower than normal. This is probably the main reason for those reports. But states which have a bent towards suppression have a tendency to strategic deployment — more in rich white areas and fewer in poor minority areas. This is probably the biggest problem with this technology and certainly has had the biggest impact on our elections.

    There is an alternative to this though. It may be low tech, but it works, is reliable and has fewer security problems: Scantron ballots. Have long lines? Put up a few more security shields, they’re cheap. Want fast counts? Programmable scanning machines allow a fast count. Questions about the machine count? An audit against the ballots counted by that machine is quick and easy — you don’t have to do a full recount, just a statistical sample. Everyone under the age of death has filled out one of these things at some point in their lives, so everyone knows what to do. Most state laws allow a voter to have an someone (or their choice) help them fill out the ballot. And the best thing? An election based on Scantron ballots CANNOT BE HACKED.

    So: cheap, everyone knows how to use them, secure, fast returns. What’s not to love?

Leave a Reply

Your email address will not be published.