Vulnerable votes: rigging, disruption
Flawed technology could open the door to election fraud
allentown, pa.» Jill Stein’s bid to recount votes in Pennsylvania was in trouble even before a federal judge shot it down Dec. 12. That’s because the Green Party candidate’s effort stood little chance of detecting potential fraud or error in the vote — there was basically nothing to recount.
Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count.
More than 80 percent of Pennsylvanians who voted Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. VotePA’s Marybeth Kuznik described the proposed recount this way: “You go to the computer and you say, ‘OK, computer, you counted this a week and a half ago. Were you right the first time?’”
These paperless digital voting machines, used by roughly one in five U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected.
Their prevalence also magnifies other risks in the election system, simply because error or fraud is harder to catch when vote counts can’t be verified. And like other voting machines adopted since the 2000 election, the paperless systems are nearing the end of their useful life — yet there is no comprehensive plan to replace them.
“If I were going to hack this election, I would go for the paperless machines because they are so hard to check,” said Barbara Simons, the co-author of “Broken Ballots,” a study of flawed U.S. voting technology.
Stein described her recount effort as a way to ensure that the 2016 election wasn’t tainted by hacking or fraud. There’s no evidence of either so far — a fact federal judge Paul Diamond cited prominently in his decision halting the Pennsylvania recount .
Stein pursued similar recounts in Wisconsin and Michigan, to little avail. Those states use more-reliable paper-based voting technologies. (The Electoral College certified Donald Trump’s presidential victory last week.)
But a cadre of computer scientists from major universities backed Stein’s recounts to underscore the vulnerability of U.S. elections. These researchers have successfully hacked e-voting machines for more than a decade in tests commissioned by New York, California, Ohio and other states.
Some researchers would like to see the U.S. move entirely to computer-scannable paper ballots, because paper can’t be hacked.
The U.S. voting system — a loosely regulated, locally managed patchwork of more than 3,000 jurisdictions overseen by the states — employs more than two dozen types of machinery from 15 manufacturers. Elections officials across the nation say they take great care to secure their machines from tampering. They are locked away when not in use and sealed to prevent tampering.
All of that makes national elections very difficult to steal without getting caught.
But difficult is not impossible. Wallach and his colleagues believe a crafty team of pros could strike surgically, focusing on select counties in a few battleground states where “a small nudge might be decisive,” he said.
Most voting machines in the U.S. are at or near the end of their expected lifespans. Forty-three states use machines more than a decade old. Most run on vintage operating systems such as Windows 2000 that predate the iPhone and are no longer updated with security patches.
Voting machines sit in Philadelphia in October, waiting to be used in the presidential election. Pennsylvania’s antiquated voting machines store votes electronically, without paper-based backups.