Leah Binkovitz | @leahbink | December 1, 2016
For months, there’s been speculation about the integrity of our system of elections.
Thursday, Wisconsin began its recount, paid for by Green Party presidential candidate Jill Stein. Recount petitions were also filed in Michigan and Pennsylvania.
That development comes after President-Elect Donald Trump alleged without evidence that “millions” of people voted illegally in the election.
Amid the controversy, a Rice University professor is hoping to alert lawmakers and the public to what he and other experts describe as vulnerabilities in the election system.
Computer science professor and cyber security expert Dan Wallach is on retainer as an expert witness for Stein’s recount push and has provided two affidavits as part of that process. He testified earlier this year at Congressional committee hearing where he warned lawmakers about the threats to election security. Our elections, he told the committee, “face credible cyber threats from our nation-state adversaries.”
Other panelists joining him in September, though, were less concerned about security threats to the election.
Wallach’s prominence this year as an elections security expert follows an unusual election cycle that’s been rife with controversy. In the run-up to the election, both the Illinois and Arizona voter registration databases were targeted by hackers. Though only in Illinois were the hackers successful in retrieving data, according to the Washington Post, it was the first time a state voter database had been hacked. Officials pointed to Russia as the source of the attacks.
Then in October, the federal government said Russia was also behind the hacking of the Democratic National Committee emails. “The unique aspect is the pre-election discussion of foreign nation state cyber activity,” Wallach said in an interview with Urban Edge Thursday. “The finger was pointed, in some cases implicitly and some explicitly, at Russia. That’s new.”
Even if Stein’s recount effort doesn’t uncover any signs of hacking, Wallach said, “We should treat these events as a warning.”
Others election experts, including David Becker, the executive director of the Center for Election Innovation and Research, have expressed more optimism about election integrity, citing the decentralized nature of elections and the fact that voters typically cast ballots by paper or on machines that aren’t even connected to the Internet.
But that still leaves a lot of vulnerabilities, according to Wallach, including threats to the voter registration databases, which are online. And he said, even if not hooked up to the Internet, voting and tabulation machines are still susceptible to attacks. “These tabulation machines tend to just be Windows computers,” he said. “‘Not connected to the Internet’ often translates to ‘Oh, well, we’re behind a firewall.’ That’s meaningless to a nation-state attacker.”
As part of a 2007 study of California voting machines, Wallach said he and other experts found “ways of engineering viruses that could spread from one voting machine to another,” even without using the Internet. Instead, the hacker could inject malware tot he devices at a particularly vulnerable time, like the pre-election ballot programming, which would then be transferred to the machines. “You don’t need the Internet,” said Wallach, “the old ways still work.”
The recount in Wisconsin is already underway, but Stein’s efforts to push for a recount in Michigan and Pennsylvania, where the margin of victory ranged from 10,700 to more than 70,000, are ongoing.
But Wallach said even without concerns about potential anomalies cited by Stein — such as large numbers of blank presidential ballots — the attacks before the election alone are enough to warrant a closer look at the results. “The statistics are secondary to the primary data, which is that the Russians have been documented as having tried to manipulate our election,” he said. “Do I believe there’s been hacking? Not yet, nor do I believe that any theory of hacking has been roundly disproven. We simply don’t know.”
Then there’s the ongoing need to update voting technology and systems across the board, he said, pointing to a new effort underway in Travis County in Texas as well as Los Angeles County in California with hybrid voting machines with electronic interfaces and paper ballots. The paper ballot or paper receipt is one of the things experts recommend to make voting more secure.
Critics say Pennsylvania, for example, is particularly vulnerable since so many of its voting machines do not create a paper record. Others have called more extensive audits after elections, not just this one. “‘Brush your teeth. Eat your spinach. Audit your elections,” Ron Rivest, a computer science professor at the Massachusetts Institute for Technology told Wired.
“If history is any guide,” said Wallach, “when elections go horribly wrong, then we get off our duff and fix the problem.”
He cited the 2002 federal legislation — following the punchcard ballot issues in Florida in 2000 — that allocated funding to update voting systems. But, he said, governments replaced old, bad technology with new, bad technology.
“Perhaps the issues in this election will be the forcing function that retire the current generation of voter machines and replace them with better ones,” he said.