Recently, Homeland Security Secretary Jeh Johnson said the government was considering classifying voting systems part of the nation’s “critical infrastructure,” a designation currently held by systems such as the electric grid and banking networks.
The announcement comes on the heels of reports of a vast infiltration of Democratic Party servers.
“Everything we know about voting machines — electronic ones, computerized ones, is they're not very secure,” says tech security expert Bruce Schneier. “They are not tested, they are not designed rigorously and in many cases there's no way to detect or recover from fraud. So there really is a disaster waiting to happen.”
Aviel Rubin, a professor of computer science at the Johns Hopkins University, agrees.
“Unfortunately, I think the thing that's improved the most in the last 10 years is the sophistication of the hackers and the number of incidents that we see that are occurring daily. If you look at the news you see that ransomware is becoming pretty common,” Rubin says. “The big change that I've seen has been just how sophisticated the hackers are today. And they're sponsored by countries like Russia and China, which is a much more formidable adversary than we had in the past.”
Schneier says the validity of upcoming elections could be threatened.
“My biggest fear is that we wake up on Wednesday and there is some evidence the vote was hacked,” Schneider says. “We don't know for sure, we don't know how, and it's in a state, a precinct that decides something important. And we don't know what to do now.”
Each state in the US has different standards for how it handles voting, and what security measures are used. Rubin says uniform rules are needed.
“If we do establish standards, we have to be careful that the standards are the right standards,” Rubin says. “I think we need to take some care and bring in the experts in the security community to establish the security standards. There is something to be said for the diverse set of voting equipment in different places because it would take a different type of attack to attack each different type of voting system. But that said, it might be better to have a good standard everywhere than to have this hodgepodge of non-standard systems out there like we do today.”
Schneier says there are already good voting systems in place in some states that could be used as examples.
“In Minnesota it's all hand-filled-in,” Schneier says. “We call them optical scan readers — I get a paper ballot, I fill in ovals, I can check it, I know it's correct. I feed it into a machine, the machine checks to make sure I didn't vote incorrectly — I didn't actually vote for two people for the same office — and then that count is done by a computer, and that paper drops into a box that's safe for recount, and that voter verifiable paper trail is what gives us our security and integrity. ... It's a really nice system. Technology exists today and it's a lot more secure than these all-computer systems. ... Things like paper — that can be reviewed if there's a problem. It's one of the tools we know that works.”
With the US presidential election looming, it’s too late to change much this time, but Rubin says there’s still more that can be done.
“Many of the precincts already have their equipment pretty much locked in. They've used them for the primaries and they're not going to be able to change them. But we can increase the amount of auditing that we do and the amount of surveillance and care that we take," Rubin says. "A professor from Berkeley has come up with a technique for reducing the risk of undetectable fraud by performing manual recounts in random spots against machines to make sure that statistically we know that the machines are counting the votes correctly.”