Day 6

U.S. voting machines are way too vulnerable to hacking

This week, the FBI accused Russian authorities of hacking Hillary Clinton's campaign manager. Also hacked was a voting machine contractor in Florida. That's the one Rice University computer scientist Dan Wallach is worried about. For years, he's been warning that U.S. election voting machines are highly hackable and putting the entire voting system at risk.
U.S. Republican presidential nominee Donald Trump encourages Russians to "find" Hillary Clinton's emails at a campaign event in July 27, 2016. (Carlo Allegri/REUTERS)

by Brent Bambury (@notrexmurphy)

In 2014, as Ukraine prepared for a crucial vote to decide the Presidency, government cyber experts found Russian hackers had breached its election computing infrastructure.

The hackers knocked out the entire system that tallied the votes. The attack was detected and repaired, but then, just as the vote results were about to roll out, a virus was found that would have called the election for radical nationalist Dmytro Yarosh.

In reality, Dmytro Yarosh received 0.7% of the vote.  The virus would have forced the election software to declare him the winner with 37% to Petro Poroshenko's 29%. One Russian media outlet reported those numbers anyway.

Poroshenko won the election by a wide margin, but it was a narrow victory over the hackers.


Hackers look to the west

When Dan Wallach testified before the U.S. House Committee on protecting the 2016 U.S. Presidential election, he cited the Russian attack in Ukraine as a precedent and a warning.

"Like the Ukrainians in 2014," he said, "we face similar vulnerabilities today."

Dan Wallach, a Professor of Computer Science at Rice University, says he's been warning that U.S. election voting machines are highly hackable and putting the entire voting system at risk. (Photo provided by Dan Wallach)

Dan Wallach is a computer security expert at Rice University who specializes in electronic voting systems. For years, Dan and a group of computer science colleagues have been raising the alarm about the hackability of U.S. electronic voting machines.  

They say it's been a problem for years. But this year is different.

It's unfortunately easy to compromise the machines to tamper with the votes. Dan Wallach, Rice University

U.S. security experts and the F.B.I. believe Russian actors are behind last summer's hack on the Democratic National Committee, as well as the hacked e-mails from the Clinton campaign published by Wikileaks a week ago.

"A foreign nation state appears to have a strong interest in the outcome of our election," Dan Wallach told me on CBC Day 6. "And as a security engineer researcher I see it as my obligation to do my best to prevent that."


Paper comes back

The touch screen voting machines that Wallach and his colleagues have been flagging are still in use, but they are in decline.  Reports of lost votes and long lines at the polls eroded the public's trust in the technology.

"All of the touch screen voting machines that are in use today in the U.S. were analyzed about a decade ago in state commission studies in California, Ohio and Florida," Wallach says.  "And what we found then is still true today … these machines have unacceptable security."

COLUMBIA, SC - FEBRUARY 27, 2016: Poll worker Mary Ellison prepares a voting machine at the Prince Hall Masonic Lodge during the South Carolina Democratic Presidential Primary. (Sean Rayford/Getty Images)

"It's unfortunately easy to compromise the machines to tamper with the votes," Wallach says.

I asked him if they are more vulnerable than a personal smartphone.

"The issue," he said, "is comparing voting machines to paper, right?  It's incredibly difficult for a hacker on the other side of the planet to change a piece of printed paper."

A printed ballot in lieu of a purely electronic transaction could make the difference between an attempt to steal the election and a full scale theft.

Wallach has been involved in designing voting machines that have both an electronic interface and a printed tally, which would help officials reconstruct a vote if the poll were compromised.


Databases are vulnerable

But even if voting were done exclusively with paper and pencils, a malicious attack could still disenfranchise millions.

"The top of my concerns is that the voters show up at the polls and their names aren't in the voter registration system," says Wallach.

He says hackers could create chaos by removing groups of voters from the database, targeting them using the same demographics as social scientists.

"Somebody from overseas can do the same thing. They can say, people in this neighborhood are likely to vote this way, people in that neighborhood are likely to vote that way. Let's remove just these people from the rolls and that could create long lines and a giant mess trying to disentangle it on Election Day."

Wallach says the threat of destabilization is galvanizing to all Americans.

"The notion that it's not a hypothetical security problem but rather it's something that is being actively attacked by a foreign adversary -- no matter what your partisanship, no matter who you prefer for President, you want the next American President to be elected by the American people."

"And that's the one thing I hope every American can agree on."