Hack the Vote 2016: Assessing the Potential for Considerable Political Chaos

Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos.

By David Goldstein, McClatchy Washington Bureau / September 7, 2016

(TNS) — WASHINGTON — Is it time to panic about Election Day?

Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure.

“My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines following the disputed 2000 presidential election.

Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos.

Consider these developments:

—The FBI issued a “flash” alert this summer to state election officials that foreign hackers had breached the election systems in two states, Arizona and Illinois. Arizona shut down its network for a week.

—The Washington Post reported that intelligence and law enforcement officials are looking into a secret, widespread effort by Russia to undermine public trust in the U.S. presidential election and in the country’s political institutions. The newspaper said Senate Minority Leader Harry Reid, D-Nev., was “deeply shaken” following a briefing about the investigation by a top official in the intelligence community.

—Homeland Security Secretary Jeh Johnson suggested that the nation’s election system, an uneven mosaic of 50 state-operated fiefdoms, should be viewed like the national power grid, part of the country’s “critical infrastructure.”

—Johnson volunteered his agency’s help by offering to inspect state election systems for holes hackers could crawl through. Several states have taken up his offer. Others — such as Georgia, which has voted Republican in every presidential election since 1996 but where polls now show the race between Democrat Hillary Clinton and Republican Donald Trump tied — have spurned it.

Georgia uses older voting machines that don’t automatically produce ballot paper trails, which many election security experts think is a must-have feature.

In an email to the website NextGov, Georgia Secretary of State Brian Kemp labeled Johnson’s offer “a vast federal overreach” and an effort toward “federalizing the election under the guise of security.”

“Adding layers of communication and coordination and perhaps decision-making may not only not help, it may actually hurt the integrity of the election by slowing it down,” explained Merle King, executive director of the Center for Election Systems at Kennesaw State University in Georgia, which provides technical support to the state.

Meanwhile, more than half of registered voters in a Pew Research Center poll last month expressed at least some degree of concern that their votes would not be counted accurately.

And then there’s Trump, who has stoked the us-vs.-them suspicions of his core supporters by suggesting that if he loses, it’s because the election could be “rigged.”

Nervousness over the apparatus by which the next president will be chosen seemed inevitable. Computer security experts have long expressed concerns about the vulnerabilities of state voter registration rolls and the frailties of older voting machines.

“Flipped votes, freezes, shutdowns, long lines and in the worst-case scenarios, lost votes and erroneous tallies,” is how a report last year, “America’s Voting Machines At Risk,” described the recurring problems of older machines. It was written by the Brennan Center for Justice, a nonpartisan public policy and legal research center at the New York University School of Law.

The Arizona voter-system hack apparently compromised neither the voter registration database nor any machines, but it did steal the password and user name of an election official. Still, it sounded alarms.

“It says this is not theoretical,” said Pamela Smith, the president of the Verified Voting Foundation, a nonpartisan, nonprofit advocacy group for election accuracy and accountability.

Indeed, simmering concerns over the machines have collided with the new age of hacking — by foreign powers, collectives like Anonymous and WikiLeaks or lone wolves. Intelligence experts have said the Arizona election system breach and an earlier hack of emails at the Democratic National Committee have Russian fingerprints on them.

“So the panic is not overblown,” said Matthew Green, an assistant professor at the Johns Hopkins University Information Security Institute who’s an expert in cryptographic engineering. “What’s new right now is not the capability, it’s the motivation. Specifically, the fear that there might be a motivated non-U.S. attacker with an interest in tampering with elections.”

Experts say it would not be that difficult. Forty-two states are using machines that are at least 10 years old, according to Verified Voting. Thirteen states — including Florida, Kentucky, Texas and Washington — are relying on machines at least 15 years old.

Just about every state is using some equipment that is no longer being made, which makes maintenance a struggle, according to the Brennan Center. Replacement parts are hard to find.

In 2015, election authorities hoping to update their equipment represented about 40 million registered voters, according to the Brennan Center report. Put another way, the states they lived in composed 387 electoral votes out of a total of 538.

“I’ve been feeling like a long-tailed cat in a roomful of rocking chairs,” said Smith of Verified Voting. “We obviously have been raising the issue that you need a verifiable voting system for years. Now things are getting better. Generally states have been moving toward paper ballots. All of that’s an improvement.”

Call it back to the future.

Paper ballots had been the go-to choice until the Florida ballot meltdown in the 2000 presidential election over “hanging chads,” which left the outcome in limbo for a month until the U.S. Supreme Court weighed in.

With $3 billion in federal aid to make sure that never happened again, states were urged to switch to electronic machines. But digital records alone are easily penetrated by skilled hackers. Meanwhile, internet voting — which is gaining followers in election circles because of its ease and because so much of daily life, from banking to buying a car, can be done online — causes security experts to blanch.

It’s already an option in more than 30 states, though largely for voters overseas or in the military.

“There are so many things that are difficult about computer security in general, and internet voting is the worst,” said Green of Johns Hopkins, who also works as a private computer-security consultant. “The computer is a haven for all kinds of malware. Someone can make it vote for anyone they want.”

Perhaps what worries officials at the Department of Homeland Security and in election offices around the country more is not so much that hackers will cause serious problems on Election Day but that voters think they will. Losing confidence in the system could threaten confidence in the outcome, no matter how legitimate the results.

Worried that its outdated technology might not hold up this year, the Jackson County, Missouri, Election Board, which oversees voting in Kansas City, purchased new optical scanner voting machines, which use computers to scan paper ballots. They produce both paper and electronic trails for verification.

“With recounts, you’ve got a piece of paper you can show the parties involved: ‘This is how it went,’” said Robert Nichols Jr., a director of the board. “The voter’s mark is the voter’s mark. That gives me a little more comfort.”

 

©2016 McClatchy Washington Bureau. Distributed by Tribune Content Agency, LLC.