Why do our officials keep telling us that our voting systems are secure?


“Hacking a national election in the United States would be, well, shockingly easy.”

U MI Computer Science Professor Alex Halderman, testifying to Congress, July 2017.

Why do our officials keep telling us that our voting systems are secure, and that the most important thing is that we trust in the integrity of our elections?

We think what’s most important is that we acknowledge that we’re not, and work to ensure that eveyr citizen’s vote is securely, and accurately counted.

The Big Picture

Our officials keep telling us that the most important thing is trust in our elections. We think what’s most important is that we verify that their counting methods are accurate, secure and fair.

The reality: all touchscreen voting machines can be hacked, because at some point, either in programming, or in tabulation, all connect to the internet. Some connect wirelessly with modems their manufacturers dishonestly claimed weren’t there, until they were forced to admit that they were. All tabulation systems, including optical scanners, can be hacked, too.

Fourteen states, including key swing states, use paperless machines that leave no trace of a voter's intention.  Machines that print a paper record, but don't use paper ballots, are just as bad, for three reasons: half of all voters don’t look at the receipt; those who do look at it for fewer than 4 seconds; and the machines themselves can be hacked to reflect voter intention on the receipt, while counting the opposite result.

Despite what many officials claim, counting systems aren't decentralized, and they aren't secure.   And many states also use machines that are over 10 years old, sourcing parts from eBay when they break.

And one more thing: in some states, the state police guard the ballots at every stage. But many states haven’t put into place a secure chain of custody, which can lead to ballots being stolen, or left unattended in hallways where anyone could mess with them.  

Deep Dive

All voting machines can be hacked.

All voting machines can be hacked, even if they're not directly connected to the internet, because at some point in the elections process, they will be.  
DREs are touchscreen machines that leave no trace of a voter's intention.
Op-scans, machines that optically scan paper ballots, aren't much better.

Before the election: All machines receive race-specific programming prior to elections, from memory cards.  These come  from computers connected to the internet.  If tainted, these memory cards can serve as dirty needles.  

After the election: Precinct results are sent to central tabulators, often via vulnerable local networks.  Central tabulators then send results, over the internet, to election night reporting systems.

What all this adds up to: easy access for internet hacking.  

The systems that count and tabulate the votes are also vulnerable.

Electronic tallies can be altered by corrupt insiders who own, or manage, voting machines or memory cards.  [10] 

A direct-recording electronic (DRE) voting machine records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter ); that processes data by means of a computer program; and that records voting data and ballot images in memory components.

DREs can be hacked with vote-stealing programs in seven minutes, with a screwdriver and a memory card.  [11] 

Hackers at the 2017 DefCon Hacking Conference hacked into every piece of voting equipment they acquired. Then watch the hackers at the 2017 Def Con Hacking Conference hack into every piece of voting equipment they acquired.  [13]

Optical scanners also use memory cards that can be programmed to add, subtract, or shift votes.[12] 

We can't check our machines to ensure they function with integrity. 

Vendors are not transparent.  Taxpayer money often buys election equipment from vendors with close past and/or present ties to such eyebrow-raising individuals and entities as: a foreign dictator thought to have rigged his own election, a sophisticated cyber-felon, U.S. politicians, and the far-right Council for National Policy.[33] These vendors use the proprietary nature of their code and hardware to successfully block forensic examinations of their taxpayer-funded systems.[34] Thus, no memory card in any U.S. election has ever been subject to inspection for hacking or malicious programming.

Systems are not decentralized.

Systems are not decentralized. The claim that voting systems are “decentralized” is often used to provide reassurance that widespread, systemic meddling is not possible. However, just two voting machine vendors account for more than 80 percent of U.S. voting equipment.[14] And the computers used to program the voting machines before each election are themselves centralized at the state or county level.[15] In some states, a single third-party vendor may perform the programming for most or all voting machines in the state.[16]

Fourteen states use paperless machines
that leave no trace whatsoever.

The only way to verify whether an election has been hacked is to compare the electronic tally to the paper ballots.[17] 

  • While electronic tallies from optical scanners can be verified (because optical scanners count paper ballots), tallies from paperless DREs are unverifiable.

  • The following five states exclusively use such paperless machines: Georgia, New Jersey, Louisiana, South Carolina, and Delaware.[18]

  • Another nine states — including the swing states of Florida and Pennsylvania — include at least some counties with paperless machines.[19]

  • After the 2016 election, the state of Virginia made the decision to discard their DREs in favor of paper ballots.[20]

Ballot Marking Devices (“BMDs”) are poised to follow in the dangerous path of DREs.

BMDs are assistive “electronic pencils” that generate computer-marked paper ballots, which are then counted on optical scanners like hand-marked ballots. As with DREs, voters may never actually review the ballots for accuracy. BMDs have been promoted for voters who are unable to hand mark ballots. But some states plan to buy them for all voters, regardless of need,[26] adding an unnecessary extra layer of vulnerable electronics to our already vulnerable elections.

Our recounts and audits don't work.

States rarely conduct manual recounts, even in close elections.  Though hand recounts are possible with paper ballots, states rarely allow them.[27] Most require a hand recount only if the margin of victory is less than a small percent.[28] From a rigger’s standpoint, this simply serves as an invitation to shift enough votes to exceed the margin at which a recount is mandatory.  Antiquated recount laws, and courts, rarely allow a meaningful hand count, even when margin is exceeded.[29] The cost for elective recounts, where allowed, is often prohibitive.

Manual audit laws are absent and/or inadequate. States could address the manual recount problem by enacting laws requiring statistically meaningful manual audits after every election, with full hand recounts in the rare situations where audit results warrant them. But experts have determined that only a few states conduct audits that are anywhere close to sufficient to detect electronic tampering.[30]

Election Officials can manipulate practices to their party's advantage.

Our Secretaries of State can compete in elections while also controlling the election systems.  This means they can manipulate the election system in all sorts of ways that favor their candidacy. 

Some election officials destroy ballot images. Most optical scanners used today produce digital images of the ballots as they count them.[31] These images are public records, but some election officials destroy them.[32]

Scared yet? You should be.