Why do our officials keep sayingthat our voting systems are secure?


(“Hacking a national election in the United States would be, well, shockingly easy.”

U MI Computer Science Professor Alex Halderman, testifying to Congress, July 2017.

Russia's at it again, targeting our 2018 election.  In response, 100 computer science and statistics experts have urged us to switch to paper ballots only, and to implement robust post-election audits.  So why are politicians offering false assurances that hackers haven't, and won't, alter the outcome of our elections?[3]  They can, and if we do nothing, they will.

This page looks at what happens once voters cast their ballots.  It has 3 parts: an overview, a detailed explanation of problems, and a link to a page with solutions.  We'll soon have a fourth page detailing opportunities to help implement them.


The Big Picture

Our 2018 elections are at risk of being stolen, both by hostile foreign powers and by corrupt insiders hoping to overrule the choices of American voters.

All voting machines can be hacked, because at some point, all connect to the internet.  All tabulation systems do, too.

Fourteen states, including key swing states, use paperless machines that leave no trace of a voter's intention, that can be verified.  Machines that print a paper record, but don't use paper ballots, are almost as bad.

Despite what many officials claim, counting systems aren't decentralized, and they aren't secure.   And many states also use machines that are over 10 years old, sourcing parts from eBay when they break.  Yikes!

All voting machines can be hacked.

All voting machines can be hacked, even if they're not directly connected to the internet, because at some point in the elections process, they will be.  
DREs are touchscreen machines that leave no trace of a voter's intention.
Op-scans, machines that optically scan paper ballots, aren't much better.

Before the election: All machines receive race-specific programming prior to elections, from memory cards.  These come  from computers connected to the internet.  If tainted, these memory cards can serve as dirty needles.  

After the election: Precinct results are sent to central tabulators, often via vulnerable local networks.  Central tabulators then send results, over the internet, to election night reporting systems.

What all this adds up to: easy access for internet hacking.  

So are the systems that count and tabulate the votes.

Electronic tallies can be altered by corrupt insiders who own, or manage, voting machines or memory cards.  [10] 

A direct-recording electronic (DRE) voting machine records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter ); that processes data by means of a computer program; and that records voting data and ballot images in memory components

DREs can be hacked with vote-stealing programs in seven minutes, with a screwdriver and a memory card.  [11] 

Hackers at the 2017 DefCon Hacking Conference hacked into every piece of voting equipment they acquired. Then watch the hackers at the 2017 Def Con Hacking Conference hack into every piece of voting equipment they acquired.  [13]

Optical scanners also use memory cards that can be programmed to add, subtract, or shift votes.[12] 

We can't check our machines to ensure they function with integrity. 

Vendors are not transparent.  Taxpayer money often buys election equipment from vendors with close past and/or present ties to such eyebrow-raising individuals and entities as: a foreign dictator thought to have rigged his own election, a sophisticated cyber-felon, U.S. politicians, and the far-right Council for National Policy.[33] These vendors use the proprietary nature of their code and hardware to successfully block forensic examinations of their taxpayer-funded systems.[34] Thus, no memory card in any U.S. election has ever been subject to inspection for hacking or malicious programming.

Systems are not decentralized.

Systems are not decentralized. The claim that voting systems are “decentralized” is often used to provide reassurance that widespread, systemic meddling is not possible. However, just two voting machine vendors account for more than 80 percent of U.S. voting equipment.[14] And the computers used to program the voting machines before each election are themselves centralized at the state or county level.[15] In some states, a single third-party vendor may perform the programming for most or all voting machines in the state.[16]

Fourteen states use paperless machines
that leave no trace whatsoever.

The only way to verify whether an election has been hacked is to compare the electronic tally to the paper ballots.[17] 

  • While electronic tallies from optical scanners can be verified (because optical scanners count paper ballots), tallies from paperless DREs are unverifiable.
  • The following five states exclusively use such paperless machines: Georgia, New Jersey, Louisiana, South Carolina, and Delaware.[18] 
  • Another nine states — including the swing states of Florida and Pennsylvania — include at least some counties with paperless machines.[19]
  • After the 2016 election, the state of Virginia made the decision to discard their DREs in favor of paper ballots.[20]

Ballot Marking Devices (“BMDs”) are poised to follow in the dangerous path of DREs.

BMDs are assistive “electronic pencils” that generate computer-marked paper ballots, which are then counted on optical scanners like hand-marked ballots. As with DREs, voters may never actually review the ballots for accuracy. BMDs have been promoted for voters who are unable to hand mark ballots. But some states plan to buy them for all voters, regardless of need,[26] adding an unnecessary extra layer of vulnerable electronics to our already vulnerable elections.

Our recounts and audits don't work.

States rarely conduct manual recounts, even in close elections.  Though hand recounts are possible with paper ballots, states rarely allow them.[27] Most require a hand recount only if the margin of victory is less than a small percent.[28] From a rigger’s standpoint, this simply serves as an invitation to shift enough votes to exceed the margin at which a recount is mandatory.  Antiquated recount laws, and courts, rarely allow a meaningful hand count, even when margin is exceeded.[29] The cost for elective recounts, where allowed, is often prohibitive.

Manual audit laws are absent and/or inadequate. States could address the manual recount problem by enacting laws requiring statistically meaningful manual audits after every election, with full hand recounts in the rare situations where audit results warrant them. But experts have determined that only a few states conduct audits that are anywhere close to sufficient to detect electronic tampering.[30]

Election Officials can manipulate practices to their party's advantage.

Our Secretaries of State can compete in elections while also controlling the election systems.  This means they can manipulate the election system in all sorts of ways that favor their candidacy. 

Some election officials destroy ballot images. Most optical scanners used today produce digital images of the ballots as they count them.[31] These images are public records, but some election officials destroy them.[32]