Do we have a voting system we can trust, that is accurate, secure and just? This question, raised by the 2016 multi-state recount effort, is roaring back at us louder than ever after the Intercept’s publication last week of a leaked National Security Agency report documenting with unprecedented detail a hacking scheme targeting components of the U.S. voting system.
The NSA report shows how the hack first used a spear phishing attack in August on the employees of a company producing voter registration software. Information from that hack was then used in a second phishing email about a week before the election targeting over 100 government employees, presumably local election officials, as the Intercept put it, to “trick [them] into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.”
Not stated in the report is the fact that infected computers of local elections officials could potentially yield passwords enabling the attack to spread to the full spectrum of election systems under control of those officials. That includes everything from voter rolls to voting machines to vote tabulating and reporting.
Some cybersecurity experts presume the hack was exploratory rather than an actual attack, given the short time until the election. Still, this remains unproven, and the leaked NSA report raises disturbing questions. In particular, how far did this particular hack penetrate into the election system? Were there other successful hacks into the 2016 election? And can we trust our election results going forward?
Today’s voting system is a sprawling network of hardware, software and local election officials that integrate voter registration, electronic voting, tabulating vote totals, and reporting these results to precinct, county, state and national centers that compile final vote results.
As voting-security expert Alex Halderman stated in the Intercept article, “I would worry about whether an attacker who could compromise the poll book vendor might be able to use software updates ... to also infect the election management system that programs the voting machines themselves. Once you do that, you can cause the voting machine to create fraudulent counts.”
The bottom line is this: The voting machines and software must be examined in order to conclude that the vote has not been hacked, and to protect our elections going forward. This was the demand made by the 2016 recount effort. The imperative to do so now is stronger than ever. In fact, the universe of investigation should be expanded, based on this report, to include hardware and software involved in vote tabulation and reporting, as well as voting machines themselves.
The integrity of our elections is paramount. The issue transcends partisan politics. We are all harmed by corruption of our elections and the cynicism it breeds, contributing to the loss of confidence in our political system expressed by 90 percent of Americans according to an AP/NORC poll last year. Hacking is just one part of the problem. Elections are likewise degraded by racially-biased voter suppression, the control of big money and big media over our elections, the suppression of independent and third party voices in debates and media and more. A vote we can believe in is the bedrock foundation of a functioning democracy, as Judge Mark Goldsmith noted in the initial ruling to proceed with the Michigan recount. That bedrock has gone missing.
The urgent need to respond to the NSA revelations of election hacking must not be lost beneath the outrage and political controversy over alleged Russian responsibility for the attack. Fortunately, we don't need to settle the debate over who hacked into our election system in order to proceed urgently to safeguard our elections. In fact, we must protect our elections from all potential interference, whether from foreign state actors, domestic political partisans, gangster networks, lone wolves or private corporations, including companies who control the voting software.
In any event, identifying and “punishing” the perpetrator/s will not make our future votes secure. Truly solving the problem of hacking may well require the resumption of a long-stalled effort to create an international treaty on cyberwarfare. Perhaps, as Microsoft President Brad Smith suggests, it’s time for a Geneva Convention on Cybersecurity.
In the meantime, future, and no doubt current, hacking into our election system can and must be stopped by adopting common sense safeguards long advocated by the election integrity movement and advanced by the recount effort. We must end the use of hack-friendly, error-prone electronic voting machines, and revert to hand-marked paper ballots, ideally counted by hand or by optical scanners carefully monitored by cross-checking against paper ballots (a process known as “statistical audits”). Hand recounts of the paper ballots should be readily available whenever elections are very close, or when legitimate concerns are raised about hacking, corruption or error at any level of the system. These safeguards must be in place in time to secure the 2018 elections.
A vote we can trust must not only be accurate and secure. It must also be just and true to the promise of democracy. That means we must guarantee the unimpeded right to vote and end racist voter suppression schemes that cost millions of Americans the right to vote, including voter ID laws, felon disenfranchisement, and Interstate Crosscheck. It means ending discrimination against alternative parties and independents in getting on the ballot, in the debates and in the media. It means getting big money out of our elections, and enacting improved voting systems like ranked choice voting and proportional representation that give voters the freedom to vote their values instead of their fears. Fixing our broken, unjust election system is no less urgent than fixing hackable electronic voting.
In this age of unprecedented converging crises of our economy, ecology, peace and democracy, we cannot wait to build the America we deserve. To do so, we need a voting system we can trust.
Dr. Stein was the 2016 Green Party Presidential candidate who initiated a multi-state recount effort backed by leading election integrity experts, largely due to concerns about the security of our voting system that are extremely topical in light of recent revelations.