How Secure Is Your Vote?

Some touch-screen voting machines have no paper trail that can be used to verify results
October 12, 2016

Republican presidential candidate Donald Trump has repeatedly called on supporters to “monitor” polling places, warning that massive voter fraud and a rigged election system will hand his opponent, Hillary Clinton, the presidency.

For many Americans who put their trust in the country’s history of fair and open elections, this is nothing more than a science fiction scare tactic from a candidate willing to say just about anything to excite his base.

But is it?

“Unfortunately, the possibility that the election could be hacked is not science fiction,” says WPI faculty member Suzanne Mello-Stark, a computer science professor and an expert in cybersecurity.

Suzanne Mello-Stark

While Mello-Stark says voting machines could potentially be tampered with to skew results, she is by no means predicting that the election will be hacked, or that results should be invalidated.

But, she says, if allegations of tampering are raised and an investigation is launched, in many counties across the country where touch-screen voting machines are used there will be no paper trail with which to verify results.

“If Trump loses and says the election was rigged, we can’t prove it wasn’t, and that raises a real trust issue,” she says.

“We need to create an environment where we can disprove a conspiracy theory with the facts, and right now, we can’t do that,” she adds.

Mello-Stark, who started her career as a software engineer before moving into academics, wrote her doctoral dissertation on election security at the University of Rhode Island in 2011.

She became interested in voter fraud after the 2000 presidential election, when results from a single Florida county decided who was moving into the White House. Florida officials spent weeks poring over paper ballots arguing about “hanging chads” before the United States Supreme Court finally decided the election in George W. Bush’s favor.

“It really upset me. I lost faith in the trust of our electoral system,” she recalls.

“Do we really know what’s happening behind the scenes once our ballot is cast?” she wonders.

In an effort to overhaul and improve voting practices, Congress passed the Help America Vote Act in 2002. It provided federal funding to states to update voting systems, including the purchase of voting machines to replace paper ballots and lever-pulling machines.

To the people running elections, the machines were a perfect way to end time-consuming ballot counting, human counting error, misread ballots, and hanging chads.

But to computer experts like Mello-Stark, the convenience came with a security risk if the proper safeguards weren’t put into place.

Unfortunately, she says, too often those safeguards are being ignored.

Mello-Stark says the machines are all manufactured by private companies and can’t be scrutinized by outside experts.

Prior to elections, she says, most election officials do not give computer scientists access to check the machines.

“They rely on the vendors to do the testing,” she says. “And what they do is very minimal, basically just booting up the machine to make sure it works.”

In addition, she and other cybersecurity experts suspect that routine virus updates are not being performed regularly on machines stored away between elections, and that they are not being kept in secure locations.

Princeton University professor Andrew Appel has shown that a voting machine can be broken into and hacked in just a few minutes.

“If something can be connected to the Internet, it can be hacked,” Mello-Stark says.

She theorized that machines could be hacked to delete one vote for every 100 cast, for example, or take registered voters off the list to create confusion at the polls, leaving no paper trail with which to verify results.

The touchscreen machines, used in counties across the country, including in hotly contested Western Pennsylvania, resemble ATMs, Mello-Stark says.

ATMs keep a record of each transaction, however, and users get a receipt.

So if a customer notices a discrepancy in their balance, they can easily go into the bank and check the transactions against their receipts or other account balances to find the error.

“In these machines, once you vote, that’s it, you’re done. There’s no way to go back,” she says.

“Because these machines are proprietary, we don’t have access to the code,” she points out. “Not many computer scientists have had the opportunity to look at the software and see exactly what the machines can do.”

Even if a software glitch were found after the election, she said, very little could be done about it because there would be no record of votes to check it against.

There are easy fixes that would work to avoid the potential for the kinds of problems Mello-Stark worries about.

She says she would require paper ballots to go along with the machines, and include an auditing system in the machines so election officials can easily compare the number of votes to the paper ballots in real-time checks as Election Day proceeds.

She would also require that a strong, secure chain of custody be maintained for the ballots, much like what is done with crime evidence, so election officials can show there was no tampering done at any point.

The same would go for the hardware and software. Both should be maintained under secure conditions so it can be shown that there was no opportunity for anyone to have tampered with them.

“We should not rely on machines," she says. "There has to be an audit process so if something goes wrong we will know what happened.”

- By Ellen Ishkanian