Though no one has outright said it, a recount in Wisconsin and potentially Michigan and Pennsylvania appears to be rooted in one notion: Russia’s involvement. U.S. cybersecurity officials think Russia has tried to influence other parts of the election, like leaking damaging Democratic emails or helping spread fake news. But hacking the actual election is a different animal entirely. Here’s a reminder why almost impossible for anyone — Russian or not — to hack our elections system.
Political campaigns are all about numbers. If you get more votes than the competition, you win. One hundred is greater than 99, and so 100 becomes mayor or governor or president.
It’s the determination of those numbers that’s always been the point of concern in the integrity of elections. The famous saying that it’s not the voter but the person who counts the votes that matters (usually incorrectly attributed to Joseph Stalin) reinforces the point: If 100 votes are cast but only 90 counted, the system breaks down.
This presidential election cycle, that integrity has been questioned. First, Donald Trump suggested without evidence that an eventual loss in Pennsylvania would be the result of voter fraud. Second, and much more substantially, the FBI warned state elections officials in August of possible attempts to hack state election systems after breaches in Arizona and Illinois. The likely culprits were agents of the Russian government, putting the alleged Stalin motto into practice.
Then September and October saw politically embarrassing emails hacked from Hillary Clinton’s campaign’s top officials and then released to the world. And finally, the U.S. government officially accused Russia of hacking into campaigns to interfere with our elections.
That’s the question at its root: Could hackers change the numbers to change our elections? We spoke by phone and email with Merle King, executive director of the Center for Election Systems at Kennesaw State University to get an answer. In summary: It would be harder than we think – in part because we tend to conflate a number of very different election systems.
“One of the challenges the public has in sorting through the various threads of the current election cycle’s stories is understanding the differences between a campaign system, an election system and a voting system,” King told us.
The campaign system is the tool set used by candidates or parties to get people elected. The election system covers voter registration systems and other data centralization and is specific to jurisdictions. The voting system is the actual process of voting: the machines, the ballots and the designations of who votes where and on what. Information flows between these systems, but not always in two directions: Campaigns, for example, use voter registration data from the elections system but don’t send information back to it. So if a campaign is hacked (or if the Democratic National Committee is), there’s no risk to the voter registration database.
Confusing these systems can mean misunderstanding the threat – and the intent of the hackers. Take what happened in Arizona or Illinois, where voter files were lifted from the election system.
“When I hear about a hack, and it’s attributed to a Russian IP address, my first reaction is it’s identity theft,” King said. “They’re looking for large lists of critical information that can be used to create identities for credit card theft, etc. I don’t instinctively think it’s an attack on our election system.”
The important point King makes is that hacking the elections system and the voting system are very different in nature and effect. “If the election systems were hacked, there are paper backups of the electors list – every precinct has to maintain a paper copy of the voter list – so you could disrupt an election by attacking those election systems,” he said. “But most importantly, you could not alter the outcome of the election by hacking those systems. That would have to occur in the voting system” – the actual process of casting ballots. And that’s harder than it seems.
After the stories about the hacks of election systems came out, the Florida State Association of Supervisors of Elections wrote a letter to voters in that state explaining how it protects the voting system itself. The steps delineated are:
1. Before each election, a public test of the tabulating system is conducted to ensure that the machines are functioning as expected. King describes this process (which is not unique to Florida) as “an opportunity for members of the public and media to come and observe the ballot is correct and it can capture voter intent correctly and can tabulate it.”
2. On election night, results are encoded with multiple layers of encryption and transmitted to a central gathering point.
3. Voting machines themselves are not connected to the Internet, preventing them all from being hacked at once.
4. Thumb drives with results are also transmitted to the central location. Those drives are digitally signed and secured before Election Day, preventing their being replaced with a drive from somewhere else.
5. If there are any corrupted or unusually slow results transmitted to the central location, the results from the thumb drives are used.
6. Election night totals are transmitted to the state as unofficial results via both an encrypted device and over a separate network system.
7. A week after the election, the results in each precinct are reviewed by looking at the paper totals. Any discrepancies are “researched and noted.” The Florida vote is backed up by paper ballots (which isn’t the case everywhere), facilitating that research.
Only once those checks are complete is the result certified.
That’s the process that needs to be hacked to directly change the results of the election, not a hack of the voter registration database. There are hundreds of similar setups in all 50 states that similarly flow upward to state agencies. That distribution is an asset, not a flaw.
There are caveats, of course. For one thing, a hack of the voter registration database could make it easier to identify voters who could be used as targets of fraud (people who are dead or who don’t vote often). There can be tampering by campaign officials. And no system, no matter how well-protected, is unhackable, including the listed process above.
Each of those caveats is very unlikely for a number of reasons. Voter fraud is far, far harder than it seems, requiring a lot of people to break federal law for it to approach any sort of meaningful scale. Sure, some elections are won by a few hundred votes – but tipping that election means finding a few hundred people to cast ballots in the right place ahead of time. That’s harder than it may sound. Campaign officials can and have toyed with results, but being caught means losing a job and prison time – with the problem of scale still looming. The process above could conceivably be hacked, I guess, but if you can figure out how to do it without being caught, you could probably get a lucrative job somewhere else much more easily.
So why so much concern about the election being hacked this year?
“It would be an understatement to say this is an unusual election, so when you have the nominee of one party declaring that if his opponent wins, it has to be rigged, that message resonates,” King said. He also acts as an election official, meaning he knows the challenge of rebutting concerns about fraud firsthand.
“As an election official, I frequently find myself challenged to prove the negative,” he said. “The conspiracists never have to prove their theories, but the election official has to prove the negative, which we know is impossible to prove. Can I prove that the Arizona system was not hacked by Russian state operatives? I cannot.”
The best we can do is create as many obstacles to stealing elections as possible in advance, to do our best to make sure that 100 equals 100. Happily, people like King have been thinking about how to do this for years.