We Need to Audit Presidential Elections

I’m not positing a conspiracy theory that the vote that happened last November was hacked. Smarter people than me with better access to information have looked at this question and haven’t found evidence of it. But I do think that the people who have the capability to change election results are the people who knew before the rest of us how vulnerable our systems are to outside interference.

Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America’s election infrastructure.

Tech minds at the annual DEF CON in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software.

According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies’ products.

Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.

The Register reported that the challenge was designed by Jake Braun, the Chief Executive Officer of Cambridge Global Advisors and Managing Director of Cambridge Global Capital.

“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” Braun said.

“The scary thing is we also know that our foreign adversaries — including Russia, North Korea, Iran — possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

I think we need to accomplish two things here. The first is that we need to make our voting systems secure. And the second is that we need to convince our people that our voting systems are secure. It’s very easy to see how someone could jump to the conclusion that it just isn’t possible for the polls to be off by so much and that the best evidence of tampering is the unexpected results. And maybe we need to get away from the presumption that the initial election results are correct and adopt the habit of having some kind of comprehensive sampling audit of the machines before we expect the “loser” to call and concede.

The purpose of this would be to satisfy that second requirement above that the people have confidence in the results. Of course, to accomplish this step, we simply can’t have machines that don’t provide any paper trail or way to test their ability to accurately tally the vote.

As things stand now, the only defenses against hackers are the deterrence provided by the fear of getting caught and the lack of centralized elections (especially on the statewide and presidential level) that make it hard to change the results without really widespread hacking efforts.

Yet, the decentralization defense can be exaggerated. A hack of the last presidential election would have needed to change the votes in only three states (Wisconsin, Michigan, and Pennsylvania) to be successful in changing the result, and the absolute numbers in each of those states were small enough that it could have been accomplished in each without access to all the polling places.

Again, I’m not saying that this happened, but it’s also hard to rule it out. And that’s probably the problem we can’t wish away. We have the election, the initial uncertified numbers come in, and before we know it someone has conceded while they’re still counting votes. It’s very hard to unring the bell of a concession, as Al Gore discovered to his lasting regret. Hillary Clinton’s popular vote margin grew for about a month after the election as more and more votes were counted, and there were some limited recounts in several states that resulted in modified numbers.

Since we’ve built in a long delay between election day and inauguration day, we should take advantage of it by building an audit of the election into the schedule. States that can’t certify their results up to a reasonable federal standard shouldn’t be allowed to cast votes in the Electoral College, which would pressure the states to put in better protections against hacking. Of course, the federal government should pay for any needed upgrades.

The way things stand, I can’t blame people for lacking confidence in the integrity of the result. In general, if a system is vulnerable to hacking, it will be hacked. The protections we have in place are clearly insufficient to give the people confidence, and that’s a dangerous situation for a system that relies on the consent of the governed.

Leave a Reply