How To Rig A Voting Machine
Updated: Oct 20, 2020
“In computer security, systems need to be resilient… that means you’re able to monitor, detect, respond and recover from any event, whether it is a bug or whether it is malicious interference. Having a paper ballot that allows you to do that auditing allows you to have a resilient system.”
- Marian Schneider, President of watchdog group Verified Voting
A decade ago, the concept of a rigged presidential election would have struck most Americans as a wild conspiracy theory.
But in 2018, University of Michigan professor J. Alex Halderman, a computer scientist who specializes in cybersecurity, proved that tampering with an election is not only possible but quite easy. He stands on an MIT stage next to a specific voting machine, the AccuVote TS-X, and watches it fail the most basic of tests: a faux election between Benedict Arnold and George Washington, conducted live with audience volunteers.
Halderman explains that “all [he has] to do, if [he is] the bad guy” attempting to hack the AccuVote TS-X, is “tamper with the ballot programming (1).” Before each election, every voting machine in America is programmed with a ballot design. These designs are made on a computer and then fed to the machines using memory cards. These “removable memory cards” are about the size of a credit card and they can easily be “infected with vote-stealing malicious software (1).”
Halderman notes that he is only showing “a sample of the kinds of vulnerabilities that this voting machine has-- multiple buffer overflows, ways that arbitrary code can be executed, logic errors, places where the voter cards can be forged (1, emphasis mine).” There are many other ways to steal votes using this machine. For instance, “... you can [also] make a voter card that can let the voter vote as many times as they want until someone notices (1).” The card that Halderman made himself and used for the demonstration would actually work on any other AccuVote TS-X machine in America during a real election to allow voters to vote as many times as they pleased.
But Halderman says that the vulnerability doesn’t stop with this machine; two other popular machines, the Optical Scan and the Direct Recording Electronic (DRE), are vulnerable by virtue of their computer programming. With the Optical Scan, a computer scans and counts paper ballots cast by voters. With DRE, votes are cast on a touch screen and recorded on a memory card. Studies conducted on many variations of both types of machines show that “in every single case, the machines have proven to have vulnerabilities that could be exploited to install malicious software and steal votes (1).”
Earlier I mentioned that the ballot design that goes on each memory card is created on someone’s computer; it’s made using election management programs that are often connected to the internet, making it vulnerable to hackers. Hackers also have the opportunities to access the program through a modem or by use of a malware-tainted USB stick (1). In other words, there is no shortage of weak spots in today’s electronic voting system.
Once affected, all machines programmed by the tainted election management system are then vulnerable to the hacker. Halderman estimates that “one major vendor of election equipment [is responsible for] the election management functions for more than 2,000 jurisdictions across 34 states” (1).
Writing for The Guardian, Jordan Wilkie specifies that not only have voters been relying on faulty voting machines that are susceptible to hacker influence, but that these machines also “leave behind no proof that the votes counted actually match the votes that were cast” (2).
The machines allow the “bad guys” a perfect entry and what’s more, a perfect exit -- the lack of a paper trail makes for the perfect crime (2,3). Because there is no “receipt” offered to the voter using machines like the AccuVote TS-X, there is no way to see if your vote was counted for George Washington or for Benedict Arnold.
Because of the alarming conclusions made by experts like Halderman and Schneider, many jurisdictions have opted for new machines that spit out a personal audit for each voter to see, like a receipt. The new machines, called Ballot Marking Devices (BMD), are made by the same companies that manufactured the original faulty machines, and Wilkie suggests that even with a “receipt,” issues with voter fraud and election rigging will still abound (2). For example, the machine may default to autofill when presented with an “undervoted” ballot, where some choices are left blank. Wilkie also indicates that some voters may not be inclined to double check their own paper copies, and even if they do take the time to do so, they may not remember their votes (2).
Not only are BMDs prone to simple user errors like under-voting, but they can be hacked through a centralized election management system through a pathway that has remained the same for decades (3). Expert Professor Rich DeMillo mentions that BMDs, like the AccuVote TS-X and all other voting machines, “receive programming before each election via memory cards or USB sticks prepared on centralized election-management computers systems that are likely connected to the Internet” and because of this, the brand new BMDs are identically vulnerable in one of the ways that Professor Halderman described the old AccuVote TS-X machines are (3).
To top it all off, the most “robust” version of a BMD manual audit, called a “Risk Limiting Audit” cannot hold the machines accountable because it would still not be able to tell the difference between a legitimate BMD ballot and a fraudulent one (3).
Jennifer Cohn, an attorney who doubles as an election security advocate, says that although the BMDs are classified as paper ballots, they are still in fact mechanized and therefore hackable (3). She cites “leading election security experts” in her conclusion that hand-marked paper ballots are the most reliable method of voting and as such should be the “primary voting system” in the U.S., with exceptions for disabled voters (3).
At the end of Halderman’s faux election, Benedict Arnold was victorious -- despite a unanimous audience vote for George Washington. This paints a dim picture of the “landscape of vulnerability” that is the voting process in America (1).