Bruce Schneier talking:
A lot of our voting machines are basically computers. And especially computers without any paper audit trail are vulnerable to hacking and errors in ways that can’t be corrected. And my worry is that we’re going to have an election where there is credible evidence of a hack, and we’re literally not going to know the actual results and have no way to figure it out. And that, right now, will be disaster for our system.
So there are anomalies in the results that seem to correlate with voting machine type. Now, that is a red flag for hacking and something we should look at, and we should definitely research this. My guess is it isn’t. My guess is there’s some confounding variable that the machine type is correlated to demographic in some way. But we don’t actually know until we do the research. My worry right now is the recount. That process was designed decades ago, when it meant counting the ballots slower and more carefully. And it didn’t mean looking at the voting machines for forensic evidence of hacking. So I’m not convinced that even after this recount we’re going to know more.
– Alex Halderman, director of University of Michigan Center for Computer Security and Society and one of the leading computer scientists and election lawyers calling for a recount. He indicated a hack of the vote was, “plausible,” but went on to emphasize, “The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence—paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania.”
he’s 100 percent correct. That’s the only way to know. And when there are paper ballots, if it’s an optical scan machine, where you vote on paper, and that paper ballot is your backup, you can look at that paper. And that will give you the actual vote. In states that don’t have that, that are just touchscreen machines like ATM machines, there’s going to be really no way to figure out original voter intent. There, the only thing you can do is forensically analyze the machines, the network. And while that may lead to evidence of hacking, it won’t tell you what the original votes are. Now, that process can take weeks. It can take months. It’s not a process we’re really ready for. We expect to know the winner now.
So that is the red flag that could indicate hacking. It could indicate other things, too. There was a complex post on FiveThirtyEight.com that looked at that data and had a theory that it was demographics that was the deciding factor, and not hacking. That could be true, too. So, we have a problem right here. Right? Elections serve two purposes. The first is to choose the winner, but the second is to convince the loser. The losing side has to believe the election is fair; otherwise, it’s not legitimate. Things like this delegitimatize the election. And that’s why we need to investigate them and come up with the actual answer. And if there was hacking, we need to know about it. If there wasn’t, we need to know about it.
Stein made a really important point. There needs to be rules in place beforehand, because now, when the election is over, battle lines are drawn. It’s Trump versus Clinton. And you’re going to pick the process that will have your side win. Rewind this a month, and it would be really easy to come up with a set of rules that everyone agrees on. So we need those rules in place before we vote, when we don’t know which way the hacking or the demographics or the miscount might go.
If they’re photographing the paper and the paper still exists, then we’re OK, if the photograph is just a backup of the paper. If the paper is destroyed, then that’s an absolute disaster. So, not knowing more, I can’t tell. But something else is brought up in this that’s real important, that we can’t lose sight of, I think, the real issue here, which is not the hacking in those three states, but the voter suppression everywhere. And whether it is voter ID requirements or closing polling places in poor neighborhoods or reducing early voting or purging voter rolls, there’s a concerted effort in the United States to deny people the right to vote. I think that’s the real issue. And that has probably caused a lot more discrepancy in the vote versus the will of the people than machines, even though machines can be a disaster.
There’s really three areas of vulnerability we have to worry about. The first is the voting rolls. If someone can hack those rolls and change them or delete them, they could cause real problems on Election Day. The second is the machines. And, yes, optical scan machines are the most secure and the safest. And that’s a paper ballot that you fill in ovals, and it’s processed, and the paper is your backup. The third area of vulnerability is the tabulation and the counting. And we don’t talk about that much, but after everyone votes, there’s a system of consolidating all of those results from every machine higher and higher into a single state result. And there’s vulnerability there. So, yes, those three areas are all rife for hacking, not just from foreign powers, but from hackers everywhere. I mean, these aren’t things that are only the purview of nation states. Our computer systems are so vulnerable that even amateurs can, in some cases, do it.
_____
Bruce Schneier
security technologist and fellow at Harvard’s Berkman Center for Internet and Society.
— source democracynow.org