The next year, state officials upgraded Michigan’s decade-old voting machines, because of concerns about equipment failures and widespread Russian interference in the election nationwide, experts say.
But even with new equipment, risks remain.
The Michigan’s Election Security Advisory Commission released a report on Thursday detailing a host of potential problems on Election Day, including cyberattacks from foreign nations, software problems and power outages.
“There's no reason to expect that the voting machines today are fundamentally more secure than previous generations used in the U.S., which have been shown to have tremendous vulnerabilities,” Alex Halderman, the Michigan security commission co-chair and a professor of computer science and engineering at the University of Michigan, told Bridge Michigan.
Michigan uses similar software and scanners as other states and, as a battleground state in the presidential election, could be an ideal target for foreign interference, election officials say.
But experts say Michigan could be better equipped to handle malfunctions, largely because of its use of hand-marked ballots, thorough auditing procedures and a decentralized voting system.
While many states have countywide elections, Michigan relies on 1,520 cities and townships to conduct their own elections and report results to 83 counties. That’s a “huge benefit” that makes malfeasance harder, said Secretary of State spokesperson Jake Rollow.
“Michigan actually has a very robust security posture,” said Matt Bernhard, a research engineer with Voting Works, a nonprofit voting technology company.
“From a voting machine reliability point of view, I think we're going to be OK.”
The commission’s report was released just days before the November general election, but Rollow said their office has had access to the unofficial recommendations for months and acted on them
‘Any machine can be hacked’
Three companies supply all of Michigan’s voting machines: Hart InterCivic, Dominion Voting Systems and Election Systems & Software. Bernhard said these companies also provide 95 percent of voting machines across the United States.
There are three types of voting equipment in all polling places in Michigan: hand marked ballots, optical scanners and ballot marking devices – touch-screen machines for those with disabilities. These terminals also print a paper ballot to be fed through the scanner, along with the hand-marked ballots. Precincts also use electronic poll books to sign in voters.
According to the state security commission’s report, all counties in Michigan acquired new scanners and ballot-marking devices in 2017 using a combination of federal, state and local funds. Bernhard estimated there are 20,000 optical scanners across the state’s 4,797 precincts.
Before Election Day, Bernhard said machines are sealed to prevent tampering. Halderman said that logic and accuracy tests confirm that the ballots have been programmed correctly, an “important opportunity to spot human error,” he said.
“Any machine can be hacked. Most of them take minutes to hack and nearly all of them can be hacked remotely,” said Jake Braun, executive director for the University of Chicago Harris School of Public Policy’s Cyber Policy Initiative and the co-founder of the DEF CON Voting Machine Hacking Village, a conference of hackers seeking to expose voting vulnerabilities.
Optical scanners are “fully-fledged” computers and vulnerable to manipulation because “all computer systems tend to have flaws,” said Halderman.
In a nightmare scenario, Bernhard said sophisticated nations such as Russia may have spent years planning interference.
“The concern is that actors will have found some way to put software on tabulators or election management systems or ballot marking devices that could potentially cause votes to be miscounted,” Bernhard said.
If that happens, federal laws could prevent a quick fix.
The U.S. Election Assistance Commission requires machines to be certified, and software changes to fix hacks would require systems to be recertified — a process that could take months and cost hundreds of thousands of dollars.
Modem, voter files at risk
Another concern is cellular modems in voting machines that send unofficial results to county clerks, Halderman said.
“If your equipment is connected to the internet, it could potentially be attacked from anywhere in the world,” Halderman said. “And it's exposed to a much broader set of sophisticated adversaries.”
It’s unknown how many jurisdictions use modems because Michigan’s election administration is decentralized, but Halderman recommended that election clerks physically transport unofficial results on USB sticks or memory cards.
But the softest targets for hackers in the election are unlikely to be machines themselves, said Braun of the University of Chicago and DEF CON.
It’s more likely attackers would target the voter registration database, poll books or the reporting of results — all of which could be scrambled last-minute to cause confusion and spread misinformation that undermines the election.
The voter registration database that holds the information and voting record (not including the names of the candidates voters chose) of every registered voter in the state in Michigan is called the Qualified Voter File or QVF.
“We know the Russians were very interested in our databases in 2016” and there are indications they’re once again attempting to attack voter registration databases with ransomware, Braun said.
“Michigan in particular has a statewide voter registration database. If that were to be attacked by ransomware, it would just be chaos.”
Some 3,000 users statewide have access to the file, which the Election Security Commission called “one of the most critical aspects of Michigan’s election security.” The panel advised the state to increase security of the database, increase testing and perhaps reduce the number of people who have access to it.
The Secretary of State’s office said many recommendations have already been implemented, and a federal test on Oct. 21 found “found no errors in the system and said it’s an incredibly strong system,” said Rollow of the Department of State.
The QVF is backed up daily, so if an attempted attack is detected, they can fall back on previous versions if necessary, Rollow said.
Election experts say hacking poll books, which are used to ensure people don’t vote more than once, could create long lines, particularly in communities of color, while hacking sites that announce winners could sow chaos.
Russia hacked Ukraine’s election website in 2014 and changed the victor. Ukraine spotted the hack and took down the website, but the Russians had already spread the news of the fake win.
“You could see that playing out here quite easily,” Braun said.
But old-fashioned technology — paper — could be a big safeguard against sophisticated hacks.
If machines break or there are power outages, voting doesn’t have to stop. People can continue to use paper ballots, which can be stored until the machines begin to function again.
If a foreign state manages to hack the scanner’s software system and influence ballot counts, precincts can examine discrepancies between machine results and paper ballots in a risk-limiting post election audit.
“It’s not a system with no recourse if something goes wrong,” Halderman said.
In 2016, with aging, vulnerable election machines, voting security lights were “blinking red,” Bernhard said.
But this year, he and Halderman said they’re optimistic about Michigan’s election administration, pointing to mandatory audits to ensure election integrity and manual recounts in the event of a close race.
“It’s really the cornerstone of confidence in Michigan elections,” Halderman said.
“I think Michigan has made great progress since 2016, and the public has good reason to have faith in the results.”
This article is made possible through Votebeat, a nonpartisan reporting project covering local election integrity and voting access. This article is available for reprint under the terms of Votebeat’s republishing policy.