ANN ARBOR - As a national expert on election system security, Alex Halderman has never shied away from explaining how America’s election systems can – and have been – hacked. The University of Michigan computer science professor stops short of saying vote counts have been changed, but notes Russians tapped into voter registration lists in some states in 2016, and that he and fellow election-hack experts have demonstrated how state election systems can be infiltrated.
Not that he’d ever do that. But America’s enemies are probably trying.
Halderman testified before Congress in 2017, warning of the vulnerability of election systems to hacking by foreign powers.
Since 2016, Michigan has spent $40 million on state-of-the-art optical scan equipment to count ballots in all 83 counties, and another $11 million on additional election security measures, including hiring an outside firm to conduct an end-to-end security review of the state’s election systems.
Halderman said those steps are an improvement, but there are still vulnerabilities.
Halderman spoke to Bridge this week in his Ann Arbor office about election security vulnerabilities, and possible solutions.
Bridge: How secure are election systems today compared to 2016?
Halderman: Well, 2016 was a huge wake up call for the whole country in terms of election cyber security, because it showed that our highly computerized voting systems are in the crosshairs of powerful attackers and foreign nation intelligence agencies that want to do as harm. Russia is just one of a number of countries with the technical capability to penetrate our election systems to disrupt the process of voting or, and this is what really keeps me up at night, to silently change the outcome of elections.
Since 2016, many states have implemented new protections for their voter registration systems, which were the main target detected in 2016. There's a much higher level of awareness about security among election officials and policymakers.
But unfortunately, in terms of the technology in the polling place, the actual voting machines and the systems that are used to check in voters, not a lot has changed, and those are among the most vulnerable components.
Russia was in a position to do a lot more damage than they did, they were inside some state voter registration systems with the technical ability to delete or destroy that data, which would have caused massive chaos on election day. But they chose not to pull the trigger. And I worry that in 2018, we're in the same position once more. It’s technically possible (to interfere with an election). And the question is whether our adversaries choose to strike.
Bridge: Well, that’s cheery. I’m picturing a bored teen-ager making Jim Harbaugh governor while waiting on his Domino’s delivery.
Halderman: Some people get the wrong impression that voting machines can be hacked in minutes by amateurs. But that's not quite true. Most of the vulnerabilities that we're talking about are ones that can be exploited by sophisticated attackers with time and resources to prepare, and it helps to have legal impunity by being a hostile foreign nation.
So I don't worry so much about some undergraduate novice doing this. Although I would say if my computer security course really put its mind to it, our students could do some substantial damage.
(Don’t believe him? In 2010, the District of Columbia held a live, mock election to test the city’s new voting system that allowed residents to vote by Internet. Halderman and a team from U-M broke in, altered votes so that HAL 9000 was elected council chair, and changed the music on the “thank you for voting” page to “The Victors.” The city dropped its plan for Internet voting.)
Bridge: How secure are Michigan’s election systems?
Halderman: Michigan fortunately, has just gotten new voting machines. That's a plus. Michigan's voting system also is entirely based on paper ballots (which are optically scanned for counting), which is a significant plus.
The place where Michigan is most at risk is in terms of whether we use those paper ballots as an effective defense. It's not enough just to have paper, you also have to look at it - you have to look at enough of the paper ballots for a statistically significant sample to know with high confidence whether it agrees with the computers about who won. Michigan historically hasn't done this.
Michigan this year is piloting some improvements to its audit process. But today, we're not practicing rigorous post-election audits across the state routinely in a way that can guarantee that any altered outcome would be detected. But we're in better shape in some states, because at least we have the paper there in case we want to go back.
Bridge: Is there a solution?
Halderman: Election cyber security is a cyber problem that we can solve, and we can solve it because elections are a specialized enough kind of problem that relatively simple defenses can go a long way to making a stronger.
We need to make sure every ballot is recorded on a piece of paper that can't be changed in an attack and make sure that we're routinely going back and checking enough of that paper to rule out the outcome was changed in a cyber attack. These are changes that are practical for local and state officials to implement on their own.
Bridge: It feels as if the public has gone from zero concern about election security to full freak-out. How concerned should we be?
Halderman: It's very important that people understand that even if you are worried, please still vote. Because the only way to guarantee your vote won't count is to not cast it in the first place. That being said, I think people are right to be concerned. It’s important for people to be continuing to understand the concerns and to express those concerns to lawmakers, the need for further investment and further safeguards to be put in place for elections.
If people aren't concerned, we're never going to do anything about these problems. And frankly, we have a lot of work left to do.