The Vulnerabilities of our Voting Machines, and How to Secure Them
David Remnick: For years now, there's been a concern that computerized voting machines are somehow less secure than the old paper ballots we used. What would happen if someone with ulterior motives got access to the software that counts the votes? What kind of mischief could they do? In May 2021, it happened, and it happened through the person who was in charge of securing the votes, an election clerk in the state of Colorado.
Sue Halpern: In Mesa County, Colorado, the election clerk, a woman named Tina Peters, somehow got into her head months after the election of Joe Biden that the election had been stolen and that thousands of dead people had voted in the election that she was in charge of running.
David Remnick: Staff writer Sue Halpern has been reporting for us on election security, including the Tina Peters case.
Sue Halpern: She allowed Stop the Steal activists to come into her office and copy the Dominion Voting System software that was running the tabulators that they used to count the votes in Mesa County. Then they posted that information on the internet. Essentially they released it into the wild for anyone to take a look at and potentially try to figure out if there are any vulnerabilities. If a hacker would like to get into these systems, they now basically have the key to the castle.
David Remnick: Dominion is one of the big voting machine companies. You, of course, remember that they were the target of far-out conspiracy theories involving George Soros and Hugo Chavez of Venezuela, all pushed by Trump's lawyers Sidney Powell, among others, and the theft of the software in Colorado was not an isolated incident.
Sue Halpern: Unfortunately, this has happened in a number of other jurisdictions around the country, often in swing states, not surprisingly. The breach that I think is getting the most attention right now is one that actually happened in January, on January 7th, 2021, and it was at the behest of Sidney Powell, one of Trump's lawyers who hired some computer forensic experts, i.e, hackers, to go into the election office in Coffee County, Georgia, and they managed to copy every single bit of election software and data that existed.
Reporter: "Newly obtained video to CNN shows a former Georgia Republican County official escorting two operatives hired by an attorney for former President Trump into the county's election offices on the same day a voting system there was illegally breached."
David Remnick: One of the few people to legally obtain access to the Dominion Voting Machines is a computer scientist named J. Alex Halderman. Halderman consulted in a court case involving Dominion in 2018, and he found that the machines could in fact be hacked. His report was put under seal, and the federal agency in charge of cyber security sent an advisory to districts that use those machines. He knows more about how computerized voting works than almost anyone.
J. Alex Halderman: Honestly, it keeps me up at night knowing that some of that software is out there after what I found in my time analyzing it and what I know other people could find in short order.
David Remnick: J. Alex Halderman spoke with Sue Halpern.
Sue Halpern: Your research has been co-opted by the Stop the Steal folks. They look at your research and they say, "These machines are hackable. We shouldn't trust them. Alex Halderman, a professor of computer scientists, the world's leading expert on Dominion Voting Systems, he said so." What's that like for you? That is clearly not how you intended your work to be used.
J. Alex Halderman: Oh my God. It's the worst feeling in the world when people co-opt my work to lie to people. That's largely what's been going on when it's been held up as this is the proof that the 2020 election was somehow fraudulent. As a scientist, it's my job to try to explain the way the world really works as best as we can understand it with scientific methods, and I cannot do that just because they're going to inconveniently agree with certain false theories.
Sue Halpern: Yes, that's hard though.
J. Alex Halderman: It's extremely hard, but it's a reason and a reminder of why I think everyone who works around elections needs to be especially clear in their claims and in their communication, and we've seen claims that omit very important nuance coming from all sides, both from people who are trying to convince the public that the 2020 election was fraudulent, of course, and from people who are trying to reassure the public.
The strongest claim I think that experts who are being careful can make right now is that there's no sound evidence that there was any kind of fraud in the 2020 election. I wish we could make the claim that our elections are well-secured, but I don't think we can get there just yet. We have a long way to go to make sure that elections provide the kind of security the public deserves.
Sue Halpern: Does the work that you did in Georgia on these Dominion machines, does the fact that now those same systems are out and about in the wild because of the Coffee County breach, does that change how we should be thinking in general about election security? It just seems like, you did your work. It was scary enough that the court decided the public couldn't see it, but that came before we knew that the software was out there.
J. Alex Halderman: As we've seen from the examples in Coffee County and Mesa and elsewhere, bad actors potentially can get access to the machines, both to the software because it's been leaked and potentially to the operating environment where the machines are being housed and used. Then after those vulnerabilities are discovered, attack software is coded. It's just a matter of brief access to slip something malicious into the system.
What we need to do-- What we need is just a sea change in the way we think about trust in election systems. It's not sustainable to say that the public can only trust election systems if they trust the Dominion Company and they trust their local election officials. Just we're never all going to agree, and it's never going to be enough to make sure that those systems are actually well-secured.
What we need is to reverse the burden of proof almost. Election systems should be designed so that they generate affirmative evidence that the outcome is right. It shouldn't be as scratching our heads and asking, is there any evidence that the system has been corrupted, because that's usually an impossible burden of proof to meet, even if there was an actual well-designed attack.
Sue Halpern: The design of these systems is essentially a black box. You're one of the few people to legitimately gain access, take them apart, and analyze how they work.
J. Alex Halderman: From the very beginning, this has been a topic where companies have been secretive, have not wanted outside scrutiny of the way their technology works. That's perhaps for competitive reasons, but I think more so it's because publicity about things that don't work is not good for their business. Many years ago, back when I was a graduate student at Princeton, my research group was actually the first group of scientists in the country to get our hands on a real US voting machine and be able to take it apart and figure out how it worked.
As the senior most student, I was the one in charge of going and picking up the machine, which we got from an anonymous source who our lawyers assured us had acquired it legally, but who wanted to keep the origin secret.
I double-parked in front of this hotel near Times Square, and then I went into the alleyway in the back of the hotel and, I swear, a man in a trench coat met me with a black leather suitcase that had the voting machine in it. A lot of the secrecy at the time was because we were all dreadfully afraid that the company that made the machine would sue us, just try to stop us from publishing science about it, but they didn't ultimately. We made a number of discoveries, including that the machine had vulnerabilities that basically anyone could exploit to inject malicious software and change votes.
Now, subsequent to that work, two states, California and Ohio brought in teams of scientists to do similar studies on all of their election equipment. California decided that they would have a paper trail for every vote going forward but not all states got the news. One of the most revealing data points to me is that Georgia, up until January of 2020, used those same deep old paperless voting machines that I studied back in grad school. They never patched the software, they still had exactly the same vulnerabilities that we had discovered and published now 16 years ago until the day they were thrown away.
Sue Halpern: When they were thrown away, they then replaced them with these Dominion systems. What is interesting about this whole subject is watching how partisan right-wing activists have begun calling for the end of computerized voting machines. They're talking about how we need hand-marked paper ballots, and then they want those hand-marked paper ballots to be counted by hand. They want to get rid of the scanners and the tabulators. Is that the right way to secure American elections?
J. Alex Halderman: Well, no, unfortunately. These solutions that they're proposing, they're not entirely fact-driven, either. The biggest limitation is that, well, we just can't count ballots by hand practically in the American system at scale. There are a lot of countries that do count by hand, even in Canada, and in a lot of Europe, but generally, they have much simpler ballots than typical American jurisdictions where we might have 30 or 40 questions on the ballot.
The amount of time it takes to count the ballots goes up with each additional race. If we want results in a timely way, we want them to be counted accurately, and we want to continue to vote on so many issues, we inevitably are going to have to enlist technology to help.
We don't have to just blindly trust that technology and I think this is what the Stop the Steal movement misses, that we can make use of technology in elections without just having to have faith that it's operating correctly, and the people who are operating it are doing everything right. The most important part of that is auditing the results of the election in a statistically rigorous way, what's known as a risk-limiting audit.
What a risk-limiting audit does is it has people go and look at the original, hopefully, hand-marked paper ballots, and you look at enough of them to rule out with high probability the possibility that the computer outcome is wrong. In an election that's a landslide, you only have to look at a few ballots to do that. If the elections are a tie, well, you want to go in and recount them all by hand the same way we might traditionally do a recount of a very, very close race. A risk-limiting audit lets you use technology to count quickly without having to blindly trust that technology to get the right answer.
Sue Halpern: How worried are you right now about the security of the midterms, and then going forward to 2024?
J. Alex Halderman: One thing that's keeping me up at night is I worry that something is going to visibly go wrong, even if it's not as a result of an attack. It's going to be hit on to undermine the legitimacy of the entire electoral process. That's what happened in 2020. We had one jurisdiction in Michigan that really did announce the wrong presidential results on election night, Antrim County. That experience, even though it was just the result of human error, reverberates to this day in conspiracy theories.
Attacks that try to convince people falsely that election results were wrong or just as much an attack as an attack that changes the numbers to get the wrong election result. Too many different things to worry about, unfortunately, but let me try to be a bit more optimistic for a moment because I'm not 100% pessimistic about election security. I think maybe the only reason I'm still doing it after all of these years is that I'm an infinite optimist about it.
I think it really is a problem space where we can solve things compared to other cybersecurity problems, compared to securing the energy grid or the medical system, or the financial system. Elections are a small space, a relatively easy constellation of actors to change the practices of. It's a problem we can tackle and it could be, especially if we get congressional action, a great success story for this country in terms of securing a major area of critical infrastructure.
Optimistically, I'd like to think that that can happen, and I think what's going to have to happen first, though, is that we're going to have to get enough distance between ourselves and the 2020 election, that people stop thinking in terms of whether something is an election denying conspiracy theory, and instead people think about, well, we're all citizens of this country, and everybody deserves the ability to trust the results of our elections.
[music]
David Remnick: J. Alex Halderman is a professor of Computer Science and Engineering at the University of Michigan. He spoke with staff writer Sue Halpern.
[music]
Copyright © 2022 New York Public Radio. All rights reserved. Visit our website terms of use at www.wnyc.org for further information.
New York Public Radio transcripts are created on a rush deadline, often by contractors. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of New York Public Radio’s programming is the audio record.