Author: Jeslyn Guo
Democracy is defined first and foremost by fair and free elections. The election system works when citizens have confidence that their opinion will be heard, and their vote will make a difference. Whether at a local or federal level, the security of one’s vote is of utmost importance.
Like many other aspects of our culture, elections have been digitized. While voting security tends to be the primary concern, digital elections encompass everything from political campaigns to news agencies to election systems. Threats to election security can be international as well as domestic. Common methods of attack include malware attacks, ransomware attacks, worms, and trojan horses. In the worst-case scenario, data can be stolen, or votes changed (the very worst case). Recently in the 2020 election, the Associated Press, a news agency which communicates election results to the public, reported 10,000 phishing email attacks. On a personal level, phishing attempts may prompt a voter to click on an invalid link or log into an unsecure website, leaking their password and other sensitive voter registration information.
While this may seem daunting, the Department of Homeland Security and specifically the Cybersecurity and Infrastructure Security Agency (CISA) make it a priority to ensure that elections are conducted securely. In 2021, many cybersecurity bills which detail actions for cybersecurity and election safety are pending in numerous states. Cybersecurity and election security does not go unaddressed, and it is sure to be a hot topic of discussion in the coming years.
How exactly does voting work?
If you have not voted in an election before or are unfamiliar with different technologies, there are three main voting devices that we see today. The most common devices are optical scanner machines, which are devices which process each mark on a page and store results electronically. If you have participated in standardized testing before, that is pretty similar to this type of voting process. When using this machine, the scanned paper ballots leave a paper trail, which is essential in verifying election results. Another type of voting machine is a ballot marking machine, in which voters select their choice on a screen and the machine prints a paper ballot to be later hand counted or scanned again. Similar to the optical scanner, this type of machine also leaves a paper trail.
The third most common type of voting machine is a direct-recording electronic machine, or a DRE for short. When voters use this machine, they select their choice on screen, and their data is transmitted straight to a computer. These machines are the most vulnerable parts of voting infrastructure as they eliminate paper ballots, thus making it very difficult to audit an election. For example, let’s say that a malicious hacker was able to gain access to one of these machines and alter the votes so that regardless of a voter’s selection, all votes went to one candidate. Without a paper trail, it’s impossible to disprove these results (although, the case where one candidate gets all the votes is certainly suspicious). It is near impossible to detect when DRE machines experienced some kind of cybersecurity attack without a paper trail, unless the software or hardware is physically taken apart and inspected. The additional level of complexity with voting technologies is that all algorithms reflect the design and bias of programmers, so voters may not be confident in these technologies until they are the ones designing the program.
Before paperless voting, there was a traditional lever and punch card system in which a voter created a hole in the card associated with the candidate that they wanted to vote for and then deposited their card into a ballot box. However, there were ambiguity issues such as hanging chads, where holes were not fully punched through. In 2002, Congress passed a $39 billion act called Help America Vote Act (HAVA) to help replace old systems with new technology equipment. The most popular machines during this time were DRE’s, which were initially thought to be very efficient and high tech. However, problems with these machines arose as early as the next election when activists and politicians claimed that these machines had altered election results. These problems are still apparent today and hotly debated around the world.
The last question that usually comes with elections and technology is about voting online. If I can go shopping online, if I can buy my groceries online, why can’t I just vote online? While it is unlikely (though not impossible) that a hacker will attempt to break into your online shopping cart, elections simply matter much more and can draw global attention. Voting online presents a lot of vulnerabilities which malicious hackers can exploit. For example, they may use a denial-of-service attack where they flood a network or machine with lots of traffic so it triggers a crash and shuts down, thus compromising the voting system. No network or machine is guaranteed to be 100% secure, yet with elections there is no room for error.
It is unclear what voting technology will look like in the future, but increasingly many machines keep a paper trail to ensure that elections are conducted fairly and freely. While technology has advanced many aspects of our day to day lives, perhaps with voting it presents more problems than it solves.