Even in this unconventional election, a highly conventional fact remains: A handful of swing states stand to decide who the next president will be. Meanwhile, early voting is already underway. And accusations that the system is “rigged” by cheaters seem to gain legitimacy as hacking attempts appear in the headlines: In a nod to Chicago tradition, nineteen dead people reportedly registered to vote in Virginia last week, and over the summer, Russian hackers reportedly accessed voter registrations in Arizona and Illinois.
While Boris and Natasha attempt to meddle in American electoral politics, districts in key states dust off vulnerable touchscreen voting machines. The electronic voting machines’ hackability—unrelated to online registration databases—begs extra vigilance against “bad actors” attempting to swing the vote.
Paranoia strikes deep wherever touchscreen devices, known as direct-recording electronic voting machines, or DREs, are still in use. It took a Princeton professor mere minutes to hack a machine, one which some Pennsylvania districts still use. If a “bad actor” wanted to swing the election, she would simply coordinate attacks on outdated digital voting machines in split districts across decisive swing states.
When I proposed my diabolical plot to Pamela Smith, president of the watchdog group Verified Voting, she told me I was a little late to the election-rigging game. “You could probably pick a state or two that you think is likely to matter,” she instructed. “But the opportunities have shrunk from past years. The opportunities are fewer, because more states have paper and more of the swing states have paper.” Paper ballots manually marked and fed into optical scan machines are inherently more secure than data recorded via touchscreen. Many states adopted DREs in the wake of Bush v. Gore only to replace them with optical scanners. Others have augmented their DREs to record an auditable paper trail.
Josh Lawson, general counsel for the North Carolina Board of Elections, describes the DREs’ paper trail producing appendage as a “receipt spindle.” He warned me I would have a hard time hacking North Carolina’s voting machines undetected; although a third of them are DREs, they’re DREs with voter-verified paper trails. “There are certain security mechanisms in place,” he said, “Not things that we advertise because we don’t want to give a manual to folks who would want to circumvent them.” The voting machines are not connected to the internet or to each other, and North Carolina’s different jurisdictions conduct elections differently—this, “the diffuse and decentralized way in which elections occur,” he said, is essential to security. In 2004, a faulty DRE used for early voting failed to record more than 4,500 votes in a Senate race ultimately decided by a margin of less than half that. Since then, North Carolina has fortified its DREs with receipt spindles. And, in this year of heightened anxiety, the state enlisted extra protection for its election systems from the Department of Homeland Security.
New Hampshire, rather than bow to federal assistance, lives free and risks papercuts. The state uses only paper ballots and recounts more elections by hand than any other state, according to Deputy Secretary of State David Scanlan. (Serving to underline the point, Scanlan’s office was in the middle of recount when I called to ask how to hack his state’s electoral process.) I would need to plant a mole, he said, “It would have to be somebody on the inside that had access to the memory cards and was able to program them in such a way that they could affect the overall totals throughout the state.” But even so, “In the event that that was accomplished, we always have recounts. After every election.”
Unlike New Hampshire, Iowa doesn’t always anticipate a recount. But Iowans do vote entirely by paper ballot, and according to state law, Iowa saves every single paper ballot for at least twenty-two months. Wisconsin and Ohio, meanwhile, use a mix of paper ballot scanners and touch screen machines with receipt spindles. Nevada, on the other hand, offers only DREs. But, at the advice of the Nevada Gaming Commission, the state department required its DRE manufacturer to equip every machine with an voter-verified audit trail. Nevada audits its DREs just as the casinos audit their slot machines (and, we can imagine, the state punishes a “bad actor” much like casino security guard takes one down in a Hollywood movie). As recently as 2014, nearby Colorado moved to a mail-in voting system, following its bud brothers Washington and Oregon, and soon parts of California as well, so that good old-fashioned mail fraud might replace cybersecurity concerns.
Indeed, only three high-stakes swing states still use any unguarded DREs: Virginia, Pennsylvania, and Florida. Although Florida has replaced most of its touch screens with paper ballots, DREs without paper trails remain in use only as the mandated “accessible machines” for disabled voters—a fact Donald Trump has tastefully ignore thus far. Instead, the Republican nominee foretold foul play in Pennsylvania. “The only way we can lose,” he said, “is if cheating goes on.” Challenge accepted, I say: A majority of Pennsylvania counties offer only touchscreen machines without audit trails, and cyber security firm Carbon Black recently declared Pennsylvania the most vulnerable.
But, unfortunately for hackers and schemers, Pennsylvania’s statewide ballot accounting and reconciliation process all but ensures the detection of any tampering. Both Pennsylvania and Virginia, where many fewer counties use unverified DREs, check the number of voters against the number of votes recorded in a multi-phase audit conducted first at the polling place then again at the county office. And if any more or fewer votes are tallied than cast, officials will isolate the discrepancy, Pamela Smith warned, possibly soon enough that those whose votes were compromised could recast them on backup paper ballots.
A clean count depends on hawkeyed elections officials: It might happen that one hundred voters come to your polling place, Smith said, and yet “you have 97 [ballots] because three voters decided they were disgusted with the candidates and walked away.” So, for the sake of seamless ballot reconciliation, officials in Pennsylvania should keep watch for the so-called “fleeing voter.” These poor souls disrupt the accountability process, and per Pennsylvania’s 2011 directive concerning electronic voting systems, they should be caught and hauled back to the booth: “If possible, notify the voter before he or she leaves the polling place to return to the voting booth and complete the voting process.” Come Election Day, we may find the resilient human spirit—its natural desire to flee—poses an untidier challenge than any “bad actor.”
