WASHINGTON ― In 2006, Princeton computer science professor Edward Felten received an anonymous message offering him a Diebold AccuVote TS, one of the most widely used touch-screen voting machines at the time.
Manufacturers like Diebold touted the touch-screens, known as direct-recording electronic (DRE) machines, as secure and more convenient than their paper-based predecessors. Computer experts were skeptical, since any computer can be vulnerable to viruses and malware, but it was hard to get ahold of a touch-screen voting machine to test it. The manufacturers were so secretive about how the technology worked that they often required election officials to sign non-disclosure agreements preventing them from bringing in outside experts who could assess the machines.
Felten was intrigued enough that he sent 25-year-old computer science graduate student Alex Halderman on a mission to retrieve the AccuVote TS from a trenchcoat-clad man in an alleyway near New York’s Times Square. Felten’s team then spent the summer working in secrecy in an unmarked room in the basement of a building to reverse-engineer the machine. In September 2006, they published a research paper and an accompanying video detailing how they could spread malicious code to the AccuVote TS to change the record of the votes to produce whatever outcome the code writers desired. And the code could spread from one machine to another like a virus.
That was more than a decade ago, but Georgia still uses the AccuVote TS. The state is one of five ― the others are Delaware, Louisiana, New Jersey and South Carolina ― that rely entirely on DREs for voting. Ten other states use a combination of paper ballots and DRE machines that leave no paper trail. Many use a newer version of the AccuVote known as the TSX ― even though computer scientists have demonstrated that machine, too, is vulnerable to hacking. Others use the Sequoia AVC Advantage, which Princeton professor Andrew Appel demonstrated could be similarly manipulated in a 2007 legal filing. Appel bought a Sequoia machine online for $82 and demonstrated that he could remove 10 screws and easily replace the Sequoia’s memory card with a modified version that would alter the outcome of an election.
Election security, typically a niche topic, emerged as a mainstream concern last summer after the Democratic National Committee announced that Russian hackers had penetrated its computer systems. The DNC hack was an early indication that Moscow had decided to interfere with the U.S. presidential election, raising alarms that Russian efforts could extend to the vulnerable touch-screen machines that record millions of votes around the country. By the time the cyberattack became public, it was too late to replace them, but in the year since the DNC hack revelations, there has been little tangible progress in securing America’s voting machines.
“Basically nothing has changed, except that we are now at least more aware of the threat,” said Halderman, who is now a computer science professor at the University of Michigan. “Ten years ago, had you said a foreign government is going to try to hack U.S. election equipment, I’d say it’s technically possible but so unlikely. But what we saw in 2016 was a concerted attempt by a foreign power to attack election infrastructure.”
Computer scientists like Halderman, Appel and Felten have been warning states about the risks of DRE machines for over a decade, urging them to replace touch-screen machines with paper ballots that can be read with an optical scanner and easily audited after an election. Paper ballots create a physical copy of the voter’s choice that can be checked against the results; with DRE machines, it’s impossible to verify whether the choice the person intended to select is, in fact, what the machine recorded.
Felten even started to post pictures of unguarded voting machines on a blog to show how easily a hacker could access them.
Most states have listened and gradually replaced their touch-screen voting equipment with paper ballots or added “voter verifiable paper audit trail” printers (VVPAT) to their DRE machines that prompt the voter to confirm their selections on a separate paper record before the computer logs the vote. But in close elections, security weaknesses in even a handful of states risk swinging the outcome.
During a House congressional hearing in September, Dan Wallach, a computer science professor at Rice University who studied under Appel and Felten, warned that none of the systems used to register voters, cast votes or tabulate the outcome “are ready to rebuff attacks from our nation-state adversaries, nor can we replace them in time to make a difference.”
“Even if nothing goes wrong, and all this turned out to be nothing but hot air,” Wallach said at the time, “we should treat these events as a warning.”
“Even if nothing goes wrong, and all this turned out to be nothing but hot air, we should treat these events as a warning.”
On Nov. 7, the day before last year’s elections, former CIA Director James Woolsey flagged DRE voting machines as a key vulnerability. “If I were a bad guy from another country who wanted to disrupt the American system … I think I’d concentrate on messing up the touch-screen systems,” he told Fox News.
Russian hackers tried to access election-related computer systems in at least 21 states during last year’s election, according to the Department of Homeland Security. Intelligence officials say there is no evidence that hackers changed any votes. But experts like Halderman, who was able to infiltrate a voting machine while he was just a student, have no doubt that Russian intelligence operatives have the capability to change votes.
Halderman testified before a Senate panel last month that DHS has not performed computer forensics on any of these DREs in order to prove that there wasn’t any tampering or attempted tampering during last year’s election.
HuffPost reached out to the five states that rely exclusively on DRE machines and several states that use a mix of electronic machines and paper ballots. Election officials cited the high cost of replacing their electronic machines and insisted that they were taking the necessary precautions to ward off cyber-intruders and verify the results.
Meg Casper Sunstrom, press secretary for the Louisiana secretary of state, was dismissive of the criticism from computer scientists. “None of them have ever worked in an election,” said Sunstrom, arguing that the machines are secure because they are tested before and after the election, locked and secured with a tamper-proof seal before voting begins and are never connected to the internet.
And although there is no paper trail to audit, Sunstrom says the computer printout of the vote totals allows officials to verify that the number of votes cast matches the number of voters who signed in at each precinct.
The computer scientists lobbying against DREs aren’t convinced, however. Machines don’t need to be connected to the internet to be infected with malware, and the computer printouts “provide no protection whatsoever against hacked machines,” Halderman wrote in an email. “Someone who hacks the machine can cause it to print out whatever they want. My group did that with the Diebold DREs we hacked, for instance.”
The touch-screen voting machines in Louisiana are more than 10 years old, and the state is looking to replace them ― though Sunstrom says they don’t plan to use paper ballots because “people don’t like paper ballots at all!”
Even in jurisdictions where election officials want to get rid of their touch-screen machines, most states don’t have the money to purchase new equipment. After the George W. Bush-Al Gore recount debacle in 2000, when punch-card voting machines rendered some ballots unreadable, Congress passed the Help America Vote Act in 2002, which has provided states with over $3 billion to modernize their equipment. All 50 states took the money, and most of them used it to buy touch-screen DRE voting machines.
The act, passed in 2002, “fundamentally changed the market for voting machines,” election experts Lawrence Norden and Christopher Famighetti wrote in a Brennan Center for Justice report. By 2006, 38 percent of registered voters used electronic voting machines, compared with 12 percent in 2000.
But within a few years, demonstrations of how vulnerable those new machines are to tampering caused most jurisdictions to switch to paper ballots. Last November, at least 80 percent of voters made their selections on a paper ballot or an electronic machine that also produces a paper trail, the Brennan Center found.
The Brennan Center estimates that replacing the country’s paperless voting machines would cost $130 million to $400 million ― a fraction of what Congress allocated in 2002. But most states have already spent the money they got from the federal government, and some of those still using touch-screen systems are simply accustomed to their convenience.
When election officials argue that their DRE machines are secure, it’s hard to tell if they really doubt warnings from experts or if they are reluctant to cast doubt on machines they can’t afford to replace. Officials are “sensitive to the risk of undermining confidence in elections,” said Felten, who went on to serve in the White House Office of Science and Technology Policy under President Barack Obama. “That can make it difficult to have straightforward conversations about the risks that exist.”
New Jersey, which is among the states that rely entirely on electronic voting machines, passed a law in 2005 requiring all voting machines to produce a voter-verified paper record by Jan. 1, 2008, ahead of the state’s presidential primary. But the law was extended and ultimately never implemented because of funding issues. Upgrading the state’s voting systems was projected to cost $19 million.
“That $19 million is going to be used to help people who can’t find jobs, feed their families or heat their homes,” Assemblywoman Joan Quigley said in 2009.
Part of the reason it is so difficult to get the nation equipped with secure voting equipment is the decentralized nature of elections in the U.S. There are about 8,000 election jurisdictions in the country, and procedures are regulated at the state level. The Help America Vote Act created an Election Assistance Commission, but its guidelines are voluntary and “not at all rigorous,” Halderman argues. Lawmakers have, by and large, been hesitant to impose more restrictive standards on states out of fear that they’ll be accused of federal overreach.
Donna Curling, a 62-year-old stay-at-home mother in Georgia, spent two years traveling to Washington to lobby lawmakers to pass a law requiring states to use election equipment that would leave a paper trail. Members of Congress were sympathetic to her concerns about the electronic machines used in her home state, but most ― especially Republicans, she recalled ― said it wasn’t the federal government’s place to tell states how to run elections.
Curling stopped making the trips to D.C. in 2009, after years of unsuccessful conversations with lawmakers. “It takes over your life,” she said.
But then Curling read a news story in March about a data breach at Kennesaw State University’s Center for Election Systems, which tests and programs Georgia’s voting machines, and decided it was time to get involved again. Curling filed a lawsuit against Georgia Secretary of State Brian Kemp earlier this year in an effort to force the use of paper ballots in the June 20 congressional runoff election, in which Republican Karen Handel defeated Democrat Jon Ossoff.
Fulton County Superior Court Judge Kimberly Esmond Adams wrote in June that Curling’s “concern that the DRE voting system lack a verification feature is legitimate.” But the judge ultimately denied the request, citing a lack of evidence and a sovereign immunity clause that applies to the secretary of state.
Curling filed another lawsuit earlier this month, this time asking the judge to overturn the June 20 election results and get rid of the state’s electronic voting machines. She says she is motivated not by a preference in candidates but by a concern that it’s impossible to know who really won the election with the equipment the state currently uses. While Curling identifies as a Democrat, one of her co-plaintiffs is a registered Republican.
“This isn’t a partisan issue, this is about voting, the cornerstone of our democracy, a sacred right that deserves protection under the law.”
“This isn’t a partisan issue, this is about voting, the cornerstone of our democracy, a sacred right that deserves protection under the law,” Curling said in an interview. “As citizens, I feel we have the right to demand transparency to verify that our true intent was conveyed.”
Even if the fight isn’t partisan for Curling, party politics have certainly tainted the issue of election security. President Donald Trump still casts doubt over whether Russia interfered in last year’s election, despite the intelligence community’s assessment. Instead of encouraging states to bolster the security of the voting machines, the Trump administration is asking them to hand over sensitive information about voters as part of a voter fraud commission. Aggregating voters’ names, birth dates, voting history and the last four digits of their Social Security numbers into one place presents a gold mine for hackers, warned former Homeland Security Secretary Michael Chertoff.
Trump’s stance on election security makes it hard for Republicans to publicly advocate changes to voting machines, since doing so would imply that Russian interference, not voter fraud, was the main problem with last year’s election. Some Trump allies have followed the president’s lead on the Russia hacking issue ― including Kemp, who is now running for Georgia governor and recently told The Washington Post he doesn’t “necessarily believe” that Russia interfered with the 2016 elections.
“The people who own the voting systems in Georgia actually don’t believe there’s a pressing threat!” said Richard DeMillo, a computer science professor at Georgia Tech who flagged problems with Georgia’s voting machines back in 2008.
If states want to patch the weaknesses in their election infrastructure before the 2018 midterm elections, they will need to act immediately. And that will likely require a new funding commitment from Congress.
Wallach, the computer scientist who told lawmakers last year to treat the 2016 hack as a warning, is not optimistic that politicians will heed his advice.
“Somehow support for election integrity in the face of the Russian threat has become entangled with support for President Trump, which means that we don’t have the bipartisan support that would be helpful in getting things done,” Wallach said.
CORRECTION: The Fulton County court official who said Donna Curling’s lawsuit raised a “legitimate” concern but denied her request to, in effect, force the use of paper ballots in a congressional runoff election was not Clerk Cathelene Robinson. It was Superior Court Judge Kimberly Esmond Adams.