Election Security Can Be as Simple as Preserving Paper

(Inside Science) -- Joseph Stalin, no friend of free elections, is credited with saying it was not the people who cast the votes that decide elections. It’s the people who count them.

Since the 2016 presidential election, considerable thought -- but not much money -- has gone into seeing if he’s wrong. According to an expert interviewed by NPR, it would cost at most $400 million to make states with vulnerable systems more secure, but a bill to do that died in Congress last month.

There have been some changes in voting procedures, but whether the changes will be enough to block foreign and domestic interference with the upcoming midterm elections is simply unknown.

In 2017, the federal government informed 21 states that their systems had been targeted by hackers, beginning with Illinois. There is no publicly known evidence that hackers from Russia -- or elsewhere -- changed any vote.

States determine how elections are run, according to Article I, Section 4 of the U.S. Constitution. The way ballots are handled suggests that some states are better protected against tampering than others.

According to the American Encyclopedia of Politics, 16 states have no paper backup to their electronic systems and just use voting machines. Experts say that makes them vulnerable.

In early September, the National Academies of Sciences, Engineering, and Medicine recommended all states have a paper backup to the votes collected by electronic devices.

Since 2016, state legislatures have passed at least 500 bills related to voting, according to a report from Propublica.

There are two primary ways to affect an election -- changing the actual vote count or tinkering with registration databases, said Avi Rubin, technical director of the Johns Hopkins University Information Security Institute in Baltimore.

In the safest states, you fill in a paper ballot using one of several methods, including using a marker, punch cards or electronic machines, and the ballot is entered into a scanner, which gathers the results. The machine makes a printout so the voter can see what was recorded.

While it is still possible to hack into the scanners, it also is possible to detect a hack by comparing the scanner results with the paper ballots, Rubin said.

Officials do a random sample of precincts and compare the paper totals to the ones on the scanner. If there are discrepancies, paper ballots offer a backup option of counting them all by hand if necessary. The 16 states without a paper trail can’t do that and therefore have no way to know for certain if the election has been compromised.

One method of breaking in is called “phishing,” which involves sending a mass-distributed phony e-mail message presented as if it is from a company or a bank, asking for information. If you open the mail you will be encouraged to give up passwords and other personal information or reveal a weakness in the software allowing entry. By responding, you are potentially opening a software back door.

In “spearfishing,” a message is targeted to a specific individual. That’s how the Russians hacked the Democratic National Committee and obtained emails in 2016. Deterring these attacks requires users to ignore messages from sites they don’t recognize and not provide attackers with personal information.

Another method is to sneak malware -- software that invades an operating system -- onto a computer, which can cause colossal damage. In 2010, Israeli and American government hackers crashed the entire Iranian nuclear program when a double agent with a single memory stick inserted it into a single computer. The Iranians lost about a year’s work.

If hackers can’t actually change results, they can discredit them. They could delete names from the registration database. Or simply change birth dates, for instance, so that if an older man walks into a polling station and the database says the person with that name is 25-years-old, the would-be voter could be rejected or bounced to provisional ballots because of the obvious age discrepancy, Rubin said.

Hacking a state’s data isn’t necessarily difficult to do.

At a hacker contest in early August, an 11-year-old contestant broke into a duplicate of the website of the Florida Secretary of State and changed the voting results. It took her 10 minutes.

Why don’t states just chuck the old voting machine technology and use only old-fashioned paper ballots and ballot boxes? Resources and cost, Rubin said. Also, various studies show human counts aren't as accurate as a scanner's, he said. Sometimes humans don't even agree about how to record an individual vote. Remember the hanging chads in the 2000 election?

Securing databases for elections is similar to protecting any system. It can be a constant battle with hackers.

No system is perfect, said Phil Stark, professor of statistics at the University of California, Berkeley, but, if you have a secure voter roll, having honest votes is not that difficult.

“It doesn’t require any technology breakthroughs or innovation,” said Stark.

Comparing electronic counts with paper trails is called risk-limiting audits. Marking the ballots by hand rather than using a machine is best because it is more likely the voter will notice errors or votes going to the wrong candidate, Stark said. In some states they give the voters printouts for review.

“You really need to check the paper,” he said.

Making the unsafe states more secure costs money, Rubin said.

In July, a bill to increase election security spending was blocked in Congress. The bill would have, among other things, let states that do not have paper trails get them so they can assure voters the count is right, and require paper backup for all federal elections.

The administration said the bill was unnecessary because the federal government had all the authority it needed to act and did not want to move power from the states to the federal government.