Voting machines are old and vulnerable, and voter databases are connected to the internet.
Whatever the outcome Tuesday, there’s one thing that could very well happen: Accusations that the election has been rigged and the results falsified.
This is extremely unlikely — voter fraud is more rare than being struck by lightning, according to the nonpartisan Brennan Center for Justice.
But the 2016 presidential race has been riddled with leaks perpetrated by hackers who wormed their way into servers to try to undermine the election. And though there’s little precedent, the truth is that interference by hackers tomorrow is totally possible.
That doesn’t mean hackers are necessarily able to alter the election results, but they could sow fear and mayhem that lead to claims of rigging after Election Day.
Vulnerable voting machines
“Most voting systems are not designed to be connected to the internet for their operation, and because of that there’s no easy remote way in,” said Pamela Smith of VerifiedVoting.org, a nonpartisan group that promotes accuracy and transparency at the polls. Officials like to point out that this is a security feature.
But, Smith says, that doesn’t rule out concern for an insider threat.
Many voting machines are running software that’s over a decade old, like Windows XP, which Microsoft hasn’t issued a security patch for since 2014. Others store ballots on memory cards, which could be used to insert viruses that can cause the machines to malfunction or alter votes. Take the Sequoia AVC Edge, for example, which is used in 12 states. It was hacked by a group of academics who installed malware that made the machine unable to do anything but play Pac-Man.
Still, there’s no indication that voting machines have ever been hacked in a U.S. presidential race before.
Voter registration databases
Across the country, state voter registration data is synced with the internet; the integration has allowed people to register online or at the DMV. But it also means those databases are vulnerable to hackers, who could break into a state’s system and remove voter names or change information that may cause delays and confusion at the polls.
In August, the FBI launched an investigation into the hacking of state voter record databases in Arizona and Illinois after attackers were able to remotely access voters’ names, addresses and driver’s license numbers. Law enforcement said that in both cases there’s no evidence that any of the data was changed.
Then in Indiana last month, a security researcher demonstrated how he was able to quickly break into the state’s database and edit people’s voter information. Last year, another researcher found 191 million hacked voter registration records sitting on an open database that apparently anyone could find.
The Department of Homeland Security doesn’t classify voter registration databases as critical infrastructure and therefore are not prioritized for federal protection.
Strengthening voter systems
After the incidents in Arizona and Illinois this August, the Department of Homeland Security offered to help state election officials audit voting machines and shore up their electronic voter systems to ensure everything goes smoothly come Election Day. And all but four states took Homeland Security up on the offer.
Ultimately, three-quarters of Americans will use paper ballots tomorrow, and most voting machines also produce a paper record of the ballot cast, so people can verify their vote.
But in five states, the electronic voting machines used statewide don’t produce any paper trail, and the same is true for most counties in Pennsylvania, which is a major swing state this election cycle.
Watch Edward Felten, the current Deputy U.S. Chief Technology Officer, demonstrate in his testimony before Congress how his team was able to inject a virus into a Diebold electronic voting machine.
Here’s a video of security researchers playing Pac-Man on a hacked voting machine.