Oct 15, 2024
As electronic voting systems become increasingly prevalent, concerns about their security have taken center stage in discussions surrounding modern elections. While digital solutions offer convenience and efficiency, they also open the door to potential cyber threats. With the stakes so high, the question on many people’s minds is, can electronic voting be hacked?
The integrity of elections is critical to the democratic process, and any vulnerabilities in voting systems could undermine public trust. This is clearer than ever, especially in the wake of both the 2016 and 2020 elections, where interference and potential hacks shook the people’s faith in election results. From outdated voting machines to sophisticated cyberattacks, the potential risks are real. However, with the right preparation and cybersecurity measures, these threats can be minimized.
In this article, the cybersecurity experts at Blade Technologies will explore the complexities of voting security, the role of cybersecurity professionals in safeguarding the electoral process, and how proactive efforts, like those seen at DEF CON’s Voting Village, are working to protect our votes.
The Evolution of Electronic Voting
Electronic voting has revolutionized how elections are conducted, evolving from simple mechanical systems to complex digital platforms that handle millions of votes. The idea to automate the voting process dates back to the late 19th century when mechanical lever voting machines were first introduced in the United States. By the late 20th century, the advent of computers led to the development of Direct Recording Electronic (DRE) voting machines, which allowed votes to be recorded and stored digitally without the need for paper ballots. The use of these machines surged in the early 2000s, particularly after the 2000 U.S. presidential election, which exposed flaws in traditional paper ballots. In response, the Help America Vote Act (HAVA) of 2002 provided funding for states to upgrade to newer, electronic systems.
Types of Electronic Voting Systems
Today, there are several types of electronic voting systems in use across the country:
- Direct Recording Electronic (DRE) Voting Machines: Voters make their selections directly on an electronic interface, and the machine records votes in a digital format. Some DREs produce a paper trail for audit purposes, while others do not, leading to concerns about their transparency and security.
- Optical Scan Paper Ballot Systems: Voters fill out paper ballots, which are then scanned and counted electronically. This system combines the security of a paper record with the efficiency of electronic tallying. It is often considered more secure since the paper ballots provide a verifiable backup.
- Hybrid Systems: Many states use a combination of electronic voting machines and paper ballots to mitigate risks. Voters may cast their votes on machines that print out a paper receipt, ensuring that a physical record exists for recounts or audits. These systems help address concerns about the potential for hacking or digital tampering.
How Electronic Voting Systems Can Be Hacked
As convenient as electronic voting systems are, they come with a range of vulnerabilities that cybercriminals can exploit if the systems are not adequately protected. The question of whether electronic voting can be hacked is not merely theoretical; in Voting Village at DEF CON each year, ethical hackers and security experts from across the country purposefully hack into voting machines to identify vulnerabilities.
The goal of the Voting Village is not to disrupt elections but to improve them by uncovering flaws that could be exploited by malicious actors. Through controlled hacking exercises, participants attempt to breach the security of voting machines, uncover backdoor vulnerabilities, and exploit software weaknesses, all to help election officials strengthen their systems before it’s too late. While the purpose of this exercise is to bolster the security of electronic voting, it raises concerns.
Real-world cases have demonstrated how electronic voting systems can be compromised:
- DEF CON Voting Village Findings: In the lead-up to major elections, one of the most anticipated events in the cybersecurity community is DEF CON’s Voting Village. Since its inception in 2017, the Voting Village has provided a crucial platform for ethical hackers, researchers, and security experts to identify vulnerabilities in electronic voting systems. In 2019, researchers included over 100 machines in the program, and hackers were able to find a vulnerability in every single one. Whether through new or previously published methods, hackers were able to compromise all devices, all of which are certified for use in at least one U.S. jurisdiction.
- 2016 U.S. Presidential Election: While there is no evidence that votes were changed, investigations into the 2016 U.S. election revealed extensive probing of state election systems by foreign actors. According to a 2019 report from the Senate Intelligence Committee, Russian hackers targeted state and local election boards, potentially exposing vulnerabilities in electronic voting machines and voter databases.
- 2018 Midterm Elections: During the 2018 midterm elections, several states reported attempted cyberattacks on their election infrastructure. These attacks focused on both voter registration systems and electronic voting machines. While an FBI investigation determined that no coordinated effort or targeting interrupted the election process, the incident underscored the need for stronger security measures to protect against future threats
The Debate on Electronic Voting and Security
The conversation around electronic voting is a polarizing one. On one side, advocates argue that it increases efficiency, accessibility, and accuracy in elections. On the other side, critics raise concerns about vulnerabilities that could undermine public trust in the democratic process. This debate only continues to intensify, especially in light of ongoing discoveries of potential flaws.
Arguments in Favor of Electronic Voting
- Increased Accessibility: Electronic voting systems, especially those with touchscreens or remote voting options, make voting easier for people with disabilities, senior citizens, and those who might otherwise have difficulty filling out paper ballots.
- Improved Efficiency and Speed: Electronic voting systems allow for faster vote tallying and reporting, reducing the time it takes to announce results. Paper-based systems can take days to fully count, especially in large elections.
- Reduction in Human Error: Paper ballots are susceptible to mistakes like improperly marked votes, which could lead to disputes or disqualified ballots. Electronic voting systems help to minimize these errors by offering user-friendly interfaces and automated vote counting.
- Paper Trails for Accountability: Many modern electronic voting systems now include paper audit trails, ensuring that if electronic data is compromised, a physical backup is available for recounts. This hybrid approach is designed to combine the efficiency of digital systems with the reliability of a traditional paper ballot.
Arguments Against Electronic Voting
- Hacking and Cyber Threats: The most commonly cited risk is the possibility of hacking. As discussed in previous sections, vulnerabilities in voting machines and infrastructure have been discovered by researchers at DEF CON’s Voting Village and through other investigations. Critics argue that even the most secure systems can be compromised by determined cybercriminals or foreign actors.
- Lack of Transparency: One of the major criticisms of electronic voting systems is their lack of transparency. Unlike paper ballots, which can be physically verified, the digital vote-counting process happens behind the scenes, leaving no visible trail for voters or officials to inspect.
- Technical Failures: Like any electronic device, there is a chance that voting machines experience technical failures, such as software glitches or power outages, which could disrupt the voting process.
How Cybersecurity Experts View the Landscape
Cybersecurity experts offer a more balanced perspective, recognizing both the potential and the risks of electronic voting. While no system is invulnerable, experts agree that proper security protocols, constant monitoring, and rigorous testing can mitigate many of the risks associated with digital voting. The work done at events like DEF CON’s Voting Village, as well as ongoing collaboration between election officials and cybersecurity firms, shows that proactive measures can significantly reduce the likelihood of a successful cyberattack.
Electronic Voting Isn’t Going Anywhere, But Security Measures Continue to Grow
The question of whether electronic voting can be hacked is not without merit, but it is important to remember that no system is entirely immune to threats. While electronic voting systems bring significant advantages in terms of speed, accessibility, and efficiency, they also come with security challenges that must be addressed to maintain the integrity of elections. Vulnerabilities in outdated software and the risk of hacking are concerns that need constant attention and mitigation.
However, events like DEF CON’s Voting Village and the work of cybersecurity experts show that these risks are not insurmountable. By proactively identifying and addressing flaws in electronic voting systems, election officials and cybersecurity firms can significantly reduce the likelihood of breaches. Additionally, hybrid approaches that incorporate paper audit trails offer a layer of security and accountability that can help ensure votes are accurately counted and verified.
In the end, the safety of electronic voting depends on vigilance, transparency, and continuous improvement. As technology evolves, so must the systems that protect our democracy. For voters, election officials, and cybersecurity professionals alike, the goal is clear: to ensure that every vote is counted securely.