Cyber Defense Review

The False Promise of Hacking Democracy

By Dr. Aaron Brantly | November 04, 2016

“Probable impossibilities are to be preferred to improbable possibilities”

It is immensely convenient to claim that a Federal election can be hacked; however, the reality of hacking such an election is far more difficult than one might realize. The level of complexity in the US electoral process is such that to hack the election would require a combined feat of technical and social engineering requiring tens of thousands of co-conspirators operating across hundreds of jurisdictional boundaries with divergent laws and practices. Having worked in democracy development for the better part of 10 years on elections in several dozen countries, the state of American electoral security is strong because of its immensely decentralized nature. In a case where the bewildering and often arcane complexity facilitates inefficiency, it is this inefficiency that coincidentally fosters systemic resilience. It is the organizational attributes of a national election run by state and local authorities that make the United States a poor target for any malicious actor attempting to directly affect the polling places where American’s cast their ballots.

To understand why the United States is so resilient to malicious actors seeking to manipulate a national election requires understanding the nuances of federal, state and local roles in the execution of a national election. One of the best sources for understanding the complexities of the American voting process was produced by a 2014 Presidential Commission. The commission deconstructs its recommendations and thereby provides insight into the electoral procedures of states by examining issues about voter registration, access to polling locations, the management of polling places, and the technology of voting itself.[i]

It should be noted that everything from the registration of voters to the management of polling locations and the subsequent tallying of votes is largely overseen at the state level or below. The laws and rules associated with voter eligibility within a given state, and the necessary requirements associated with registering to vote are largely state-based. The primary body that informs state executive offices on election administration and federal legislation related to voting practices and laws is the National Association of Secretaries of State (NASS). This body seeks to distribute information in a non-partisan manner, and exists primarily to disseminate information between states.[ii] The NASS also provides helpful resources for state legislation related to the management of polling stations, voting requirements, and laws within each state.[iii]

To analyze the potential for “hacking” an election, I will briefly break down the legal, functional, and technical attributes of voting within the United States. The intent is to illustrate the complexity and relative robustness of the US system, while simultaneously highlighting its gross incongruities based largely on state preferences. This is not a comprehensive assessment of the resilience and vulnerabilities of the US election but rather is intended to provide a starting point for curious minds.

Basic Legal Considerations in US Elections

Generally, enfranchisement originates within constitutional law. Constitutional law supersedes state law under the Supremacy Clause (Article VI, Clause 2) of the United States Constitution. Moreover, the right to vote has been further elucidated in the 15th, 19th and 26th Amendments to the Constitution and establishes that voting rights cannot be abridged on account of race, color, previous conditions of servitude, sex, or age for those over the age of 18.[iv] While there has been controversy between the states and the Federal government, these are largely settled through the legislatures in accordance with established legal precedents. Although there have been suggestions that some state practices reduce ease of attainment to the right of enfranchisement, such state laws must skirt the edge of constitutional law. These laws are also typically on record on a state by state basis and susceptible to challenge within the courts. Thus to hack the election from a structural perspective on who is and is not able to vote is indeed possible, but not without the oversight of state and federal bodies as well as multiple non-governmental organizations. Legislation that might disenfranchise or discourage voter registration might skew election results but are largely constructed in public view. This, however, does not diminish their often controversial nature.[v]

At the legal level, there are few apparent ways to manipulate an election absent oversight. There are no reasonable technical means by which a malicious actor could systematically manipulate election results across multiple states simultaneously to have a high probability of altering election results.

Basic Functional Considerations of US Elections

Who can register to vote and when they can vote is conducted on a state by state basis. The US Vote Foundation is one of many robust organizations that provides detailed information on a variety of issues related to voter registration and the timing of votes and voting methods.[vi] A summary search of voter registration requirements by state illustrates significant differences by state as to the time, documentation requirements and services available for voter registration. Moreover, each state has divergent voter requirements for voter options and methods on early voting[vii], Election Day voting laws[viii] and more.

Because states maintain voter rolls independent of one another, it is conceivable that an individual might attempt to register in two neighboring jurisdictions to double vote. To mitigate this issue states have established at least two primary mechanisms for voter verification. The Electronic Registration Information Center (ERIC) maintains voter rolls for twenty-one states and allows them to verify voter registration, motor vehicle information, and postal information across states and within the United States Postal Service database. The Interstate Crosscheck Program leverages similar procedures to ERIC and includes twenty-nine states. Even the manipulation of voter lists by placing deceased persons should be caught by either state registration databases, motor vehicle databases, benefits databases, or the US Postal Service. If a deceased person is attempting to vote across state boundaries, such a person should also be identified by cross-border databases. The functional act of registering to vote and subsequently voting varies state by state, yet the data indicate that incidents of voter fraud are extremely rare. The Washington Post in 2014 provided a detailed analysis of more than one billion votes cast in elections at all levels of government from 2000-2014 and found only thirty-one confirmed incidents of fraud.[ix] Statistically, you have significantly better odds of winning the lottery than finding someone committing voter fraud. Even then, the impact of such fraud on the outcome of elections is nonexistent.

Is it possible to hack and systematically manipulate every single database or enough databases to provide the number of potentially fraudulent voters to sway an election? Yes. But the probability is infinitely small and is further constrained by technical challenges in the actual execution of voting so as to make the impact of voter fraud through digital manipulation futile. Moreover, because each congressional district is sampled every ten years in the census, significant changes in voter registrations by district would provide strong indicators of fraud before, during, and after an election. In addition to the mandated census numbers is a consistent statistical assessment of district population maintained on an ongoing basis. The manipulation of voter rolls to a level that might sway an election is constrained by numerous checks and balances, some digital, some historical, and others practical.

Basic Technical Characteristics of US Elections

In the United States, twenty-one states are not susceptible to digital attacks at the polling station. These states use exclusively paper based or mail based ballots.[x] Of the remaining thirty-one states including the District of Columbia, each uses DRE (direct-recording electronic voting machine),[xi] eighteen of these states have a paper trail associated with the DRE with three of these providing the option not to have a paper trail.[xii] There is no way to fully protect DRE systems. They are a digital system and therefore susceptible to various attack vectors, some of which have been demonstrated. Many of these states are using systems that are more than ten years old. Wired published an article in August 2016 indicating the relative ease with which these voting machines might be systematically violated to achieve outcomes other than those intended by a voter.[xiii]

To eliminate issues associated with voting machine vulnerability half of all states engage in post-election audits to verify the paper and digital vote totals.[xiv] Other fundamental problems would arise in the targeting of the voting machines themselves. First, while there are a limited number of voting machine vendors, there is still a reasonable variety that would require expertise across multiple systems. Many of these machines are never connected to the Internet and would also, therefore, require in person manipulation. In person manipulation might be possible with select districts, but the feasibility of manipulating machines across multiple districts becomes significantly more complicated. If an election were sufficiently close so that the manipulation of a single district might affect the electoral outcome, the possibility of hacking the democracy might be viable. However, there is no modern US election in which the results post audit indicated any meaningful or intentional manipulation. Hacking the voting infrastructure might cast doubt on the electoral process, but even then there are mechanisms for recounts, re-votes, judicial and legislative action. The areas of most concern are the voting devices themselves, yet the voting devices are only one part of a broader ecosystem that ensures the viability of election results.

The False Promise

There is a reason why election fraud is hard to hide, math. Even if one were to compound the probabilities of success of hacking or manipulating each of the briefly examined categories above, the numbers and turnout of voters by demographic is extremely difficult to falsify. Changing the outcome of a vote requires detailed knowledge of each area where voting occurs. Why so many authoritarian regimes struggle at hiding their manipulation of elections is not for lack of practice, coordination or planning, but because the math simply never adds up.

As Americans head to the polls, they should know that the lines, the frustrations of registration, the differences in laws across states while often frustrating and controversial make the eventual democratic outcome more resilient in the face of individuals or states that might seek to alter an election. The United States has a robust history of peaceful transitions largely absent voter fraud or manipulation. Even under very contentious conditions in 2000, the electoral process proceeded through the judiciary in an orderly manner. The flip side of the false promise of hacking democracy is the realization that more than 240 years of statehood have demonstrated that the American experiment will continue to live on despite the challenges confronting it in the digital age.

References

[i] The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, 2014. https://www.supportthevoter.gov/files/2014/01/Amer-Voting-Exper-final-draft-01-09-14-508.pdf

[ii] http://www.nass.org/about-nass/about/.

[iii] https://www.supportthevoter.gov/files/2013/12/state-laws-polling-place-electioneering-102912.pdf.

[iv] https://www.archives.gov/founding-docs/constitution.

[v] https://www.washingtonpost.com/news/wonk/wp/2016/02/04/new-evidence-that-voter-id-laws-skew-democracy-in-favor-of-white-republicans/.

[vi] https://www.usvotefoundation.org.

[vii] https://www.usvotefoundation.org/vote/state-elections/state-voting-laws-requirements.htm

[viii] https://www.supportthevoter.gov/files/2013/12/state-laws-polling-place-electioneering-102912.pdf.

[ix] https://www.washingtonpost.com/news/wonk/wp/2014/08/06/a-comprehensive-investigation-of-voter-impersonation-finds-31-credible-incidents-out-of-one-billion-ballots-cast/

[x] https://www.verifiedvoting.org/verifier/#.

[xi] Ibid.

[xii] Ibid.

[xiii] https://www.wired.com/2016/08/americas-voting-machines-arent-ready-election/.

[xiv] https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf.