Cyber Defense Review

The False Promise of Hacking Democracy

By Dr. Aaron Brantly | November 04, 2016

“Probable impossibilities are to be preferred to improbable possibilities”

It is immensely convenient to claim that a Federal election can be hacked; however, the reality of hacking such an election is far more difficult than one might realize. The level of complexity in the US electoral process is such that to hack the election would require a combined feat of technical and social engineering requiring tens of thousands of co-conspirators operating across hundreds of jurisdictional boundaries with divergent laws and practices. Having worked in democracy development for the better part of 10 years on elections in several dozen countries, the state of American electoral security is strong because of its immensely decentralized nature. In a case where the bewildering and often arcane complexity facilitates inefficiency, it is this inefficiency that coincidentally fosters systemic resilience. It is the organizational attributes of a national election run by state and local authorities that make the United States a poor target for any malicious actor attempting to directly affect the polling places where American’s cast their ballots.

To understand why the United States is so resilient to malicious actors seeking to manipulate a national election requires understanding the nuances of federal, state and local roles in the execution of a national election. One of the best sources for understanding the complexities of the American voting process was produced by a 2014 Presidential Commission. The commission deconstructs its recommendations and thereby provides insight into the electoral procedures of states by examining issues about voter registration, access to polling locations, the management of polling places, and the technology of voting itself.[i]

It should be noted that everything from the registration of voters to the management of polling locations and the subsequent tallying of votes is largely overseen at the state level or below. The laws and rules associated with voter eligibility within a given state, and the necessary requirements associated with registering to vote are largely state-based. The primary body that informs state executive offices on election administration and federal legislation related to voting practices and laws is the National Association of Secretaries of State (NASS). This body seeks to distribute information in a non-partisan manner, and exists primarily to disseminate information between states.[ii] The NASS also provides helpful resources for state legislation related to the management of polling stations, voting requirements, and laws within each state.[iii]

To analyze the potential for “hacking” an election, I will briefly break down the legal, functional, and technical attributes of voting within the United States. The intent is to illustrate the complexity and relative robustness of the US system, while simultaneously highlighting its gross incongruities based largely on state preferences. This is not a comprehensive assessment of the resilience and vulnerabilities of the US election but rather is intended to provide a starting point for curious minds.

Basic Legal Considerations in US Elections

Generally, enfranchisement originates within constitutional law. Constitutional law supersedes state law under the Supremacy Clause (Article VI, Clause 2) of the United States Constitution. Moreover, the right to vote has been further elucidated in the 15th, 19th and 26th Amendments to the Constitution and establishes that voting rights cannot be abridged on account of race, color, previous conditions of servitude, sex, or age for those over the age of 18.[iv] While there has been controversy between the states and the Federal government, these are largely settled through the legislatures in accordance with established legal precedents. Although there have been suggestions that some state practices reduce ease of attainment to the right of enfranchisement, such state laws must skirt the edge of constitutional law. These laws are also typically on record on a state by state basis and susceptible to challenge within the courts. Thus to hack the election from a structural perspective on who is and is not able to vote is indeed possible, but not without the oversight of state and federal bodies as well as multiple non-governmental organizations. Legislation that might disenfranchise or discourage voter registration might skew election results but are largely constructed in public view. This, however, does not diminish their often controversial nature.[v]

At the legal level, there are few apparent ways to manipulate an election absent oversight. There are no reasonable technical means by which a malicious actor could systematically manipulate election results across multiple states simultaneously to have a high probability of altering election results.

Basic Functional Considerations of US Elections

Who can register to vote and when they can vote is conducted on a state by state basis. The US Vote Foundation is one of many robust organizations that provides detailed information on a variety of issues related to voter registration and the timing of votes and voting methods.[vi] A summary search of voter registration requirements by state illustrates significant differences by state as to the time, documentation requirements and services available for voter registration. Moreover, each state has divergent voter requirements for voter options and methods on early voting[vii], Election Day voting laws[viii] and more.

Because states maintain voter rolls independent of one another, it is conceivable that an individual might attempt to register in two neighboring jurisdictions to double vote. To mitigate this issue states have established at least two primary mechanisms for voter verification. The Electronic Registration Information Center (ERIC) maintains voter rolls for twenty-one states and allows them to verify voter registration, motor vehicle information, and postal information across states and within the United States Postal Service database. The Interstate Crosscheck Program leverages similar procedures to ERIC and includes twenty-nine states. Even the manipulation of voter lists by placing deceased persons should be caught by either state registration databases, motor vehicle databases, benefits databases, or the US Postal Service. If a deceased person is attempting to vote across state boundaries, such a person should also be identified by cross-border databases. The functional act of registering to vote and subsequently voting varies state by state, yet the data indicate that incidents of voter fraud are extremely rare. The Washington Post in 2014 provided a detailed analysis of more than one billion votes cast in elections at all levels of government from 2000-2014 and found only thirty-one confirmed incidents of fraud.[ix] Statistically, you have significantly better odds of winning the lottery than finding someone committing voter fraud. Even then, the impact of such fraud on the outcome of elections is nonexistent.

Is it possible to hack and systematically manipulate every single database or enough databases to provide the number of potentially fraudulent voters to sway an election? Yes. But the probability is infinitely small and is further constrained by technical challenges in the actual execution of voting so as to make the impact of voter fraud through digital manipulation futile. Moreover, because each congressional district is sampled every ten years in the census, significant changes in voter registrations by district would provide strong indicators of fraud before, during, and after an election. In addition to the mandated census numbers is a consistent statistical assessment of district population maintained on an ongoing basis. The manipulation of voter rolls to a level that might sway an election is constrained by numerous checks and balances, some digital, some historical, and others practical.

Basic Technical Characteristics of US Elections

In the United States, twenty-one states are not susceptible to digital attacks at the polling station. These states use exclusively paper based or mail based ballots.[x] Of the remaining thirty-one states including the District of Columbia, each uses DRE (direct-recording electronic voting machine),[xi] eighteen of these states have a paper trail associated with the DRE with three of these providing the option not to have a paper trail.[xii] There is no way to fully protect DRE systems. They are a digital system and therefore susceptible to various attack vectors, some of which have been demonstrated. Many of these states are using systems that are more than ten years old. Wired published an article in August 2016 indicating the relative ease with which these voting machines might be systematically violated to achieve outcomes other than those intended by a voter.[xiii]

To eliminate issues associated with voting machine vulnerability half of all states engage in post-election audits to verify the paper and digital vote totals.[xiv] Other fundamental problems would arise in the targeting of the voting machines themselves. First, while there are a limited number of voting machine vendors, there is still a reasonable variety that would require expertise across multiple systems. Many of these machines are never connected to the Internet and would also, therefore, require in person manipulation. In person manipulation might be possible with select districts, but the feasibility of manipulating machines across multiple districts becomes significantly more complicated. If an election were sufficiently close so that the manipulation of a single district might affect the electoral outcome, the possibility of hacking the democracy might be viable. However, there is no modern US election in which the results post audit indicated any meaningful or intentional manipulation. Hacking the voting infrastructure might cast doubt on the electoral process, but even then there are mechanisms for recounts, re-votes, judicial and legislative action. The areas of most concern are the voting devices themselves, yet the voting devices are only one part of a broader ecosystem that ensures the viability of election results.

The False Promise

There is a reason why election fraud is hard to hide, math. Even if one were to compound the probabilities of success of hacking or manipulating each of the briefly examined categories above, the numbers and turnout of voters by demographic is extremely difficult to falsify. Changing the outcome of a vote requires detailed knowledge of each area where voting occurs. Why so many authoritarian regimes struggle at hiding their manipulation of elections is not for lack of practice, coordination or planning, but because the math simply never adds up.

As Americans head to the polls, they should know that the lines, the frustrations of registration, the differences in laws across states while often frustrating and controversial make the eventual democratic outcome more resilient in the face of individuals or states that might seek to alter an election. The United States has a robust history of peaceful transitions largely absent voter fraud or manipulation. Even under very contentious conditions in 2000, the electoral process proceeded through the judiciary in an orderly manner. The flip side of the false promise of hacking democracy is the realization that more than 240 years of statehood have demonstrated that the American experiment will continue to live on despite the challenges confronting it in the digital age.

References

[i] The American Voting Experience: Report and Recommendations of the Presidential Commission on Election Administration, 2014. https://www.supportthevoter.gov/files/2014/01/Amer-Voting-Exper-final-draft-01-09-14-508.pdf

[ii] http://www.nass.org/about-nass/about/.

[iii] https://www.supportthevoter.gov/files/2013/12/state-laws-polling-place-electioneering-102912.pdf.

[iv] https://www.archives.gov/founding-docs/constitution.

[v] https://www.washingtonpost.com/news/wonk/wp/2016/02/04/new-evidence-that-voter-id-laws-skew-democracy-in-favor-of-white-republicans/.

[vi] https://www.usvotefoundation.org.

[vii] https://www.usvotefoundation.org/vote/state-elections/state-voting-laws-requirements.htm

[viii] https://www.supportthevoter.gov/files/2013/12/state-laws-polling-place-electioneering-102912.pdf.

[ix] https://www.washingtonpost.com/news/wonk/wp/2014/08/06/a-comprehensive-investigation-of-voter-impersonation-finds-31-credible-incidents-out-of-one-billion-ballots-cast/

[x] https://www.verifiedvoting.org/verifier/#.

[xi] Ibid.

[xii] Ibid.

[xiii] https://www.wired.com/2016/08/americas-voting-machines-arent-ready-election/.

[xiv] https://people.csail.mit.edu/rivest/pubs/Riv16x.pdf.



US Army Comments Policy
If you wish to comment, use the text box below. Army reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The Army and the Army alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the Army, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying Army endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

Army does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. Army may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. Army does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Army or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.