Since Direct Recording Electronic voting machines first came into vogue in the U.S. in 2002, a team of cyber-academics (known as the Princeton Group) has been busy demonstrating how easy it is to hack these machines, to remind American citizens just how cyber-vulnerable the voting process is. From their first successful hack into a DRE 15 years ago, they surmised that it was just a matter of time until a cyber-attack occurred in a national election. This summer’s cyber-attack of the Democratic National Committee has shed light on how such events can potentially affect this, and future, elections. Given the apparent ease with which the attack occurred on the DNC, is there any real reason to believe the same cannot, or will not, occur in November?
The DNC hack has certainly captured the attention of the government, with DHS Secretary Johnson acknowledging that the nation’s electoral system is indeed vulnerable, and that it has a long way to go achieve meaningful cyber security in the voting booth. To underscore the point, consider that the U.S. electoral system is not even governed by a national body, but rather each state. There are more than 8,000 separate electoral jurisdictions that are, in the end, governed by city, county and state governments. No offense to the election officials in these jurisdictions, but the vast majority are middle aged volunteers. Neither they, nor the institutions they represent, have meaningful orientation toward or experience in cyber security. Given this, and the absence of federal government oversight, it is clear that we are terribly vulnerable.
The Princeton Group’s message is simplistically clear: the latest generation of smart phones are more secure than DREs, and as a result, there are many critical areas in the vote gathering and counting process that are at risk. Although some voting district officials have commenced the process of becoming less reliant on DREs — replacing them with alternatives such as optical scanners — those DREs that remain are increasingly obsolete, with aging software and large cyber ‘holes’ that may be exploited. Hundreds of digital-only precincts remain, many in swing states, and they become less secure with each passing year.