After losing to Joe Biden in November, President Donald Trump has been amplifying conspiracy theories about electronic voting without knowing or caring just how much this year’s swing states have done to protect the integrity of their elections. False claims that voting machines were “rigged” to change or delete votes—accepted by a disturbingly large percentage of Trump supporters—are harmful for obvious reasons: They wrongly undermine confidence in the democratic process, and have spurred harassment and threats aimed at election officials and poll workers. But they also give the public a wildly distorted picture of election cybersecurity, ignoring states with real security problems to address while perversely sowing doubts about states that have followed all the best expert advice.
After a federal judge condemned Georgia’s antique voting machines as unreliable, Republican officials there scrambled to roll out and test more than 30,000 new voting machines—at a cost of more than $100 million—before the state’s presidential primary earlier this year. To Peach State election administrators, Trump supporters’ baseless fraud allegations are infuriating. “They’re part of a fever dream,” fumed Gabriel Sterling, the state’s voting-implementation manager, in a PBS interview. “They’re made up out of whole cloth.”
The digital “vote rigging” narrative rocketed from fringe message boards to mainstream discourse a week after Election Day, after Trump falsely claimed on Twitter that voting software had “DELETED 2.7 MILLION TRUMP VOTES NATIONWIDE” and “SWITCHED 435,000 VOTES FROM TRUMP TO BIDEN.” After the Department of Homeland Security’s cybersecurity agency said otherwise—in a statement reassuring voters that no evidence showed votes had been deleted or changed—Trump summarily fired the agency’s widely respected director, Chris Krebs, for his inconvenient candor. Undeterred by the emphatic denials of state election officials and cybersecurity experts, Trump’s legal team would soon elaborate these claims into a byzantine fantasy starring such diverse malefactors as the financier George Soros and the long-dead Venezuelan despot Hugo Chávez—at least in public statements. In court, where there are legal consequences for making things up, they have remained more circumspect.
Tall tales of hacked voting machines and hijacked tabulation software gain an air of plausibility by citing the essential work done by serious cybersecurity experts in recent years to document vulnerabilities in widely deployed voting technology. Until angels learn to code, all software, whether installed on a laptop, smartphone, or voting machine, will have flaws and vulnerabilities an attacker might exploit. A robust approach to cybersecurity, therefore, requires more than just finding and closing those loopholes. It means designing systems that will work reliably even if compromised—a level of resiliency that discourages hackers from attacking them in the first place. For election systems, that means ensuring that a voter-verified physical ballot—an auditable paper trail—exists for every vote cast. Manual counts of a sample of those paper ballots, known as risk-limiting audits, can then be used to confirm that the digital tallies are accurate.
Happily, many states have heeded the advice of experts in recent years, implementing routine audits and replacing direct-recording electronic, or DRE, machines, an antiquated technology in which touch screens record choices without creating a paper ballot for the voter to inspect. Yet several states that have done virtually everything right, many at the urging of Republican officials previously seen as Trump allies, have found themselves at the center of conspiracy theories.
Pennsylvania, Georgia, and Michigan have successfully replaced their DRE machines—meaning every voter either hand-marks a ballot or is presented with a printed paper record of their selections to verify—and implemented risk-limiting audit programs. In Pennsylvania, this involved a Herculean effort: As recently as 2018, the majority of the state’s voters cast ballots with no paper trail. Michigan, meanwhile, had a slight head start, approving a major initiative to update its voting equipment back in 2017.
In practice, these changes make electronic “vote rigging” on the scale necessary to shift the outcome of a statewide election highly infeasible, especially when the margin of victory is tens of thousands of votes. Multiple hand recounts in Georgia, unsurprisingly, turned up no evidence of digital shenanigans.
Meanwhile, eight states—Texas, Mississippi, Louisiana, New Jersey, Indiana, Kansas, Kentucky, and Tennessee—still use DRE machines with no paper trail, in at least some precincts. You probably haven’t heard any vote-rigging conspiracy theories concerning those states lately, because none of them is a battleground state, and Trump comfortably won all of them but New Jersey. In other words, voter anxiety about election security is being stoked in states that have behaved responsibly, while states that have been less responsive to expert advice get a free pass, because highlighting their shortcomings does nothing to advance a partisan narrative.
In an extraordinary display of chutzpah, Texas Attorney General Ken Paxton mounted a court challenge impugning the integrity of the results in more secure swing states, egged on by several red states that have similarly failed to fully adopt auditable paper trails. It may not have occurred to Paxton that, had his long-shot lawsuit succeeded, the precedent established would give other states ample grounds to mess with Texas.
Numerous bills that would have imposed federal standards for voting-machine security have been floated over the past few years, only to die in the GOP-controlled Senate. There were legitimate reasons to object to certain particulars of these bills: Many lawmakers had qualms that they went too far in usurping state authority over election procedures, or included superfluous mandates, such as requiring that ballots be printed on recycled paper. But another factor likely played a role in dooming these proposals: Until election-rigging conspiracy theories became useful to the Trump campaign, voicing concern about election security was perceived, at least by the incumbent president himself, as a tacit attack on the legitimacy of his 2016 victory.
It’s not just states that have been wrongly tarred: The voting-equipment maker Dominion Voting Systems has been at the heart of the most lurid conspiracy theories, including bizarre and obviously false claims that the company’s software was designed for vote stealing at the behest of Venezuelan communists. These claims have persisted even though most swing-state counties using Dominion machines were won by Trump, and many areas won by Biden use equipment and software from other vendors. Although no voting technology is perfect, Dominion’s has been rigorously tested and certified—during the Trump administration!—to meet federal security standards by the United States Election Assistance Commission. There is, in short, no reason to believe Dominion machines are significantly less secure than their major competitors’. Yet with many Trump supporters now convinced that Dominion equipment is compromised, some Republican state legislators have begun echoing the president’s conspiratorial rhetoric. If voter distrust persists, some of these states might well feel pressured to squander millions more in taxpayer dollars replacing machines that are virtually brand new.
None of this is to say that cybersecurity experts have become blasé about electronic threats to American elections. Many fear that a foreign adversary more interested in sowing chaos and confusion than altering the results of an election could still mount an attack that succeeded in undermining public confidence, even if manual recounts would detect tampering with a digital tally. Voter-registration records are another avenue of attack: A malicious actor could seek to selectively alter voter rolls—in effect hacking the electorate rather than the votes themselves. Fortunately, however, widespread recognition of the need for an auditable paper trail has radically reduced the risk of direct, large-scale “vote rigging,” which is why the Department of Homeland Security could confidently declare the recent election “the most secure in American history.”
Plenty of work remains to be done to ensure the integrity of our democratic process, but ignorant and spurious conspiracy theories, advanced by partisan hacks shamelessly posing as newly minted champions of electoral cybersecurity, hamper, rather than aid, that effort. They misinform voters about the true nature of the risks we face, and reward the very officials who have made the greatest contributions to our security with slander.