In January, America’s main intelligence agencies issued a report concluding that Russia interfered in the 2016 election, using a combination of cyber-intrusion, espionage, and propaganda. In addition to the details provided in this account, media outlets have since reported that several election databases were hacked before and after the election. While the Department of Homeland Security found no evidence any of these efforts manipulated vote tallies, the assaults have left many Americans asking: Just how safe are voting machines from cyberattack?
The answer is not reassuring.
For more than a decade, independent security experts have repeatedly demonstrated that many electronic voting machines are dangerously insecure and vulnerable to attack and manipulation by bad actors.
As it happens, a huge percentage of America’s voting machines must be replaced before the next presidential election, if for no other reason than they have reached the end of their lifespans. A study I co-authored last year with a colleague at the Brennan Center showed that 43 states were using voting machines that were at least a decade old, perilously close to the end of the projected lifespans for most of these systems. Not surprisingly, election officials in 31 states told us they hoped to replace their equipment within the next five years.
Security experts and voting-machine vendors are already exploring what’s needed to make the next generation of machines more secure. Among the wide variety of solutions being explored or proposed are use of encryption, blockchain, and open source software.
While each of these technologies can offer a path to more secure voting, the most important technology for enhancing security has been around for millennia: paper. Specifically, every new voting machine in the United States should have a paper record that the voter reviews, and that can be used later to check the electronic totals that are reported.
This could be a paper ballot the voter fills out before it is scanned by a machine, or a record created by the machine on which the voter makes her selections—so long as she can review that record and make changes before casting her vote.
The good news is that most states use systems with so called “voter verifiable paper records.” Yet, 14 states—including some jurisdictions in Georgia, Pennsylvania, Virginia, and Texas—still use paperless electronic voting machines. These systems should be replaced as soon as possible.
That’s the first step to more secure systems, but not the last. Paper records should be sampled in an auditing process to ensure that electronic machines are recording votes accurately. As Mark Lindeman and Philip Stark of the University of California at Berkeley have shown, we can generally look at a very small sample of paper ballots to confirm election outcomes have been accurately reported by voting machine software. Unfortunately, most jurisdictions are not conducting these kinds of audits.
Making our voting systems more secure doesn’t have to cost a lot of money. These two low-tech solutions would provide Americans with something security experts have been urging for years: “software independent” voting systems, or systems where an “undetected change or error in its software cannot cause an undetectable change or error in an election outcome.”
In light of the recent reports of foreign interference in our elections, it is the least we can do.
This article is part of a collaboration with the Markkula Center for Applied Ethics at Santa Clara University.