Russian hackers targeted US electoral systems during the 2016 presidential election. A lot has been done since then to support those systems, but J. Alex Halderman, director of the University of Michigan Center for computer security and society, says it is still disturbing vulnerable (see “four great goals in the online exhibition of the United States of the polls”). MIT Technology Review Martin Giles discussed the election with Halderman, who testified about it before Congress and assessment of voting systems in the United States, Estonia, India and others.
Recommended for you
Using WiFi to “see” behind closed doors is easier than anyone believed
Strong new battery can give our electric planes that don’t pollute
Ethereum founder Vitalik Buterin says his creation can only succeed if he takes a step back
That a self-driving car killed the baby or grandma? Depends on where you are.
IBM $ 34 million to buy a red hat mega-bet on the coding revolution
A lot of things from fraud to voter identity conflicts can undermine the integrity of the United States in the electoral process. How big is the issue of piracy in comparison?
This story is part of the September-October 2018 issue
See the rest of the issueSubscribe
Things such as cheating is a question of political wrangling within the rules of the game of American democracy. When it comes to the election of piracy, we are talking about attacks on the United States and hostile foreign governments. This is not playing to the rules of American politics, this is an attempt to subvert the foundations of democracy.
As the election security has improved since the 2016 United States presidential election is?
The only thing that improved is awareness. States take first steps to protect their systems—things like making sure they run vulnerability scans in the election programs of the parties of the security to receive threat intelligence from the federal government. Progress accelerated in March, when Congress allocated $ 380 million in new funding that will help states protect secure upgrade equipment and make other improvements, but there is still a lot of work to be done.
What element of the voting process worries you the most?
The part that bothers me is electronic voting machines. Each machine must be programmed with the ballot design and programming that are copied in the election of officials on a USB stick or memory card. If someone can infect that programming, they can wait for an attack on the machines needs to be tinkered with a small portion of the vote without revealing any person.
See sidebar story for more information about voting and hacking
Here’s how hackers could cause chaos in the midterm elections
So what can be done to counter this danger? We need to make sure that all recorded sounds on a piece of paper also. Without paper, there may be no proof that we can go back and look at to reveal the vote tampering. We also need to attack as hard as possible by making sure the systems used in the program design of the ballots closed and not accessible from the internet.
What other areas beyond voting machines vulnerable?Voter registration systems connected to the internet is a source of great concern. In 2016, one of the most disturbing email was Russian attempts to investigate, and in some cases hack into the voter registration databases. We also need to worry about the electronic poll books that many states used to verify voters on Election Day. This equipment is often the retina, and if that fails it could lead to chaos in the polls.
How can we strengthen the defense here? The main thing is to apply the same good security practices developed to protect other government and industry databases. We also need to have backup procedures in case the technology fails.
Audit results can capture the vote manipulation. Is the post-election audit in the United States is strong enough?No. Some states do not achieve the proposal at all; others study in the fixed part of the constituency, but at the close of the contest, which may not affect your vote burden is concentrated in constituencies which are not controlled. We need to “risk” audit. Here you agree in advance the probability you are willing to endure from the results of the elections are being manipulated and are not disclosed. Then look at enough of the paper ballot so the odds of someone getting away with fraud is less than the target percentage.
Why don’t we have these checks everywhere? States have been slow to adopt new methods to counter cyber threats. Fortunately, the risk of audit does not have to be particularly expensive. When the election is not close, you may be able to confirm the result with the higher confidence in the statistics through the study of a few hundred ballots throughout the state; very close elections, you often have to do an automatic recount anyway.
It would be better if the United States had federally provided at the national level voting system instead of many different state, local? It may be easier to secure a uniform system of voting, but election administration in the United States is the responsibility of state and local governments, and I don’t see that this will change soon. What we can do is to develop national standards for election cyber security that states must meet or exceed.
One can tie federal money to secure the election to the adoption of those standards at the state level.That can be very effective, there is a bipartisan bill in Congress called the safe electoral law that would do just that.
What must happen in order for online voting, Estonia-style, to become viable on a large scale in the United States? Voting over the internet involves considerable risk. You need to protect internet-connected servers running the election and sophisticated adversaries and the protection of voters own devices from malicious software. This is the reason why Estonia is the only country to have national elections to a large extent on the internet and the system is unlikely to withstand a concerted attack. It may be decades before we are able to secure the online systems at the same level we expect from voting at the polling station today.
Some people have floated the idea of blockchain-based voting systems. Are you a fan? The Blockchain doesn’t fix the solid parts of the secure online election. It’s just another form of recording votes. If attackers compromise the voter devices or servers record the sounds and record them to the blockchain, they can still manipulate the election results. There are no easy solutions here.
That the leader of your company’s needs. The implementation of ethical AI.Join us at EmTech Digital 2019.