Behind the curtain

If the ever-mounting tensions over the 2016 presidential elections weren’t running high enough already, both front-runners are stoking fears of an Election Day disaster: a compromised process or a rigged result.

After federal officials said they suspected Russian hackers of breaking into the email system of the Democratic National Committee in a massive leak ahead of the party’s summer convention, Democratic nominee Hillary Clinton told voters she was “really concerned” about Russia meddling in the U.S. elections.

Meanwhile, Republican nominee Donald Trump didn’t seem anxious over Russia, but he’s long said he thinks America’s political system is “rigged.” Last month, he warned voters in Ohio, “I’m afraid the election is going to be rigged.” (It wasn’t clear who would do the rigging.)

A series of news reports on a sizable chunk of outdated voting machines in a handful of states hasn’t eased fears. The tech magazine Wired declared, “America’s electronic voting machines are scarily easy targets.” And The Washington Post offered this pre-fall cheer: “Here’s how Russian hackers could actually tip an American election.”

Should American voters revolt? Not yet.

Though election security is a vital concern—and a number of precincts should replace outdated voting machines—a closer look shows a less drastic reality: More leaked emails could influence voters’ preferences, but it’s far less likely rogue hackers will steal an American election.

In a narrowing presidential race with plenty of legitimate angst ahead of the Nov. 8 elections, here’s one corner where the panic could be worse than the predictions.

When security experts warn of Election Day hacking, they usually worry about a specific category of voting equipment: the touchscreen voting machines known as direct-recording electronic (DRE) devices.

The machines burst into popularity after a bona-fide voting disaster in 2000: the disputed presidential election between Democrat Al Gore and Republican George W. Bush that sent the contest into weeks of overtime eventually decided by the U.S. Supreme Court.

Armies of Florida election volunteers pored over hand-punched ballots in an excruciating recount that introduced the term “hanging chad” into the American lexicon. (The counters had to determine whether partially punched pieces of paper constituted a real vote.)

A traumatized U.S. Congress responded to the election debacle with the “Help America Vote Act” in 2002. The bill offered some $3 billion in federal funds to help states phase out punch-card voting systems and digitize the process.

All 50 states accepted.

DRE machines started dominating in precincts across the country. The touchpad system eliminated hanging chads, but it also erased crucial fallbacks: old-fashioned paper trails.

If a machine malfunctioned—or if someone alleged tampering—the only way to recount votes would be to check the electronic records of the devices already under scrutiny.

There are no proven cases of tampering on such devices, but some machines may have malfunctioned. In 2006, less than 400 votes decided a close congressional race in Florida, and electronic results showed 18,000 voters hadn’t made a selection in the well-known contest when they cast their ballots.

Some election observers said voters may have decided to skip that portion of the ballot, but others wondered if the touchscreen machines had malfunctioned or if the crowded ballot was too difficult to read.

An investigation reported no known problems with the machines, but without a paper backup it was impossible to confirm the voting count against another source.

As technology improved, officials in many states began considering the wisdom of both worlds: keep the electronic voting, but also produce a paper trail.

The paper trails have paid off. In 2006, electronic machines showed a popular incumbent losing in a race in Pottawattamie County, Iowa. The voting devices had paper backup, and a recount by hand showed the incumbent won easily. An investigation into the machines found a programming mistake apparently had tipped the count toward the challenger.

Today, an estimated 75 percent of voters produce a paper trail at the ballot box, according to the nonpartisan tracking group Verified Voting. Most counties use optical scan systems: Voters fill in circles on a paper ballot, and election workers scan the results. Others use DREs equipped to produce a printout voters may examine before they cast their final ballots. A small number of counties still use hand-counted paper ballots.

So what about the 25 to 30 percent of voters still using a paperless system to choose candidates? Those machines remain the most vulnerable to tampering or malfunctioning. Five states use such machines exclusively, and a number of counties in at least 13 states use paperless systems as well. The most troubling of those spots may be counties in Pennsylvania—a swing state that could help decide the presidential election.

‘Unless you could recruit an army of Russian hackers who could actually go into polling places and get physical access to those electronic voting machines, you’re going to have a difficult time hacking the election.’ —Hans von Spakovsky

To demonstrate the vulnerabilities, some security experts have hacked machines with disturbing ease. For example, Princeton professor Andrew Appel recently bought an aging voting machine online that’s still used in a handful of states.

According to an account in Politico, a graduate student picked the machine’s lock in seven seconds. Appel pried out four unsoldered computer chips and quickly replaced them with his own hardware designed to alter the machine’s tally of votes.

It all took a matter of minutes. Appel’s team contends that an iPhone is more secure than the voting machine he hacked to show the system’s vulnerability.

It’s a sobering conclusion that demands attention, and it calls for states to upgrade their voting machines. But it also calls for context: While such voting machines are vulnerable to in-person tampering, they aren’t connected to the internet. (Experts say nearly all voting machines are disconnected from any network.)

That means a rogue hacker couldn’t break into the system from a distance. He’d have to be standing at the machine.

Consider how the devices often work: The touchscreen machines typically involve an election worker removing a cartridge from the device loaded with the machine’s voting results.

Workers often physically deliver the cartridges or memory cards to the county’s election headquarters for downloading into a computer that aggregates results across precincts. (Protocol requires such computers to be disconnected from the internet.) Counties report results to the state election officials.

For a rogue group of domestic or foreign criminals to conduct a widespread hack on such machines, the perpetrators would have to be present at many devices across many precincts ahead of the contests or during Election Day—a feat that isn’t impossible, but seems unlikely.

“Unless you could recruit an army of Russian hackers who could actually go into polling places and get physical access to those electronic voting machines, you’re going to have a difficult time hacking the election,” says Heritage Foundation scholar Hans von Spakovsky. The former official with the Federal Election Commission also served on the board of the U.S. Election Assistance Commission—a nonpartisan body that helps set voluntary election guidelines most states follow. (He believes imposters claiming false identities to cast votes on Election Day potentially could be a bigger threat than hacking.)

Still, hackers have spooked federal officials, and for good reason. The FBI is investigating breaches into the voter databases for election systems in Arizona and Illinois over the summer.

Neither database would be connected to the actual voting process, but the hacks were disturbing. Some warned the intrusions could cause disruptions on Election Day if criminals managed to delete voter information. The FBI issued a nationwide alert, urging election officials across the United States to watch for unauthorized activity in their systems.

In mid-August, Secretary of Homeland Security Jeh Johnson suggested the possibility of the federal government designating voting technology as “critical infrastructure” and offered his agency’s help in inspecting state election systems. (DHS acknowledged it doesn’t know of a credible threat against the election system.)

Some accepted the offer, but others have warned against it. Georgia Secretary of State Brian Kemp called it “a vast federal overreach.” Indeed, as some experts see the estimated 9,000 jurisdictions overseeing voting across the United States as a loose patchwork without oversight, others see the decentralized process as one of the greatest strengths of the system.

Though states follow voluntary guidelines for voting machine technology, they still oversee and compile their own results. Because the country has so many jurisdictions, von Spakovsky says, “it would make it very difficult for a systematic, organized hacker to attack our election process.”

The National Association of Secretaries of State agrees and has issued a statement warning against overstating the likelihood of a widespread hack that could tip a national election.

That doesn’t mean states shouldn’t exercise vigilance in updating technology, protecting voting machines (particularly on the eve of elections), and improving audit systems. More than half of the states conduct postelection audits to check totals against paper records, according to Verified Voting, but at least a dozen states have no audit procedures at all.

Vulnerabilities remain, but the biggest threat may come from voters believing the system doesn’t work. Even a handful of disruptions could cause widespread worry that the election results aren’t fair or throw postelection days into chaos.

It’s unclear how far candidates will go in casting doubt on the voting system, but by August, Trump had taken another step in that direction. The candidate’s official website announced it would recruit “election observers” for the fall and invited supporters to sign up.

The website doesn’t indicate what election observers would do at the polls, but the page declares, “Help Me Stop Crooked Hillary From Rigging This Election!” Meanwhile, Trump told supporters in Pennsylvania the only way he could lose the state is “if cheating goes on.”