With Election Day only weeks away, alarms have sounded about the possibility of hackers tampering with the results. Andrew Appel ’81, the Eugene Higgins Professor of Computer Science, has shown that it is possible to hack into a voting machine in a matter of seconds, armed with just a screwdriver. PAW discusses the security risks and possible solutions with Appel.
Haven’t voter-registration databases been hacked this year?
Yes, in Illinois and Arizona. But it is possible to recover from this sort of hack. If you’re told at the polls you’re not registered and you believe that is a mistake, you can cast a provisional ballot and they can sort it out afterward. Most jurisdictions also check each voter’s name in a printed poll book. Once those poll books are printed, hacks into the voter-registration database are less likely to disrupt the election, although some places use electronic poll books. If those fail, there are more potential problems.
How about tampering with actual voting machines?
Appel on voting under the names of dead people or voting twice: “In the last two decades, in-person voting fraud of that kind just hasn’t been documented, beyond — at most — one attempt per 30 million votes.”
Approximately 40 states vote on paper ballots, which are then counted by an optical-scanning machine. If those machines are hacked, the paper ballots can be recounted by hand. In five or six states and significant parts of several others, though, they use paperless touch-screen voting machines, and those machines can be hacked, as I have demonstrated, and there are no paper ballots to recount.
What should we be doing?
States that have not yet adopted optical-scanning voting machines should do so. After the debacle of the 2000 presidential election, Congress outlawed punch-card ballots. It would be very appropriate to outlaw paperless touch-screen voting machines, as well.
Have states been working to protect the vote this year?
In many places, election administrators have been trying to follow best practices, which include not connecting ballot-programming computers to the internet. Unfortunately, some places say they have been taking precautions but haven’t.
WATCH Andrew Appel ’81’s TEDxPrincetonU Talk, “Internet Voting? Really?”
The Department of Homeland Security has offered to help states and localities with their cybersecurity. That’s helpful, but you can never totally prevent computers from being hacked. The best thing is to use optical-scanning voting machines with paper ballots that can be recounted by hand, if necessary. It is also important to have a transparent process of announcing the results in each precinct, with outside witnesses present who can check the results if there are questions.
Interview conducted and condensed by Mark F. Bernstein ’83