Profile image
By Electronic Frontier Foundation (Reporter)
Contributor profile | More stories
Story Views

Last Hour:
Last 24 Hours:

E-Voting Machines Need Paper Audits to be Trustworthy

Wednesday, November 23, 2016 17:25
% of readers think this story is Fact. Add your two cents.

ballot box

Election security experts are calling for an audit of ballots in the three states where the election was very close, Michigan, Wisconsin and Pennsylvania. We agree. This is an important election safety measure and should happen in all elections, not just those that have a razor-thin margin.

Voting machines, especially those that have digital components, are intrinsically susceptible to being hacked. The main protection against hacking is for voting machines to provide an auditable paper trail. However, if that paper trail is never audited, it’s useless. EFF worked hard, alongside many others, to ensure that paper trails were available in many places across the nation. While there are still places without them, we have made great strides. Yet this election was a forceful reminder of how vulnerable all computer systems are. 

We not only need elections to be auditable, we need them to be audited. We should use this opportunity to set a precedent of auditing electronic voting results to strengthen confidence — not only in this election, but in future ones.

There is precedent for hackers attempting to influence elections by tampering with voting infrastructure: Ukraine’s 2014 election came under attack from pro-Russian hackers. There was also plenty of hacking related to the 2016 US election, with two separate major dumps of politicians’ emails and several reports of attempted attacks on election systems. These attacks tell us that hacking groups, some of whom may be nation states, were particularly interested in affecting this election’s outcome.

Of course, there is good reason to believe US voting machines are vulnerable; for years, EFF along with hundreds of security experts nationwide and even worldwide sounded the alarm about the risk posed by insecure voting machines. EFF handled many cases arising from problems with the machines.  In 2004, California decertified many voting machines due to serious security flaws.

Most e-voting machines are not connected to the internet, but disconnection isn’t a sufficient defense against hacking. Malware can be engineered to cross a so-called air gap by riding on removable storage media like thumb drives and SD cards. The Stuxnet worm is a remarkable example of this in action. It was designed to infect internet-connected workstations and then copy itself over whenever a thumb drive was plugged into those workstations. Once an infected thumb drive was plugged into an air-gapped system, the worm would install itself and begin its work. The voting machines used in America are updated using removable storage that is at some point plugged into a regular computer in a government office. Hackers need only compromise that computer, and they can use that toehold to copy a Stuxnet-like worm onto all removable storage that comes into contact with it and matches a certain profile. Once plugged into a voting machine, that worm could alter the machine’s software to subtly change the vote. A particularly well-written worm would automatically reverse those changes after the election to cover its tracks.

There’s a defense against the possibility of hacked voting machines: good, old-fashioned paper. Thanks to tireless advocacy by EFF and other voting security experts, many e-voting machines record a paper copy of all votes. But, like a seat belt, these paper records only work if you use them. Currently, US states need far more buckling up.

That could change. Candidates can petition for a recount. The deadlines for such a petition are coming up fast: Friday in Wisconsin, Monday in Pennsylvania, and Wednesday in Michigan. It’s especially worth auditing the vote in these states, because they had some of the closest margins in the presidential election and therefore are the most interesting targets for hackers looking to swing the election.

Counting the paper ballots isn’t just good for increasing voter confidence in this year’s election, it’s just good electoral hygiene and a basic safety measure. We hope that audits this year can serve as a guiding example for states to improve their election systems for future years: by replacing paperless voting machines with optical scan systems and adopting inexpensive risk-limiting audits as a routine matter.

With concerns about election hacking higher than ever, this is a turning point in securing our election systems. We ask the Clinton campaign: call for for recounts in Wisconsin, Pennsylvania, and Michigan. Even if you think an election-changing result is unlikely, it is a vital step on the road to securing our democracy.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF


We encourage you to Share our Reports, Analyses, Breaking News and Videos. Simply Click your Favorite Social Media Button and Share.

Report abuse


Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories



Top Global

Top Alternative



Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.