Why This Election Can’t Be Stolen

By November 3, 2016 Cybersecurity Readiness

The race for the presidency of the United States in 2016 has been a hotbed of cyberespionage that has raised doubts about the legitimacy of the electoral process. Over the summer, a spear-phishing attack led to a leak of thousands of emails from the Democratic National Committee that revealed their bias toward the Clinton campaign throughout the Democratic primaries. The attack was later attributed to Russia, who has since been implicated in several other acts of cyberespionage. Other targets have included staffers of high-ranking Republicans and election systems in Illinois, Arizona, and Florida.

While no actual votes have been tampered with, these incidents have sown doubt in some Americans about the integrity of voting systems in this election cycle.  If hackers could get into these systems, could they also infiltrate voting machines and alter the results of an election?  Is US democracy at risk? Fears of the presidency being stolen by foreign actors has led to frenzied preparation and cooperation between the states and the federal government—all with the hope of preserving the legitimacy of the electoral process. Concerns of a hacked election are not entirely legitimate, however, because the US election system is highly decentralized. The nightmare hack most Americans fear is unlikely to occur.

Too Low-Tech

The outcome of the US presidential election is not at risk of being altered by a cyberattack.

The widespread use of paper ballots along with decentralized and old-fashioned voting practices actually insulate the United States from such a scenario. First, there are over 9,000 voting districts in the United States and no standardized electoral system. Local administrators control nearly every aspect of elections, including deciding which voting equipment to use, what the ballots look like, and how to tabulate and certify results. This alone essentially precludes the possibility of any single nationwide cyberattack.

Second, most ballots cast in US elections are paper and lack any electronic component—there’s nothing to hack. Only Delaware, Georgia, Louisiana, New Jersey, and South Carolina use strictly electronic voting equipment that do not produce verified paper trails. Ten other states have counties that are completely paperless and at risk for being hacked.  However, due to the kinds of equipment used in these areas, any potential hack would have to occur on the ground and could not occur remotely.  The country’s remaining thirty-five states and the District of Columbia rely entirely on paper ballots or have electronic voting systems that produce paper audits in case of a hack or machine malfunction. This year, as much as 75 percent of all votes are expected to be cast on paper ballots.

Third, the logistics of hacking electronic voting systems to influence an election are so complex that they render any potential conspiracy infeasible. Systems with proven remote hacking vulnerabilities, like the AVS WINVote, have been decommissioned throughout the country. Most of the remaining voting machines lack connectivity to the open internet. In some cases, electronic voting machines are connected to local area networks.  In these instances, compromised systems could have their vote counts altered, but doing so would require in-person access to the target system. To change the outcome of an election, thousands—perhaps tens of thousands—of individual voting machines would need to be hacked in this way. More importantly, this tampering would need to occur in the right districts, in the right states, and within “believable” enough margins to result in an electoral outcome that is accepted by the public. Actually hacking voting machines to change the outcome of an election in this manner is impractical if not impossible.

The Real Threat

Even though the election result will not be “rigged” by a hacker or a foreign entity, the thought of the election being rigged is troubling to many people. Russia will not be able to change the election results by hacking voting machines, but that’s probably never been its goal. Russia’s objective is most probably to simply sow feelings of unrest and disunity in the United States.

The thought of a rigged election could cause the average American to question the outcome.  Any doubt in the outcome would only make the damage wrought by a bitterly fought election worse. If Clinton wins, there will be accusations that it was rigged by “the Establishment.” If Trump wins, there will be accusations of Russian interference in the election. While an election-altering cyberattack is highly unlikely, undermining Americans’ faith in their electoral process is a task far easier and potentially more devastating.

The possibility of a hack that could change the outcome of our election is practically nonexistent.  The logistics of such a hack are too demanding for any individual, group, or government to pull off. The Department of Homeland Security has been conducting cyber hygiene inspections of election equipment to make elections securer. The FBI and the Justice Department will have monitors around the country to prevent on-site tampering and voter fraud, intimidation, and discrimination.  The government is taking extra measures to reassure the American people that the elections are secure and legitimate—so don’t lose faith.