Security Against Election Hacking

From Freedom to Tinker, Andrew Appel: Security against Election Hacking – Part 1: Software Independence <read>

We have heard a lot lately about the vulnerabilities of our elections to hacking.  Both cyberhacking and unsophisticated insider attacks. Andrew Appel describes some common sense approaches to detect and deter error and fraud in our elections, covering three major vulnerabilities:

  • Incorrect or unavailable poolbooks.
  • Voting machines
  • Accumulation of results across polling places and jurisdictions

Any of these computers could be hacked.  What defenses do we have?  Could we seal off the internet so the Russians can’t hack us?  Clearly not; and anyway, maybe the hacker isn’t the Russians—what if it’s someone in your opponent’s political party?  What if it’s a rogue election administrator?

The best defenses are ways to audit the election and count the votes outside of, independent of the hackable computers…

So the good news is: our election system has many checks and balances so we don’t have to trust the hackable computers to tell us who won.  The biggest weaknesses are DRE paperless touchscreen voting machines used in a few states, which are completely unacceptable; and possible problems with electronic pollbooks.

In this article I’ve discussed paper trails: pollbooks, paper ballots, and per-precinct result printouts.  Election officials must work hard to assure the security of the paper trail: chain of custody of ballot boxes once the polls close, for example.  And they must use the paper trails to audit the election, to protect against hacked computers (and other kinds of fraud, bugs, and accidental mistakes).  Many states have laws requiring (for example) random audits of paper ballots; more states need such laws, and in all states the spirit of the laws must be followed as well as the letter.

Read the full, brief article to understand the details of Appel’s recommendations.

In addition to paying attention to all these recommendations, Connecticut needs to attend to improving our existing post-election audit transparency, the security of ballots, and consider adding formal measures along these lines for check off lists and results reporting.




Leave a Reply

You must be logged in to post a comment.