Could the election be hacked? Checking a “Fact Checker”

USAToday article: Could the U.S. election be hacked?  <read>

We add some annotations:  [Bottom-line there is a conspiracy in plan view.  A thinly disguised attempt to assure us that elections are not vulnerable and that any attempt to say otherwise is an attack on every pollworker.]

Fact-checking the presidential debate: Fibs and fiction [Actually the have left that to us.]’s Lori Robertson takes a look at the claims made during the second presidential debate between Hillary Clinton and Donald Trump. Find out where fact-checkers found that candidates stretched the truth.

SAN FRANCISCO — The impact of Russian hacking on the upcoming presidential election was a topic in Sunday night’s debate, raising the question: Is the U.S. election hackable? Experts say at the national level, no. But there could be individual incidents that undermine faith in the system. [We disagree.  Election systems are very vulnerable based on the California Top To Bottom Review and the Ohio EVEREST report. Nobody should be considered an expert who ignores those reports. Actually so called “experts” denying the risks are thinly disguised attempts to create blind faith in the system.]

There’s almost no danger the U.S. presidential election could be affected by hackers. It’s simply too decentralized and for the most part too offline to be threatened, according to the head of the FBI and several security experts. [Decentralization means it would indeed be a challenge to hack every polling place and central count location in the country, yet that is a strawman argument, it is not necessary.  Only hacking a few jurisdictions in a small number of swing states is all it would take. See Ohio 2004 and Florida 2000. Offline is a good practice, yet that is insufficient for two reasons:  First, insiders can do all manner of hacks with our without connectivity. Motivated governments can and do find ways to hack systems without connectivity, see STUXNET.]

“National elections are conducted at the local level by local officials on equipment that they obtained locally,” so there’s no single point of vulnerability to tampering here, said Pamela Smith, president of Verified Voting, a non-partisan, non-profit organization that advocates for elections accuracy. [Most voting equipment is obtained from two our three vendors nationwide. Most officials have blind trust in their entire staffs, that is a formula allowing one or several individuals to hack a jurisdiction. Security of election equipment and voted ballots varies.  In many jurisdictions and whole states, such as Connecticut and New Jersey, machine and ballot security is very weak.]

In testimony before the House Judiciary Committee last month, FBI Director James Comey said that while concern has been rightly focused on the integrity of state voter registration systems, the actual voting process remains “very, very hard to hack into because it is so clunky and dispersed.’’ [We should be concerned with voter registration systems.  We should equally be concerned with voting systems and the systems which are used to total results for polling places, central count, jurisdiction accounting, and statewide accounting.]

“It is Mary and Fred putting a machine under the basketball hoop at the gym,’’ Comey said. “These things are not connected to the Internet.’’ [This is an attempt to say we are challenging the integrity of each  of the Mary and Fred’s who work in elections.  [Actually it is quite a leap to believe that each every pollworker and elected official is of high integrity.  Some have gone to jail for their activities. As a class we see no reason to agree that election officials that legislators, mayors, governors, and other public officials.  In Connecticut we have seen many punished for violating the public trust.]

Nevertheless, Comey said federal authorities have been counseling state officials to secure their systems, especially voter registration databases, as hackers have continued to “scan’’ the systems for vulnerabilities.

High stakes rhetoric

In Sunday’s debate, Democratic presidential candidate Hillary Clinton noted U.S. intelligence officials have blamed Russia for hacking Democratic officials accounts.

“We have never in the history of our country been in a situation where an adversary, a foreign power, is working so hard to influence the outcome of the election,” she said, and alluded to her Republican opponent Donald Trump’s praise of Russian president Vladimir Putin. [Many claim that the U.S. hacked a recent Ukraine and several over the years in South America.  Russia has been charged with hacking an election in Georgia. Some of these claims have stronger verification than U.S. claims without transparent evidence that any of these hacks were acts of the Russian Government. Not so long ago the U.S. was blaming hacks on China.  It seems we have a new enemy of choice.  Brought out also to charge that Trump, Clinton, Stein, and Sanders are somehow linked to Russia and Communism.] 

Trump replied that he knew “nothing about the inner workings of Russia,” and didn’t address electoral issues.

However on the campaign trail he has said multiple times that he fears the election will be stolen. In August in Columbus, Ohio he said “I’m afraid the election’s going to be rigged. I have to be honest.”

His website features a page where supporters can sign up to be election observers, to “Help Me Stop Crooked Hillary From Rigging This Election!”

Hacking dangers [We are not the only ones concerned:]

Experts say some local systems may be vulnerable to hacking. In some jurisdictions, local rules allow the transfer of election results using WiFi rather than putting the information on a thumb drive that’s physically taken to the central tally site. Others simply use outdated machines, said Kim Alexander of the California Voter Foundation, a non-profit, non-partisan organization that promotes the responsible use of technology in elections.

“They’re in a position where they need to buy something new, but governments don’t want to spend the money on it,” she said.

Depending on the voting machine, all it might take would be one disgruntled election official plugging in a thumb drive containing malware to falsify vote tallies, said Mike Baker, founder of Mosaic451, a computer security company that focuses on infrastructure protection, including for some state and federal election networks.

So far, 33 states and 11 county or local election agencies have approached the Department of Homeland Security for cybersecurity risk and vulnerability assessments, Secretary Jeh Johnson said in a statement Monday.

But time is a factor and he encouraged election agencies to ask for help now.

“There are only 29 days until election day, and it can take up to two weeks from the time we receive authorization to run the scans and identify vulnerabilities. It can then take at least an additional week for state and local election officials to mitigate any vulnerabilities on systems that we may find,” he said.

DHS may increase protections for voting systems to thwart hackers

The good news is that in the upcoming election, close to 80% of voters nationwide are in areas that will either use either paper ballots or voting machines with paper backups, both of which are considered much more secure than online only systems, said Smith.

Y2K or Pearl Harbor

The biggest question in the mind of voting security expert Joseph Kiniry is whether the 2016 election will be Y2K or Pearl Harbor.

The Y2K or millennium bug arose because programs represented the four-digit year with only the final two digits, which made 2000 indistinguishable from 1900. There were predictions of widespread computer failures and possibly catastrophic meltdowns of the world’s digital infrastructure.

Hundreds of millions of dollars and thousands of hours of work dealt with the problem and on January 1, 2000 the world woke to nothing more than a hangover, to the relief of many.

“I hope this is Y2K all over again,” said Kiniry, chief scientist at Free & Fair, a public-benefit corporation that works on creating technologies to keep elections free and fair.

But he and others worry that there’s a chance, though a small one, that it could be Pearl Harbor instead.

[Unlike Y2K, we are being warned, yet there is little action to significantly improve voting equipment, procedures, and security.  Maybe Y2K was a one-off where a very technical problem was described to the public, government, and business and after fifteen or so years of warnings, finally there was action in time to largely avoid the actual risks. As a Y2K programmer, I still hear complaints that we all ripped-off the system because nothing significant happened on Jan 1, 2000.  Many took the wrong lesson from that successful project/challenge.]

“Imagine lines wrapping around the block at every polling place in American on election day because the databases were compromised. Or results far different from previous elections and then two weeks after everyone thinks they know the outcome of the election, we find evidence of hacking in the machines,” he said.

66.5 million people watched Sunday’s Trump-Clinton debate
Voter confidence key

While election officials worry about such possibilities, they’re loath to discuss them publicly. If voters lose confidence in the system and don’t turn out to vote in the first place, it would be a greater threat to the integrity of the election system than hackers, they believe. [Don’t let the voters know what the risks really are, but privately worry, ignore, and cover-up.]

“It’s a tough position for us to be in. We don’t want to scare voters away,” said Alexander.

The fear is that proof of even one example of vote manipulation could be amplified through social media to threaten the electorate’s trust in the entire system.

That trust is a bedrock of American democracy and if it’s lost, “that puts us in a whole different category of countries that don’t have free and fair elections,” said Melinda Jackson, chair of the political science department at San Jose State University. [I would love to see a survey of what percentage of voters and non-votes have that blind trust given the thinly disguised attempt to deny risks.]

It might not even take that, she said.

“Already we see candidates sowing the seeds of distrust by saying the election might be rigged,” she said, citing Trump’s multiple statements to that effect.

In an absolute worst case scenario, were either Trump or some other group to question the legitimacy of the elections “we might see violence, we might see protests, we might see rioting, things that we see in other countries but not here,” said Jackson. [We have plenty of protests here. Just not so much over elections and no so much covered by the media.  See Standing Rock Dakota Pipeline and see where the violence comes from.]

While that’s an unlikely Doomsday scenario, she said, “it’s not impossible.”

Contributing: Kevin Johnson in Washington D.C.

Elizabeth Weise covers technology and cybersecurity for USA TODAY. Follow her at @eweise.


Leave a Reply

You must be logged in to post a comment.