Friday, November 25, 2016

Americans Need To Take Election Hacking Seriously - Computer Experts Do And So Do Hackers

[NOTE:  I'm not claiming here that the election was rigged, that machines were hacked.  But I am saying that it's not all that hard to do and it easily could have happened.  The numbers needed to tip the election in swing states was low.  We have to take this seriously, test some key precincts in this election, and require automatic audits of all future elections.]

I'm constantly surprised at how skeptical people are when I talk to them about how easy it is to tamper with voting machines.  They don't want to believe it.  It's the underlying trust we have in our democratic system.  But if that trust is going to continue, we have to take this seriously.  But when the polls are way off, hacking is NOT one of the possible explanations most pundits discuss.  

I began  to seriously learn about this in 2012 when the Anchorage Municipal election had all sorts of problems.  It began with precincts running out of ballots and making up paper ballots from scratch for people to vote on.   But then we learned about more security issues.

  • Security seals on the bags with the ballots could easily be opened and resealed (better ones are now being used)
  • Voting machines got picked up the night before the election and were kept at the Precinct Captain's house over night (making access to computer cards in the machines easy)
  • Voting machines were brought to election central by the precinct captain - there could be more people, but there weren't necessarily
I blogged it closely as did other local bloggers. 

While covering all this I began reading about how the voting machines worked.  It's clear from what experts post online that hacking voting machines is NOT hard.  What's also clear is that IF there are paper ballots that the machines count, then just counting the ballots and comparing them to the machine count will tell us the answer.  Yes, of course, this requires that the paper ballots have been kept securely as well, which is not necessarily the case.  But they should be numbered and tracked at the polling places (at least they are in Anchorage).  If they are not that is a sign.  

So, at the very least, every election should include procedures for manually checking some random precincts against the machine count.  Citizens shouldn't have to demand that and pay for such recounts (as happened in the Anchorage situation, though eventually, when all the problems were exposed, the Assembly repaid the citizens group).  Losing candidates shouldn't have to demand that.  It should be part of the process.  

So when I got an email from a Pennsylvania computer nerd in 2014 raising questions about the Alaska elections in 2008, I took it seriously.  NOTE:  'Seriously' means I decided it was important enough that it should get more attention, particularly from computer folks who could test what he was saying.  'Seriously' does NOT mean, 'believe it all without verifying."

You can read that 2014 post which outlines in detail what he was alleging, what kind of evidence he had, and links to websites that deal with hacking elections and links to my posts about the 2012 election.  I wasn't simply passing this on without thinking about it and doing serious background checking.  

But for those who aren't going to check that link,  I've checked these links to hacking elections again now and here they are: 

Here are some more links I've come across in recent weeks:

J. Alex Halderman, Prof of Computer Science, University of Michigan  Want to know if the election was hacked?  Look at the ballots

And for a different take, here's 538's counter:  Demographics, Not Hacking, Explain The Election Results - They've analyzed the votes and kinds of voting machines used and feel there's little likelihood that election was hacked.  But they conclude:  
"Maybe some irregularities at the county level in early Wisconsin vote-counting are signs of wider problems. Maybe we’d find something if we dug down to the precinct level, or if we looked at other states with mixed voting systems. But at a time when the number of voters without confidence in the accuracy of the vote count is rising, the burden of proof ought to be on people claiming there was electoral fraud. The paradox is that in our current electoral system, without routine audits, seeking proof requires calling for a recount, which in itself can undermine confidence in the vote."
Catch 22 - You need to have proof if you make the claim, but without an audit you have no proof.  But if you call for an audit, you undermine the integrity of the election.  So, as I said above, I think all the elections need to have audits built in.

No comments:

Post a Comment

Comments will be reviewed, not for content (except ads), but for style. Comments with personal insults, rambling tirades, and significant repetition will be deleted. Ads disguised as comments, unless closely related to the post and of value to readers (my call) will be deleted. Click here to learn to put links in your comment.