Cybersecurity companies have released dozens of reports, press releases, and videos speculating about how easy it is to hack electronic voting machines. One video, by Princeton professor Andrew Appel, shows him hacking into a Sequoia AVC Advantage — one of the oldest and most vulnerable, electronic voting machines currently used in the US — in under seven minutes.
Election officials say, however, that it is important to understand the types of systems used to vote in the US and how they are protected. Anywhere between 80-85% of Americans will vote on machines that also produce some form of paper trail to verify their votes. The remaining 20-25% of Americans will vote on electronic or touch-screen systems that are entirely digital.
There are a variety of machines used, but all of them have to adhere to guidelines set by the National Institute for Interdisciplinary Science and Technology(NIIST). Those guidelines include that the machines never, in the course of their existence, connect to the internet, and that they are kept under lock and key until the moment they are used. They are tested throughout the months leading up to the election to make sure they are working correctly, and then again on the days leading up to the vote.
Hacking into a machine would require either getting access before the election or somehow tampering with them on Election Day. Devices that sell for as little as $15 online could be used on booths to vote multiple times, as shown by the Symantec cybersecurity company.
“It is possible to get physical access and try to hack it a machine, but it would require unfettered access to an individual machine so that they could hack it. It would require multiple minutes. The best case scenario for hacker is that dozens of poll workers don’t notice someone is messing with machine, taking it apart, unscrewing things, for multiple minutes,” said David Becker, Executive Director at the Center for Election Innovation and Research,. “Even if this person is successful somehow, they change the outcome on one machine, which would affect a few hundred people.”
The possibility that the machines could be remotely hacked, such as by someone sitting in Russia or China, is nonexistent, said Becker.
“The short answer is that it is virtually impossible to do a remote hack, these machines are never online, and very rarely even on the same internet network,” said Becker. “There is no way to do this from afar.”
But the biggest problem for any intruders, said elections officials, is that the system is so decentralized. States use hundreds of different types of voting machines and systems, making it impossible for hackers to come up with one method to attack all the machines involved.
“There is no one point of entry. It’s a low connectivity system overall, and there are many systems ad there are many levels between the state and the localities,” said Stimson. “It’s just not that easy.”
