State officials don’t know if our elections have been hacked, and they don’t seem to care
December 18, 2016 12:00 AM
By Candice Hoke
In May 2006, Cleveland and Cuyahoga County, Ohio, launched an e-voting system, producing a nationally notorious election disaster in which every technical and management system failed. One of the largest election jurisdictions in the nation, the county used DRE touchscreens similar to Allegheny County’s.
When the election tabulation database grew beyond what it was designed to handle — a flaw concealed by the manufacturer — it silently began dropping votes and other data, without notifying officials. An accurate recount was possible, however, because Ohio had required paper printouts of voters’ e-ballots. Recounts showed that some previously announced winners actually had lost. The hidden software problem did not extinguish anyone’s voting rights only because there was a paper trail.
Experts in election technology have pointed out that most Pennsylvania counties — including Allegheny — use e-voting systems that have been outlawed by most states. The chief reason? The omission of voter-approved paper printouts that can be recounted and that allow for audits to check on the accuracy of the electronic machines. Even when voting systems are aged and vulnerable to hacking or tampering, durable paper ballots combined with quality-assurance audits can ensure trustworthy results.
Cuyahoga County election officials, like many around the nation, have learned that, even though their voting machines are certified and function perfectly one day, on another day they may fail to count accurately. Software bugs — especially from updates, malware and errors in programming — can lead to unpredictable inaccuracies. Cuyahoga County now conducts an audit after every election, using paper ballots, which most Pennsylvania counties are unable to do.
Paper ballots plus audits assure voters their choices have been accurately registered and that no partisan tampering, hacking or software glitches have affected the results of an election. Election officials can evaluate the accuracy of electronic voting systems and correct any tabulation problems. And no adversary — not even a foreign nation with sophisticated espionage capabilities — can manipulate elections results with e-invasions.
Unfortunately, Pennsylvania does not provide any of these assurances to voters, candidates, political parties or the nation. Instead, Pennsylvania law mandates little transparency or accountability when it comes to its computer-generated election tallies — something no business organization would tolerate in its information systems.
The constitutional right to vote, the fundamental basis of our democracy, demands provably accurate election results in which all citizens can have faith. But when Green Party presidential candidate Jill Stein filed a federal lawsuit to compel a statewide recount in Pennsylvania to check on the accuracy of last month’s election results, it was rejected.
This was predictable but lamentable. The judge, applying a legal framework created in 1937, found that, in challenges to Pennsylvania elections, courts “for decades” have discovered no “hint that the required procedures might violate the Constitution.” This framework, however, has not been seriously reassessed to see whether it is adequate to protect voters’ rights in the information age, when e-voting systems are vulnerable to software meltdowns, hacking and even international cyberattacks — which, by the way, have successfully infiltrated highly protected military, intelligence and State Department networks, not to mention countless commercial systems.
Evidence of cyber-meddling by Russia or others in our elections undermines the legitimacy of winners and inflames the animosity of losers and their constituents. It undermines faith in our democracy.
Pennsylvania election systems are not “secure” and impervious to hacking, as some claim. No system is. In fact, scientific studies of electronic voting systems — including by internationally renowned Pennsylvania cybersecurity specialists — have demonstrated that these voting systems are open to tampering in multiple ways that would be completely undetectable to election officials.
And yet, in Pennsylvania those officials close off all avenues by which forensic checks for evidence of tampering or miscounts could occur, then claim that no such evidence exists and that therefore Pennsylvania election systems are secure and accurate. This is utter nonsense. And it defies core principles of cyber risk management.
While so far there is no direct evidence of a cyberattack this year on Pennsylvania systems, U.S. intelligence agencies unanimously agree that Russia did interfere in our election. Because our swing state lacks paper ballots and valid auditing procedures, the only way to check on our systems’ defenses against remote cyberattacks lies in forensic investigation. In fact, some states field forensic teams to check on suspicious activities during major elections.
As an election management and security specialist, and as a Pittsburgh voter, I urge the Birthplace of Liberty to become the Preserver of Liberty. Patriots of all political stripes must work together to ensure that Pennsylvania voters can have confidence in our elections.
Gov. Tom Wolf and legislative leaders immediately should appoint a bipartisan team of experts in cybersecurity management, election law, IT forensics and cyber-incident response to evaluate the adequacy of Pennsylvania’s election systems. Then they should field secure, auditable systems with paper backup ballots. Until they do, Pennsylvania voters have no reason to be confident that the election results in our commonwealth, a presidential swing state, are accurate.
To report inappropriate comments, abuse and/or repeat offenders, please send an email to
email@example.com and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner.