Part 2: Can the vote be hacked?
In the first part of this series I looked at the historical context of voter fraud and the seminal findings of a 1982 Grand Jury which provided a comprehensive breakdown of types of voter fraud.
In part two of this series, I will examine four of the methods outlined in addition to the absentee voter method outlined in part 1, and specifically consider how these types of fraud can be used by hackers today on a much more significant scale.
The Grand Jury report cited several instances whereby individuals were offered incentives to register falsely in person. A similar strategy could be effective today.
As of June 2016, a total of 31 states plus the District of Columbia offer online registration, and another seven states have passed legislation to create online voter registration systems. Online voter registration may provide new ways for individuals to register under another person’s name. A cross-comparison between existing voter databases and census databases, for example, could easily provide hackers with a pool of potential voters who are currently unregistered.
Validation methods to establish voter eligibility for registration will need to maintain consistently high standards to avoid potential manipulation as online registration becomes the norm. At a minimum, basic e-commerce validation should be performed to ensure, for example, that multiple registrations do not occur from the same IP address.
Fraudulent Use of Absentee Ballots
The Grand Jury report detailed how some voters in Illinois were encouraged to apply for absentee ballots, even though they planned on voting in person. After comparing lists of eligible voters against actual vote lists, the blank absentee ballots were used to add fraudulent votes.
The ability to request absentee ballots online dramatically increases the potential scale of fraud in this scenario and, combined with information available online via hacked voter databases, increases the ease of implementation.
The Grand Jury report noted drunks and transients were paid to vote. A hacker equivalent could take many forms: Bitcoin payments in the dark web or perhaps the creation of “paying gigs” through on-demand workforce services such as Amazon Mechanical Turk, TaskRabbit and Gigwalk. The idea is that registering and voting for a specific candidate could become a “gig economy” task.
Altering the Vote Count
According to the report, one precinct captain ran a single Democratic punch card 198 times through the voting machine, followed by six punches of a Republican card. This is possibly one of the earliest examples of computer-related voting fraud.
In modern times, of course, the enterprising hacker would test all avenues of the voting system. Could the voting machines be accessed? Could the voting machines’ channel to the central tabulating server be accessed? Could the server itself be accessed? Could voter ID or other voting requirements be spoofed? The attack methods would depend on the avenue deemed easiest to access: malware for the voting machines, either custom-installed or via tampered firmware updates; man-in-the-middle or distributed denial-of-service (DDoS) attacks to spoof voting data or prevent it from being communicated; server attacks to alter databases or counting algorithms; attacks to modify voter registration guidelines encoded into online voter registration web sites; attacks to obtain access to up-to-date voter registration data in “get out the vote” canvassing campaigns conducted by legitimate political organizations. The list goes on.
While there is much speculation re the potential for voter fraud via tampering with voting machines, it is clear from the above that this is in no way the only or even the likeliest option. Hackers have proven themselves adept at penetrating what were once thought to be tamper-proof systems. The greatest threat to the integrity of the vote today is hackers and the scale which the Internet and other digital tools enable them to access information and perpetrate voter fraud.
In the final part of this series I will examine the potential solutions that can be put in place to keep hackers at bay and ensure free and fair elections remain honest.