Part 3: Can the vote be hacked?
In the first two parts of this series I examined the several different types of voter fraud as outlined by a 1982 Grand Jury Report. I then examined how in each case, a hacker could employ a similar method on a much large scale in today’s digital environment.
It is clear from our findings there are grounds for concern.
Consider the potential scalability of false voting registration. Access to voting databases and detailed voter behavior from social media creates the potential for millions of otherwise undetectable fraudulent votes, a process made easier by low voter turnout. If valid voter turnout is 90%, only 10% of the entire population is potentially eligible for fraud, and the impact of fraudulent votes would be relatively low. With less than 50% turnout, however, there is a much higher proportion of potentially fraudulent votes – enough to alter the legitimate outcome.
Fortunately, there are tools and processes which can tackle this kind of cybercrime and keep elections honest.
In cybersecurity, fraudulent representation is combatted via authentication, which ensures that a person or computer process is who they say they are, that any transfer of information includes a validation process to ensure that source and destination are who they say they are, and that sensitive repositories of information and critical systems are protected by restricted access and by regular checks for intrusion.
The vulnerability of voting machines has already been well-documented. Voting machines should employ strong encryption and authentication to servers collecting data. They must be designed to authenticate that data submitted is from a valid voter, and there should also be independent methods for voters to check that their vote was tabulated correctly. Firmware updates to voting machines should be code-signed. Physical access to voting machines needs to be restricted, and the machines themselves should employ anti-tampering technology.
Voter authentication could be conducted by sending an SMS confirmation of a vote and/or an email to the person who supposedly voted. This “two-factor” authentication method makes it much harder to commit voter fraud of any kind – not least by creating an independent set of data by which vote results can be validated against and by bringing additional sources of review to the process.
Transparency and outside expert validation should also be considered. Experts in digital forensics – whether public or private – are well-equipped to examine all levels of the voting process to detect fraud. There is also the opportunity to leverage machine learning and big data analyses of present and past voting patterns to identify anomalies and potential improper activity.
We can never be complacent about hackers, particularly when it comes to elections and democracy. While the methods of voter fraud have not substantially changed, the scale at which these methods can be deployed has. The tools exist to combat the potential for hackers to commit voter fraud; it is imperative that they are put in place.