The 2016 US presidential election was the 58th election and was considered one of the most controversial elections of the history. The two candidates during the primary election were Donald Trump from the Republican party and Hillary Clinton from the democratic party. Hillary Clinton lost the election to Donald Trump despite winning the popular vote and he became the 45th president of the United States. After the elections, CIA confirmed in the US Senate that there has been hacking of the DNC by the Russians during the 2016 election to favor Donald Trump’s victory. The breaching was also confirmed by the FBI. James R. Clapper, director of National Intelligence, testified before the US Senate in January 2017 that Russia played a part in breaching of a lot of other election systems and not just hacking of the DNC (“United States presidential election, 2016”). The Russians even meddled with the outcomes of the election through the spread of the disinformation and fake news using social media.
There were plenty of facts confirmed by higher-level officials regarding the hacking and breaching of the voting systems on the state level, but none were confirmed by the states. As mentioned by NBC News, the US officials confirmed that the Russians were successful to penetrate through the voting systems even before the 2016 presidential election (McFadden, Arkin, Monahan, & Dilanian). In addition, three senior intelligence officials told NBC that there have been breaching suspected in seven states (McFadden et al.).
At the end of the Obama’s administration, there was top secret intelligence requested in office because of their belief that Russians had breached into the state websites and databases (McFadden et al.). The officials believed that systems were breached in a number of ways from websites to breaching databases of voters. But such reports were denied by the Acting Press Secretary for Department of Homeland Security, Tyler Houlton, saying, “NBC’s reporting…is not accurate and is actively undermining efforts of DHS” (McFadden et al.). When those seven states were requested to give a statement on the rumored breaching, six out of seven states responded that there has been no breaching found based on their inspection (McFadden et al.).
But the question that is more important to consider while talking about such inspection is that what kind of inspection was done and were Russians smart enough to hack a system in a way that common cyber-attack inspection wouldn’t be able to catch it. In addition, how strong and reliable cyber defense team is of these private companies that provide that voting machines and systems to the states including how bulletproof is their system against the cyber-attacks. These answers cannot really be answered as many of these private companies own politics over it.
These private companies own monopoly and power over the ownership of their software and fight strenuously to not allow anyone to access it even if there are breaches. For example, Zetter talked about an event that occurred in Ohio during 2004 presidential elections where John Kerry lost, and his team was denied access to the voting machines “because it was the proprietary information” (par.10). As a result, the votes were impacted without leaving a trace of the breach, in a way that ensured the electoral votes in favor of Donald Trump which ensured his victory.
After the breaching of the 2016 election systems, all 50 states upgraded their systems but according to the survey by Politico, “most states’ election offices have failed to fix their most glaring security weakness” “even after receiving their share of funding of $380 million for election security” (Matishak). Even after such breaching, most states have no plan of buying new voting machines neither to invest in the cyber defense even though five states out of it are solely implementing paperless voting (Matishak).
Even though some of the systems that were breached by the Russians were the software of the private companies, the registration sites, the emails of the election officials (Ward). This is an evidence that in order to implement the electronic voting, the system becomes more vulnerable. As mentioned by Douglas W. Jones, an elections expert at the University of Iowa, “most states these days have [an] online voter registration tools or online absentee-ballot request tools (as mentioned in Ward). That means the voter registration database is online” because of which Russians do not need an “inside man” as all the information is easily available to hackers on the internet (as mentioned in Ward). Therefore, not many states are taking the issue as an important one which still leaves them vulnerable for any upcoming elections.
Electronic voting also popularly known as e-voting is the new era in the election voting world. E-voting is a quick and easy solution to long and time-consuming manual process of casting and counting paper votes. The e-voting can be implemented in two ways, one by using the EVM (Electronic Voting Machines) or the computers which are connected to the internet. The automation can be limited few aspects according to the need, for example, limit it to vote recording, vote input, data encryption and transmission to servers etc.
The ideal implementation of electronic voting can be considered as a system which can fulfill requirements such as security, privacy, accuracy, cost-effectiveness, integrity, scalability, accessibility, auditability, and ecological sustainability (“Electronic voting”). In general, e-voting is implemented in two major way. One, e-voting which is supervised by the government representative and second, e-voting through the internet from any location (“Electronic voting”). But the concerns that come with this easy tool are also critical and important. The inclusion of internet and different software, it makes the system more vulnerable to election frauds. In addition, as discussed in earlier chapters in the class that no coding algorithm is complete 100% bulletproof.
In addition, as mentioned by Schneier, there have been reports of many “unpredictable and inconsistent errors” of machines (“What’s wrong with electronic voting machines?”). One of the biggest issues for such faults is the “openness of a system to public examination from outside experts, the creation of an authenticatable paper record of votes and a chain of custody for records” (Schneier).
Therefore, in order to apply the electronic voting successfully, there are some aspects which need to be addressed, for example, using the private internet voting system and the identity check for each e-voter. For example, voters in Switzerland get their unique personal password to access the ballot (“Electronic voting”). In addition, Estonian voters can cast their votes using e-voting system because “most of them carry national identity card equipped with a microchip” and “all they need is these cards, their ID and its PIN” which allows them to vote from any corner of the world (“Electronic voting”).
To avoid the identity theft, Estonian e-voters are required to enter their PIN and answer personal questions and then the information will be verified before allowing them to vote (“Electronic voting”). As a result, there was a huge turnout from people who lived a greater distance from polling areas (“Electronic voting”). In addition, India implemented VVPAT (Voter Verifiable Paper Audit Trail) which a system which allows the user to verify their successful vote casting, to detect the election fraud and/or malfunction, and way to provides a way to audit the stored electronic results (“VVPAT”).
Furthermore, to run different testing on the systems is required and an integral part to secure the integrity. Some of the testings that can be considered are certification of newly purchased voting systems, mocking test for election day, updating and changing the password every election etc. There should be voting system testing such as its hardware testing, software testing, accuracy & logical test, and the post-election audit and most importantly the security of the voting systems (Pablos).
Besides the testing, there should be a backup plan when there is a mechanical failure. In such a scenario, there should be a paper backup, including a keeping the poles open late, having emergency machines ready. In case of software failure, there should be implementation of counting those paper backup votes instead of machine’s own recount process. Admitting and realizing that the threat is real is one of the vital parts towards creating a stronger cyber defense against the breaching from any foreign country in the future.