Election Hacking: How to Keep Your Vote Secure

An illustration of the Untied States with its border aglow.

Matt Anderson Photography / Moment / Getty Images

Election manipulation has been around for as long as elections themselves in the form of ballot stuffing, voter intimidation and impersonation, vote and turnout buying, and other similarly low-tech tactics. The widespread use of electronic voting machines, and computers to assist in the tabulation of votes, has introduced another threat: election hacking.

How Can An Election Be Hacked?

Election hacking can involve a handful of different attack vectors. Hackers can target vulnerable electronic voting machines directly, voter registration databases, state election databases, and even the computer networks of political parties.

If your definition of hacking goes beyond altering the machines and/or databases of voters, you could even consider organizations that attempt to influence elections through false stories a type of hacking.

Potential attacks on each of these targets yield vastly different results, but they can all have the chilling effect of altering or delegitimizing the the results of an election in the eyes of the electorate.

Hacking Vulnerable Electronic Voting Machines

The security of electronic voting machines, and direct recording electronic (DRE) voting machines in particular, has been called into question in recent years. The concern is that hackers could tap into these machines and flip votes, or even add or subtract votes, and alter the course of an election.

While there is no concrete evidence that any DRE voting machines have ever been hacked in the United States, information security professionals and white hat hackers have identified vulnerabilities in several systems that could potentially be used to execute an attack.

Protecting Electronic Voting Machines From Hacking

The primary defense against hacking, in the case of DRE voting machines, is to design voting and vote tabulation systems so that they aren't connected to the internet or to any computers that are connected to the internet. This prevents hackers from accessing these systems remotely.

Even when voting systems are designed with these principles in mind, they aren't always followed.

In a report filed in 2011, David Eckhardt, a computer science professor at Carnegie Mellon University, revealed that he discovered remote access software installed on election-management computers in a rural Pennsylvania county.

Eckhardt was brought in when officials suspected that their voting machines had been tampered with. He didn't find any evidence of tampering, but he did uncover remote access software that a contractor had installed in order to work from home. This in itself was not a hack, but this is the exact type of back door into election-management computers that hackers could theoretically exploit.

Even when electronic voting machines are completely disconnected from public networks, they still remain vulnerable to direct, physical attacks. In theory, a hacker could introduce malicious code to an electronic voting machine through a card reader or data port, although this would require direct, physical access to the machine.

Paper Trails and Regular Security Testing

The problem with securing electronic voting machines, at least in the United States, is that individual states, counties, and even precincts are responsible for their own hardware and networks.

One way to protect against election hacking is to create a paper trail. This involves fitting DRE voting machines with printers that are capable of creating a ballot receipt for each voter. The voter verifies that the receipt matches their votes, and the receipts can later be checked against the electronic results to reduce the chance of fraud.

It's also important for states, counties, and local precincts to regularly test and inspect their voting machines and election-management networks. Regular, transparent testing and inspection of voting machines and networks can both decrease the likelihood of an attack and increase voter confidence in the system.

Hacking Voter Registration and State Election Databases

The other type of hacking that can have an impact on elections involves databases that are, by design, accessible via the internet. Unlike electronic vote machine hacks, which have never been verified, state voter registration databases have been compromised in the past.

When a hacker gains access to a voter registration database, they may be able to alter, or remove, voter information. This has the potential to disenfranchise voters, who could arrive at their polling place only to find that their name isn't on the electoral roll.

Voters may be able to cast provisional ballots in cases like these, but those votes may not be counted if the voter's registration was completely purged.

In addition to manipulating these databases, hackers could potentially gain access to sensitive information like names, addresses, drivers license numbers, and even partial or complete social security numbers, opening voters up to other threats, like identity theft.

Some successful hacks have also targeted political parties. While these types of attacks can't directly impact the votes in an election, they can effectively swing momentum in one direction or another due to shifts in public opinion following a hack.

The larger concern is that if a hacker were able to gain access to a state election database, including the computers used to tabulate and report votes, they could theoretically change the outcome of an election.

How to Keep Your Vote Secure

As an individual voter, there is very little you can do to keep your own vote secure and safe from hacking, manipulation, or fraud. The most effective action you can take, if this subject is important to you, is to contact the elected officials in your area who are actually responsible for securing elections against hackers and raise your concerns.

On a personal level, here are some tips to secure your vote and make sure it counts:

  • If you vote via paper ballot and optical scanner:
    • Read the instructions on your ballot, and make sure that you mark the ballot in the required fashion.
    • If given the option, scan the ballot yourself. Do not leave the ballot scanner until you see that your ballot was accepted.
    • If not given the option to scan your ballot, ensure that your ballot is placed into a tamper-proof container by poll workers.
  • If you vote via a DRE voting machine:
    • Familiarize yourself with the touchscreen, push-button, or dial controls.
    • As you vote, pay close attention to each screen, and make sure the machine is correctly registering your choices.
    • If provided with a confirmation screen, carefully go through the list to make sure that it lines up with the choices you made.
    • Ask poll workers if the machines are equipped with a voter-verifiable paper trail. If they are, make sure to examine your ballot receipt carefully when you are done voting. If it doesn't match the actual choices you made, you may be able to mark it spoiled and try again. If it still doesn't match, bring it to the attention of poll workers. The machine may be calibrated improperly.
  • If you vote via mail:
    • Voting via the mail is generally considered to be secure, as the primary vector for attack involves stealing and altering ballots after they have been placed in a mailbox or drop box.
    • If possible, avoid putting your ballot in an unsecured personal mailbox.
    • Use a secure mailbox if possible, or take your ballot to a designated drop off point.