The electronic voting machine, now used to some degree in all 50 states, is the functional equivalent of an unoccupied Lamborghini left running at midnight with vanity plates that say STEALME. This summer, hobbyist hackers with no specialized expertise who attended a convention called Defcon were able to compromise four different voting machines, one in less than 30 minutes. "Unfortunately, they were much easier than, say, a home router or mobile device," says Defcon organizer Jeff Moss.

Voting machines often run on antiquated operating systems with known vulnerabilities (think Windows 2000), and are not typically updated with the latest or even basic security patches and precautions, says Lawrence Norden, deputy director of the Democracy Program at New York University School of Law. Experts gave examples of all sorts of possible mischief: reprogramming the machines' firmware, inserting malicious code, swapping out memory cards, thereby producing virtually any result. Even voting machines not connected to the internet are vulnerable, as each election requires that machines be programmed with the ballot. Hack the software that records votes, and you've hacked every machine. The list goes on, and becomes littered with terms like "deep ROM dumps" and "shell injection vulnerability," neither of which sounds like something Thomas Jefferson would have looked upon favorably.

Online voting is hardly a fix. "There are so many problems and insecurities in internet voting, it's not something we should even begin to consider in the next ten years," says Princeton University professor of computer science Andrew Appel. Consider that in one infamous test of an online absentee voting system, a team from the University of Michigan was able to get the cartoon robot Bender from Futurama elected to the Washington, D.C., school board, which, to be fair, might have been an improvement.

Vote for Bender

Every expert we interviewed stressed that electronic vote-tallying systems need a low-tech backup—such as a paper ballot that's optically scanned by the voting machine. While a machine counts the votes, the paper ballots are retained and may be used to audit the results. "Physical fail-safes are what you want," says J. Alex Halderman, director of the Center for Computer Security and Society at the University of Michigan (and the man who led the test assault on D.C.'s online ballot system). "You want the brakes in your car to work even if the computer goes haywire. It's common sense. When you can avoid having to completely trust computer systems to behave correctly, you should."

Fortunately, approximately 70 percent of votes cast in 2016 were associated with some form of paper ballot that could be checked, Halderman says. Less fortunately, only a few states assiduously audit their electronic results, and ten states use so-called direct-recording voting machines—which are essentially just touch screens, with no paper component and therefore no means to validate results independently. We'd vote to change that. The sooner the better.


This story appears in the November 2017 issue.