The cover story of Newsweek this week is a lengthy investigative report by David Freedman into Here’s How Russia May Have Already Hacked the 2018 Midterm Elections. Here are the opening graphs using Bucks County, Pennsylvania as an example:
It’s not easy to get in to see Diane Ellis-Marseglia, one of three commissioners who run Bucks County, Pennsylvania. Security is tight at the Government Administration Building on 55 East Court Street in Doylestown, a three-story brick structure with no windows, where she has an office. It also happens to be where officials retreat on election night to tally the votes recorded on the county’s 900 or so voting machines. Guards at the door X-ray bags and scan each visitor with a wand.
Unfortunately, Russian hackers won’t need to come calling on Election Day. Cyberexperts warn that they could use more sophisticated means of changing the outcomes of close races or sowing confusion in an effort to throw the U.S. elections into disrepute. The 2018 midterms offer a compelling target: a patchwork of 3,000 or so county governments that administer elections, often on a shoestring budget, many of them with outdated electronic voting machines vulnerable to manipulation. With Democrats on track to take control of the U.S. House of Representatives and perhaps even the Senate, the political stakes are high.
Russian hackers were notoriously active in the 2016 election. Although President Donald Trump disputes it, evidence suggests that they were responsible for breaking into the Democratic National Committee’s computers, according to U.S. intelligence reports. They ran a disinformation campaign on Facebook and Twitter. They also attacked voter registration databases in 21 states, election management systems in 39 states and at least one election software vendor—and that’s only what the government’s intelligence services know about.
Although there’s no evidence that these attacks resulted in direct changes in vote tallies, cybersecurity experts fear that the Russians may have already made inroads into the U.S. election system, including planting malware—malicious computer programs—in the voting machines themselves. States and counties have reacted so slowly to the threat that secure voting machines aren’t going to be in place until 2020, giving the Russians an incentive to strike in 2018, while they can.
The result could be a historic foreign attack on the very mechanics of U.S. democracy, says David Hickton, a former U.S. attorney who focuses on cybercrime. “This is an assault on our sovereignty. Russia’s hacking architecture is already in place here. The only question now is, What are we going to do about it?” Early in October,Hillary Clinton compared Russia’s cyberinfluence on our elections to the events of 9/11. “We have been attacked by a foreign power,” she says, “and have done nothing.”
The U.S. certainly hasn’t forced the Russians to look hard for places to strike. The midterm elections are rich in targets. Bucks County is hardly unique in relying on easily hacked voting machines, whose results could determine control of Congress or individual states. About 30 percent of America’s voting machines are as outdated and nearly unprotected as those in Bucks County, says Marian Schneider, a former Pennsylvania deputy secretary for elections and administration and now president of Verified Voting, a national election-integrity advocacy group.
David Freedman then delves into the many ways in which an election can be hacked in the United States. It is a sobering examination of how little concern state and county election officials, who actually run our elections, have shown for cyber security and ballot integrity, even after the Russian interference in the 2016 election. Our democracy is under attack from a hostile foreign power, and our response is “Meh, we can’t afford to do anything about it.”
The true source of our problem is American’s desire for instantaneous results and our reliance on vulnerable computer technology to produce it. If Americans would exercise more patience to secure the integrity of the ballot and to count the vote accurately we could solve this problem. Sometimes the old-fashioned way is still the most secure, reliable and best way: paper ballots counted by hand in the presence of observers, and verified.
We could do it the way that Great Britain counts its votes:
Stage 1: counting the ballot papers
The count opens with the ceremonial unsealing of the ballot boxes, both those from the polling stations and those containing the postal ballots, which have already been opened and verified but the actual votes not yet counted. The ballot papers are emptied on to the counting tables, and, in the manner of a stage magician, the emptiness of the boxes displayed to the assembled observers.
All ballot papers are then counted, the counters ensuring the number of papers in each box matches the ballot paper account – the form completed by the presiding officer at either the polling station or the opening and verification of the postal ballot packs.
Note: The post-election hand count audits of ballots that we do here in Arizona are only partial audits. Early votes are audited separately from auditing votes cast in precincts on election day. Early ballots from a precinct are not combined with ballots from election day, so there is never a true verification of the total number of ballots cast in each precinct. Arizona also only audits a small number of ballots. The British system is far superior for verifying accuracy.
If the numbers don’t match, there are recounts until they do match or the same number of ballots is recorded twice in succession.
Stage 2: counting the votes
First, ballot papers from different boxes are mixed, to preserve the secrecy of the vote. They are then allocated to count teams, who sort the papers by the candidate voted for – each voter in the UK’s plurality electoral system being allowed, of course, only one unambiguous X vote.
If the voter’s X is not clearly in the box next to a candidate, it becomes a “doubtful” paper, with the ARO or deputy adjudicating on its validity. But nowadays, the aim is to divine the voter’s intention wherever possible, and only where it is completely unclear or disputed is the ballot paper actually rejected.
With “Wank, wank, good guy, wank” having been recently deemed a valid vote (cast for the SNP), it’s reasonably safe to say a tick, a “Yes”, or a smiley face are all likely to be accepted. If a candidate’s agent objects, the objection is recorded, but again, it’s ultimately the Acting Returning Officer’s (ARO’s) decision.
With sorting completed, each candidate’s votes are then counted, plus any rejected votes, and the total checked against the total number of ballot papers recorded in the first count.
Stage 3: the result
The ARO then shares the provisional result with the candidates and their agents, at which point either a candidate or agent may request a recount of the votes. There are no rules defining either how close a result needs to be to qualify for a recount or the number of recounts – seven being the current record, jointly held by Brighton Kemptown (1964) and Peterborough (1966).
Again, it’s the ARO’s decision whether to allow a recount. After all, some recount requests are inevitably made simply to try and save losing candidates’ £500 deposits, which are forfeited if they win less than 5% of the vote.
There hasn’t been a constituency tied vote in a general election since Ashton-under-Lyne declined to pick a winner in 1886. But they occur frequently in local elections, and the convention is that, if the votes remain level after recounts, the ARO will decide the winner by a random method acceptable to the candidates concerned – perhaps tossing a coin, or as in one recent case, having the candidates draw different length cable ties inserted into a legal text book.
This would also encourage more civic participation in our elections. Currently we have poll workers and party observers (and post-election auditors in Arizona). The ballot counting boards would require more citizens for the counting of ballots. This civic participation in elections is a good thing.
We can remove the vulnerability to hacking of computerized voting systems, we just have to have the public will to do it.
This would also eliminate the media consortium (the National Election Pool) from calling races based upon partial computerized vote tallies (ballot counting actually goes on for days, if not weeks after Election Day because of early ballot verification and conditional ballot verification). There is solid research that shows this has depressed voter turnout in places where voting is still occurring. Under the British system, the media would get the results the same time as everyone else when election boards post their final vote tallies.
If it takes a few days to count all the ballots, who cares? How is your life going to be any different if you do not have instantaneous results on Election Day eve but you have to wait a few days for the final election results? It’s not. Patience is a virtue.
The other problem that no one mentions is the financial incentives that the handful of election equipment companies and the handful of media companies have in maintaining the current flawed election system. There is big money involved, and they are going to resist any changes that threaten their lucrative bottom line.
So our democracy dies because of corporate greed.