For years, Jon “Hannibal” Stokes has been writing incredibly detailed articles on CPU architecture. He’s particularly good at presenting a lot of in-depth technical information in a way that’s accessible to moderately tech-savvy people. I’m much more capable of pretending to understand CPU architectures after reading his articles.
Now he’s turned his attention to voting machines, and he does his usual thorough and clear job explaining “How to steal an election by hacking the vote”:
hat if I told you that it would take only one person–one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company’s internal computer network–to steal a statewide election? You might think I was crazy, or alarmist, or just talking about something that’s only a remote, highly theoretical possibility. You also probably would think I was being really over-the-top if I told you that, without sweeping and very costly changes to the American electoral process, this scenario is almost certain to play out at some point in the future in some county or state in America, and that after it happens not only will we not have a clue as to what has taken place, but if we do get suspicious there will be no way to prove anything. You certainly wouldn’t want to believe me, and I don’t blame you.
So what if I told you that one highly motivated and moderately skilled bad apple could cause hundreds of millions of dollars in damage to America’s private sector by unleashing a Windows virus from the safety of his parents’ basement, and that many of the victims in the attack would never know that they’d been compromised? Before the rise of the Internet, this scenario also might’ve been considered alarmist folly by most, but now we know that it’s all too real.
Thanks the recent and rapid adoption of direct-recording electronic (DRE) voting machines in states and counties across America, the two scenarios that I just outlined have now become siblings (perhaps even fraternal twins) in the same large, unhappy family of information security (infosec) challenges. Our national election infrastructure is now largely an information technology infrastructure, so the problem of keeping our elections free of vote fraud is now an information security problem. If you’ve been keeping track of the news in the past few years, with its weekly litany of high-profile breeches in public- and private-sector networks, then you know how well we’re (not) doing on the infosec front.
Over the course of almost eight years of reporting for Ars Technica, I’ve followed the merging of the areas of election security and information security, a merging that was accelerated much too rapidly in the wake of the 2000 presidential election. In all this time, I’ve yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it’s time to hit the panic button: In this article, I’m going to show you how to steal an election.
Obviously, this article should give anyone who cares about fair elections the chills. I think the most interesting part of the article is the section where he considers who is in a position to steal an election:
if you learn one thing from this article, I hope it’s this: DREs multiply tremendously the sheer number of institutions and people that you have to trust in order to have confidence in an election’s results. In this last part of the article, I’d like to give you a feel for who you’re relying on when you walk into a polling booth this November and make a touchscreen selection for your candidate of choice.
Read on to see all the people in a position to undermine the integrity of our elections.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.