After the onslaught of computer intrusions suffered by US institutions and political parties in the 2016 presidential election, the decade-old issue of electoral systems' security was brought back into the public discourse. The American people had the concrete fear their vote too might be manipulated. They worried the election could be factually hacked.
The good news is that such hack does not appear to have happened and despite a recount no significant anomalies have emerged. This assessment still stands even after the recent publication by The Intercept on suspected attempts by Russian intelligence to penetrate the computers of vote counting machines manufacturers and elections officials. The bad news is that, particularly if electronic voting becomes more popular, future elections might very well get hacked.
Read more: This Is Why We Still Can't Vote Online
We know at least of some sustained attempts at compromising such systems during the Ukrainian elections in 2014. We have been warned so many times of the lacking security of electronic voting machines in use in India, the Netherlands, the United States. Even Estonia, which is widely regarded as the country with the most technologically advanced system of governance, has struggled with securing their elections systems. Yet, voting machines are becoming increasingly popular, in developing and developed economies. From Asia to Latin America, through Africa, Europe and the United States.
I, as many other friends from the hacker community, have always been vehemently opposed to the use of electronic voting machines and for good reasons.
Electronic voting attempts to solve a problem that just doesn't exist.
Firstly, electronic voting attempts to solve a problem that just doesn't exist. With the predominant system of paper ballots, we normally get a preliminary count of the votes in a matter of hours already. The benefits provided by a more automatized counting process are not only questionable, but they simply do not outweigh the gravity of the risks involved.
Secondly, we just don't have a voting technology that is more secure than paper right now. Direct-Recording Electronic voting machines (or just DRE) vary in technical operations and vendors, but they generally all share two common traits: they are proprietary and they are insecure. They are an assembly of layers, both hardware and software, that can potentially be tampered with and even remotely subverted. The integrity of this complex and opaque system simply can not be guaranteed. We would have to trust the technology. Paper ballots on the other hand are extremely hard to hijack at scale and any tampering would require in-person infiltration, and yet no particular role has enough power to completely invent an electoral outcome. Additionally, the custody and count of paper ballots heavily rely on not trusting anyone, by involving multiple people with diverse opinions and opposing political beliefs overseeing a process which has been thoroughly stressed and verified for decades.
A good old piece of paper and a pencil might just do the trick.
If using electronic voting machines wasn't concerning enough, some countries are moving towards adopting online voting (sometimes referred to as e-Voting or I-Voting), allowing people to cast their votes comfortably from home on the Internet, rather than at a kiosk somewhere else. In Estonia, for example, 30.5% of all participants voted for the 2015 parliamentary elections over the Internet . If all the news of hacks, dumps, espionage, sabotage and other cybering should tell us anything, is that the idea of exercising the fundamental manifestation of a democracy over the Internet is just pure madness.
Germany, the country where I live, has banned electronic voting in 2009. The Netherlands abandoned it in 2007. Many others instead are moving towards a complete digitization. That is worrying. We need to audit and responsibly bring to the public attention the shortcomings of these systems. This year the DEF CON hacker conference is running a Voting Machine Hacking Village, an initiative that should be replicated in as many other countries as possible. Online voting needs to be abandoned and DRE machines need to be replaced at the very least with optical scanners and human as well as machine readable paper ballots.
While electronic voting systems hacking might not have affected the outcome of an election thus far, it is exactly in moments like this with hateful politics and extremism on the rise that we might see bigger incentives to subvert democracy. For that we need to be prepared, and a good old piece of paper and a pencil might just do the trick.
Claudio "Nex" Guarnieri is a hacker, security researcher and human rights activist. He is specialized in investigating computer attacks and tracking state-sponsored hacking campaigns, particularly those targeting journalists and human rights defenders. He also works for Amnesty International and co-founded Security Without Borders. This piece reflects his independent views.
Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.