J. Alex Halderman is among the foremost experts in electronic voting systems in the world. (For more about him, see his web page, here.)
In June, he testified before the Senate Intelligence Committee regarding Russian efforts to influence the 2016 US elections. His testimony is chilling:
J. Alex Halderman, professor of computer science at Michigan University, said he and his team began studying "direct-recording electronic" (DRE) voting machines 10 years ago and found that "we could reprogram the machine to invisibly cause any candidate to win. We also created malicious software — vote-stealing code — that could spread from machine-to-machine like a computer virus, and silently change the election outcome."
******
As a computer science professor, Halderman has not only run academic trials on hacking voting machines, he has also run real-time examples.
"The one instance when I was invited to hack a real voting system while people were watching was in Washington D.C in 2010, and in that instance it took less than 48 hours for us to change all the votes and we were not caught," Halderman said about the experiment. (emphasis added)
The question, apparently, is not whether it is technologically feasible to alter vote totals. Only whether a malicious actor wished to do so:
The committee has heard from multiple experts who have said the Russian efforts in 2016 did not result in any changed votes. Additionally, not all states or local election jurisdictions use the DRE voting machined described by Haldeman.
But Halderman said he does not believe claims that because some voting machines aren't connected to the Internet, they are somehow safe.
"Attacking the IT systems of vendors and municipalities could put the Russians in a position to sabotage equipment on election day, causing voting machines or electronic poll books to fail, resulting in long lines or other disruptions," Halderman said.
Prof. Halderman was, to put it mildly, sanguine about whether one malicious actor in particular— Russia— could infiltrate a large number of the voting systems across the US:
“My conclusion,” Halderman told the committee, “is that our highly computerized election infrastructure is vulnerable to sabotage, and even to cyber-attacks that could change votes.”
“Dr. Halderman, you’re pretty good at hacking voting machines, by your testimony,” Senator Angus King of Maine observed. “Do you think the Russians are as good as you?”
“The Russians have the resources of a nation-state,” Halderman replied. “I would say their capabilities would significantly exceed mine.” (emphasis added)
Prof. Halderman is not alone among experts in computer security in noting the vulnerability of US voting systems to outside interference:
Jake Braun, another organizer, said he believed the hacker voting village would convince participants that hacking could be used to sway an election.
"There’s been a lot of claims that our election system is unhackable. That's BS," said Braun. "Only a fool or liar would try to claim that their database or machine was unhackable."
Of course, the issue is not whether Putin’s hackers and agents possess the technical capability to materially affect the US election, nor is it in dispute that Putin ordered his assets to do just that:
We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process,denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgments. We also assess Putin and the Russian Government aspired to help President-elect Trump’selection chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate confidence. (pg.ii)
******
Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or “trolls.”Russia, like its Soviet predecessor, has a history of conducting covert influence campaigns focused on US presidential elections that have used intelligence officers and agents and press placements to disparage candidates perceived as hostile to the Kremlin. Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties. We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks. Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. (pp. ii-iii)
At the time of it’s report, in January of this year, the Dept. of Homeland Security concluded: ‘DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying’.
Of course, that’s something less than a reassuring conclusion— the systems involved in vote tallying. As Prof. Halderman and others demonstrated, numerous avenues exist to alter the outcome of an election, and it’s not evident that this report was based on the information we have since learned, how deeply the Russians infiltrated multiple voting systems. And it bears repeating Prof. Halderman’s ominous finding: ‘we could reprogram the machine to invisibly cause any candidate to win’.
If this is the case, and Russia’s capabilities, in the view of one of the world’s leading experts on the subject, are vastly superior to his, how would DHS (or the rest of us) know whether votes were changed to determine Putin’s favored outcome?
As Charlie Pierce said it so well:
The last outpost of moderate opinion on the subject of the Russian ratfcking during the 2016 presidential election seems to be that, yes, there was mischief done and steps should be taken both to reveal its extent and to prevent it from happening again in the future, but that the ratfcking, thank baby Jesus, did not materially affect the vote totals anywhere in the country. This is a calm, measured, evidence-based judgment. It is also a kind of prayer. If the Russian cyber-assault managed to change the vote totals anywhere, then the 2016 presidential election is wholly illegitimate. That rocks too many comfort zones in too many places.
Putin isn’t playing.