Concerns about the fragility of US electronic voting systems to cyberattacks go back to 2002 when the Help America Vote Act was passed mandating the replacement of lever-based machines and punchcards with more modern voting equipment.
Those concerns have been greatly amplified this election season with reports of attacks on voter registration systems in some 20 states and intrusions into the Democratic National Committee’s computers by hackers believed to be out of Russia.
The attacks have stirred considerable fears about foreign adversaries and nation-state actors somehow disrupting the elections and even manipulating the outcome of the voting to favor one of the two major party candidates.
The reality is less alarmist than might first appear.
Recent attacks involving the theft of data from voter registration systems in Illinois and Arizona certainly serve as a warning about the potential for foreign actors to cause problems. But the fact is that the attacks have been on systems used to manage the elections and handle tasks like voter registration, not the voting systems that people will use to cast ballots.
The actual machines that people will use to vote are not Internet-connected and are therefore protected against a vast number of cyberattacks that people assume the systems are exposed to, the National Association of Secretaries of State said in an open letter to Congress recently.
In all states but five, a vast majority of the electronic voting equipment that voters use will have paper backups. Some voters will use what are known as Direct-Recording Electronic (DRE) voting systems to cast their votes electronically. Others will mark their choices on a paper ballot and feed it into an optical scanner that will do the ballot counting. In both cases, voters and election officials will have a so-called Voter Verifiable Paper Audit trail that will provide a reliable backup even if the machines fail or are somehow compromised.
Pre-election integrity tests and post-election audits and checks should help spot discrepancies and errors as well, the NASS has noted while cautioning against a loss of public confidence in the US voting system.
Despite such reassurances, security analysts point to several weaknesses in electronic voting systems that attackers could take advantage of to cause varying degrees of problems.
Here are seven of those security weaknesses in e-voting systems.