Skip to Content
Computing

How to hack an election—and what states should do to prevent fake votes

Two speakers at this year’s EmTech MIT conference addressed voting vulnerabilities.
September 13, 2018
Jake Belcher

Donald Trump won the 2016 presidential election thanks to the votes of just 107,000 people in three states. The intricacies of the Electoral College help create situations where a relatively small number of US citizens can decide who wins the presidency. How susceptible could these votes be to tampering? The answer: a lot more than you might realize.

In a live demonstration at MIT Technology Review’s EmTech conference today, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, showed just how easy it would be to meddle with vote tallies to directly change election outcomes.

Halderman brought an AccuVote TSX machine to the stage in a live demonstration of the dangers. He had three volunteers use the machine to vote in a mock election between George Washington and Benedict Arnold. Cameras pointing at the screen and projected above the stage showed the three voters casting their ballots for Washington. Yet when Halderman printed the returns from the machine, the reported result was a two-to-one victory for Arnold. 

How did it happen? Through tampering with the ballot programming. For every election, officials have to program the candidates into the machine using a physical memory card. Halderman infected this card with malicious vote-stealing software before any voters got anywhere near the polling booths. 

“This machine you saw here is used in 18 states, and some of the states, including Georgia, use an even older version of the software than I showed here today,” he said.

Ron Rivest
Jake Belcher

Beyond the machines people use to cast their votes, the main targets for someone trying to tamper with a US election are voter registration databases and the electronic devices used to check voters in at polling stations, according to Ron Rivest, Institute Professor at MIT.

If this all sounds terrifying, don’t panic. There are simple steps the authorities can take to mitigate the threat of an attack.

“We need paper verifiable ballots, no internet voting, and we need to ensure we can audit ballots properly. Some kind of paper trail the voter can use to verify their vote is very important,” Rivest said.

At a national level, $380 million was allocated for shoring up election security in March, and the Secure Elections Act is currently working its way through Congress. This would require states to have audit processes and paper trails for their elections, moves both Rivest and Halderman strongly support.

Meanwhile, West Virginia is set to use a blockchain to verify votes this fall. Might this be the answer?

Rivest is unequivocal. “Absolutely not. For many applications, voting included, blockchain is just a poor database choice. It takes things you put in it and preserves them forever. It’s a very poor fit for voting,” he said.

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.