This article was originally published at Freedom to Tinker on September 20, 2016.
Over 9000 jurisdictions (counties and states) in the U.S. run elections with a variety of voting machines: optical scanners for paper ballots, and direct-recording “touchscreen” machines. Which ones of them can be hacked to make them cheat, to transfer votes from one candidate to another?
The answer: all of them. An attacker with physical access to a voting machine can install fraudulent vote-miscounting software. I’ve demonstrated this on one kind of machine, others have demonstrated it on other machines. It’s a general principle about computers: they run whatever software is installed at the moment.
So let’s ask:
- Which voting machines can be hacked from anywhere in the world, through the Internet?
- Which voting machines have other safeguards, so we can audit or recount the election to get the correct result even if the machine is hacked?
The answers, in summary:
- Older machines (Shouptronic, AVC Advantage, AccuVote OS, Optech-III Eagle) can be hacked by anyone with physical access; newer machines (almost anything else in use today) can be hacked by anyone with physical access, and are vulnerable to attacks from the Internet.
- Optical scan machines, even though they can be hacked, allow audits and recounts of the paper ballots marked by the voters. This is a very important safeguard. Paperless touchscreen machines have no such protection. “DRE with VVPAT” machines, i.e. touchscreens that print on paper (that the voter can inspect under glass while casting the ballot) are “in between” regarding this safeguard.