Disruptive by Design: Hacking the Vote, Again

The 2020 election may be the most vulnerable yet. Last year, several federal agencies released a joint statement identifying election security as a “top priority for the U.S.” However, some have proposed mail-in ballots due to the COVID-19 pandemic and consequences associated with not social distancing. Why are we going backward instead of forward? Reverting backward during a disaster only adds challenges and difficulties with an already broken voting system. We need to be proactive, not reactive, when electing leaders at all levels across the country.

It’s worth noting that neither mail-in ballots nor voting machines allow the authenticity of the vote to be verified. Americans should “trust, but verify” the American vote and the democratic system we created 244 years ago.

Even if voting machines function properly, elections operate with citizen volunteers who do not require any special clearance. Anyone can sign up and gain access to voting machines before the first ballot is cast or after voting closes. An insider could run a preprogrammed executable file to alter the vote via a USB, a memory card or another device. Or a volunteer counting paper ballots could change or “misplace” some of the votes. An insider threat operation may be relatively easy to pull off, and who is to say it hasn’t already been done?

Voting machines often have either no password or an easy password shared among voting staff and applied to multiple machines—extremely unsafe practices. In a previous column (SIGNAL Magazine, May 2016, page 13, Disruptive By Design), I suggested the government get rid of voting machines and allow citizens to vote via their smartphones and computers. Had the government begun the modernization process then, we would’ve been ready for the first vote-from-home election.

Why can Americans perform some things online, but not others? For example, the U.S. 2020 Census was performed online at a .gov website and met the requirements for the Federal Cybersecurity Enhancement Act of 2015.

Similarly, users could access a secure website where voters would be required to use a secure encrypted login with Multi-Factor Authentication (MFA) and comply with other security measures to ensure that each citizen could only vote once. Not to mention, we could easily geo-block foreign Internet protocol addresses and perform penetration tests and vulnerability assessments to safely modernize the entire American vote. Then, artificial intelligence (AI) could be applied to validate the voter throughout the process. AI already helps prevent and identify insider threats to future elections. It can analyze computing power, voters’ personal data and vote data, related algorithms and more. AI can see beyond what humans see and may detect election anomalies virtually impossible for the human eye to find.

Some may raise privacy concerns, but frankly, perhaps voter anonymity is outdated in this high-tech world. Many voters already take photos of their vote and publicly state who they voted for, so perhaps we could use this to our advantage and add a biometric MFA option to trust but verify that our vote is cast as it should be.

Initially, this entire process to update the election would require an investment to properly design and maintain its protection. However, we would be investing in the confidence of our vote instead of paying the cost of having our election hacked.

We should have confidence in how our election system works. Yet, it’s even more vulnerable during this world pandemic. Voter fraud, inaccurate mail-in ballots, voter machine manipulation and foreign interference all threaten to undermine election security. If the time to secure and modernize our election process to trust but verify isn’t now, then when?

Ryan René Rosado is a cyber consultant. She is pursuing a Bachelor of Science in Cybersecurity degree at Utica College and is expected to graduate in December 2020. She is also pursuing a Bachelor of Science in Emergency Management degree at the State University of New York (SUNY) Empire State College. Rosado received the Emerging Leadership in 2018 and the Distinguished Young AFCEAN Award in 2016. The views expressed here are her own.