Russia and other states could hack the US election by attacking voting machines

It's been more than 16 years since faulty voting machine technology called into question a US presidential election, and in the ensuing 1.6 decades, the voting machine industry has used bafflegab, intimidation and salesmanship to continue selling faulty goods, whose flaws surface with despressing regularity.

Bruce Schneier makes the point that if the Russian state is behind the DNC hacks, there's no reason to expect that its attacks on the US political system will end there. Voting machines are so notoriously terrible that they'd be a very tempting target for Russia or other states that want to influence the outcome in 2016 (or merely destabilize the US by calling into question the outcome in an election).

But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it's slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing — publishing personal information and documents about a person or organization — and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.

By November, Russian hackers could target voting machines
[Bruce Schneier/Washington Post]

(Image: Lonely Diebold Voting Machine, subinfinitum, CC-BY)


(Thanks, Dan Miller!)