A New York attorney and cyber security expert says it may be time for American elections to be tallied with hand-counted ballots.
Alexander Urbelis, a computer hacker-turned-lawyer, says vulnerabilities in voting technologies, combined with the weaponization of personal data and rampant disinformation campaigns that underpinned the 2016 presidential election, have created “a really dangerous situation” for democracy.
“We live in a state of disbelief,” Urbelis said. “Facts aren’t facts, and nothing is verifiable.”
Meanwhile, Urbelis said vote tabulation equipment — such as the optical scanners widely used in Wisconsin — could be vulnerable to hacking at a local level or within the supply chain.
Urbelis cites examples of hard-coded passwords that can’t be changed by the user and evidence that Florida’s primary domain for state services is surrounded by dozens of international cybersquatters, an indication those domains — with addresses very similar to the official site — could be used to trick users into downloading viruses or giving up passwords.
Urbelis, who is scheduled to speak Thursday at the University of Wisconsin-La Crosse, said the result is uncertainty that threatens to undermine public trust in elections.
“It really is at root an issue of data integrity,” he said. “Can you trust the numbers you’ve been given?”
Thursday’s lecture will be the first at UW-L sponsored the Center for the Study of Institutions and Innovations at UW-Stout, which was launched last year with funding from the Charles Koch Foundation.
The foundation, funded by the conservative billionaire and prominent political donor Charles Koch, supports research and programs that advance “an understanding of how free societies improve well-being,” though an agreement grants UW-Stout and partner campuses independent control of programming.
James Szymalak, an assistant professor of political science and public administration at UW-L, said he wanted to host a talk on voting before the 2018 mid-term elections.
“Right now we’re so focused on this issue of collusion, people have forgotten about the actual physical machines,” he said. “Is this a federal issue, a local issue … no one wants to step up, because it’s money.”
Wisconsin bolsters system ahead of mid-term elections
Wisconsin election officials are working to improve security ahead of the 2018 elections.
Last year, the U.S. Department of Homeland Security confirmed that Russian agents had targeted, but not compromised, the voter registration system in 2016, and later this spring will conduct a two-week test to simulate hacking attempts on the network.
The Wisconsin Elections Commission also is working to train 1,853 municipal clerks on how to improve security.
In Wisconsin, votes are cast either on a paper ballot or a touch-screen system that produces a printed receipt for the voter to verify. But Urbelis notes the paper ballots aren’t hand-counted unless the race is close enough to trigger a recount.
WEC spokesman Reid Magney said the online voter registration database is separate from the machines used to count ballots and notes that Wisconsin law requires the election commission to regularly audit randomly selected reporting units to ensure counts are not off by more than 1 vote for every 500,000 ballots county.
“It always meets that standard,” Magney said.
In a recount of the 2016 presidential election, Donald Trump’s margin over Hillary Clinton grew by just 131 votes out of nearly 3 million ballots cast. The primary cause for miscounts, according to election officials, was human error.
Magney also notes that the computers used to program voting machines are not connected to the Internet or to local computer networks.
While that is a good security practice, Urbelis said its efficacy ultimately depends on the employees and volunteers who use the machines. For example, air gaps can be bridged by virus-infected thumb drives or other portable devices. Or hackers could go after the voting machine software itself at the source.
Last year, The Intercept published a leaked National Security Agency report that Russian operatives had targeted a voting software vendor and more than 100 local election officials in the days leading up to the 2016 election.
“I think the idea that we can tick off a couple of boxes and make our election safe is fanciful,” Urbelis said.
The answer, Urbelis believes, may require a return to a mechanical process that puts geographic distance between the system and those who seek to corrupt it.
“I love computers, but I also don’t think they need to be everywhere,” he said. “We don’t always need an app for that."