The upcoming U.S. presidential election can be rigged and sabotaged, and we might never even know it happened.
This Election Day voters in 10 states, or parts of them, will use touch-screen voting machines with no paper backup of an individual's vote; some will have rewritable flash memory. If malware is inserted into these machines that's smart enough to rewrite itself, votes can be erased or assigned to another candidate with little possibility of figuring out the actual vote.
In precincts where vote tallies raise suspicions, computer scientists will be called in the day after the election to conduct forensics. But even if a hack is suspected, or proven, it would likely be impossible to do anything about it.
If the voting machine firmware doesn't match what the vendor supplied, "it's like you burned all the ballots," said Daniel Lopresti, a professor and chair of the Computer Science and Engineering Department at Lehigh University in Pennsylvania. "We have no way to confirm that we can really trust the output from the machine," he said.
This election in particular has computer scientists and security experts worried. They are concerned that electronic voting machines, voter tabulation and registration systems will be hacked. If an attack causes a polling place backup and some voters to leave and go home, the vote is reduced. This may be as effective as voting-machine tampering in affecting the outcome. It may also undermine confidence in the results. Pennsylvania is attracting the most concern. It is a swing state and many counties use touch-screen systems that do not use a paper ballot or produce a paper record -- for the voter to inspect -- of the voter's intent.
Lopresti was an expert witness for the plaintiffs in a Pennsylvania case challenging the use of touch screen voting machines. The lawsuit (Banfield v. Cortes) was filed in 2006 by 24 state residents. It argued that the state's election system does not retain a physical record of votes, and suffered from a "lack of meaningful and appropriate security measures." The plaintiffs wanted a system with paper verification of each vote.
But the response by Pennsylvania was to spend nearly 10 years fighting this lawsuit, even as other states reversed course on touch-screen systems.
In 2007, Maryland, for instance, decided to replace touch-screen terminals. Budget issues delayed rollout until 2014, but when Maryland voters head to the polls in November they'll be filling out paper ballots that are fed into an optical-scanner system.
Pennsylvania argued in court, in part, that the electronic voting records were permanent records. The court agreed.
Sign up for CIO Asia eNewsletters.