Amid questions of election security and potential system hacking in the upcoming midterm elections, Engineering prof. J. Alex Halderman spoke at the University of Michigan Alumni Center Thursday night about vulnerabilities in U.S. voting systems. Last June, Halderman appeared before the Senate Select Committee on Intelligence to testify about such.
“Hacking the Vote” was presented by the Alumni Association, the Center for Local, State and Urban Policy, the Gerald R. Ford School of Public Policy and the College of Engineering. Halderman, who has studied voting systems for over a decade — and last made news on campus when his email was spoofed in a racist email scandal — was joined by LSA professor Walter Mebane, an expert on detecting electoral fraud. Steve Friess, a former Knight-Wallace fellow and freelance journalist, moderated the discussion.
The professors discussed the reasoning behind election security, past and current issues with voting systems, public response to elections and recounting votes and the federal government’s role in making elections more secure. They also touched on voter registration system issues, election audits, the 2016 presidential election and their experiences with research.
“The Russians who hacked into state election systems and voter registration systems in several states in 2016, they had the ability to go much farther than they did,” Halderman said. “They chose not to pull the trigger. We’re right back in that position we were in in 2016. The question is not whether we’re safe because we’re not safe. The question is, are our adversaries going to decide to pull the trigger?”
In addition to his six-minute testimony in June, Halderman has returned to the Capitol frequently to discuss the $380 million in funding for states to modernize and secure their equipment with state legislatures and congressional staff. Halderman has also assisted Sen. Richard Burr, R-N.C., on an election reform package.
According to an article in the Michigan Alumnus, Halderman said he was inspired to look into voting machines during a question-and-answer session in an Introduction to Computer Science class. Afterwards, he appeared with a United Nations ambassador to explain the Internet Freedom Technology Showcase and “refraction networking” — a way to allow users access to banned networks and services while tricking the computer into thinking they have not been granted access — in 2015. Halderman went on to lead a coalition funded by the State Department on the concept.
“We’re much better at seeing unsuccessful intrusions than successful intrusions,” Halderman said. “It’s silly to know someone is trying to get in — you see someone jiggling the lock — but, if they found an open window on the side of the basement and climbed in through it where you didn’t have a sensor, well, you wouldn’t know that by monitoring the front door.”
Mebane focuses his research on “election forensics” — a term he created — with the goal of creating tools for detecting anomalies and fraud in voting. He said he uses statistical methods to look for patterns to see if voting reflects the intentions of the voters in elections around the world.
He was specifically asked about his experience helping with voting security in Kenya last year and in the 2004 presidential election in Franklin, Ohio. Mebane said he did research on the Kenya election and recommended it should be annulled, with the Kenyan Supreme Court agreeing. He said election and voter registration data in the U.S., however, is more difficult to attain.
“The hard part is proving when something is unusual or when something is an anomaly … Is that due to fraud or is that due to just regular politics?” Mebane said. “Statistical methods can tell us when the votes are switched, but you can’t tell who switched them, and it makes a big difference if the voters switched them through strategic consideration compared to some bad guy switching them.”
In Michigan, Halderman said people vote on paper, but only a few companies handle counting of the votes. If the software is bugged, a hacker could alter election results without touching any machines. He noted the state uses paper ballots, has an automatic recount law and is making progress in better securing its voting systems.
One possible system for confirming election accuracy Halderman and Mebane discussed is a risk-limit audit. This system, which is currently in place in three states, requires manually counting a random sample of ballots until there is enough evidence that the outcome is correct or the risk limit is met.
“We want to check whether the paper and the computer agree,” Halderman said. “The really neat thing is that by how many pieces of paper you have to look at can be quite small if the election wasn’t close or the election was a landslide.”
The main problem with election vulnerability is the societal reactions post-election. Halderman said many people, including those who supported the losing candidate, prefer to move forward than recount ballots and question results. While he said it isn’t difficult to ensure election security, states must make it a high priority and the federal government needs to set stricter procedures.
Rackham student Adam Hall, who worked under Mebane as a graduate student instructor, said the midterm elections increased his interest in election security, and hope the changes Halderman and Mebane discussed are implemented.
“I was interested in seeing how the methods he uses to detect potentially fraudulent elections worked and what the basis of that was,” Hall said. “Both of the presenters were very well learned and had a lot of interesting things to say, and just that I hope that a lot of the people who are in charge of making the kinds of changes they recommended are able to do that before the next election or, if that’s not feasible, shortly thereafter.”
Near the end of the event, Halderman said though progress is being made, new procedures are necessary to detect issues in voting security. He also said while it is easy for hackers to hide their work, it is fairly easy for the government to ensure certainty in results by using new methods to count and check ballots.
“If an attack takes place, we won’t necessarily see the physical evidence," Halderman said. "The physical evidence that it took place is a discrepancy between what’s written on a piece of paper and what a computer total of that paper says. Because elections are so complicated, they’re so noisy, because the hackers can hide their traces in various ways, we won’t necessarily see when something like this happen for the first time. We've got to be ready.”