Experts: State should audit election results

Michael Gerstein
The Detroit News
The Federal Bureau of Investigation sent a warning to state election systems, including Michigan, following the recent cyber-security breaches.

Lansing —Since hackers have targeted the election systems of more than 20 states, cyber-security experts say Michigan should change its policy and routinely audit a sample of its paper ballots to protect against election fraud.

Voter registration lists were hacked recently in Arizona and Illinois. The U.S. Department of Homeland Security would not acknowledge whether those particular systems were breached, but Secretary Jeh Johnson said hackers “in a few cases ... gained access to state voting-related systems.”

The department would not disclose whether Michigan was one of “a large number of state systems” scanned by hackers in preparation for possible attacks, but the Michigan Secretary of State’s office said the state’s voter registration lists have not been targeted or affected.

A Homeland Security official confirmed to the Associated Press that voter registration lists in more than 20 states were targeted in recent months.

Audits in Michigan are only triggered in certain circumstances, according to the Secretary of State’s office. Automatic recounts for presidential ballot results happen when the leading candidates are 2,000 or fewer votes apart, while a losing candidate can request a recount for a district or certain precincts, according to the Secretary of State’s office.


“It should be done routinely in order to provide a strong degree of confidence,” said University of Michigan cyber-security expert Alex Halderman. “That’s an opportunity for Michigan to improve its election procedures. You should audit every election.”

Other cyber-security experts agree, including Michigan State University’s Rich Enbody, Stanford University’s Herbert Lin and experts at the New York University School of Law’s Brennan Center for Justice. Verified Voting, a Carlsbad, California-based advocacy group, also urges stronger elections security requirements.

But the office of Secretary of State Ruth Johnson is already confident in the accuracy of the state’s election results.

“The Bureau of Elections is frequently asked to conduct recounts of offices after primary and general elections. During these hand recounts, the incredible accuracy and integrity of the ballot tabulators is shown time and time again,” Secretary of State spokesman Fred Woodhams said. “The optical scan voting system used in every Michigan precinct has worked well for voters for more than a decade.”

Michigan’s failure to routinely review a statistically valid cross-section of the state’s votes worries cyber-security experts such as MSU’s Enbody, UM’s Halderman and Barbara Simons, chairwoman of Verified Voting’s board of directors and a member of the U.S. Elections Commission’s board of advisers since 2008.

“Even with optical scans, there’s a computer in that machine,” Simons said. “Having paper ballots are really important, but it doesn’t help if you never look at them again. It should be always done.”

Homeland Security’s Johnson said his department is “not aware at this time of any manipulation of data,” but urged state and local election officials to seek the department’s cybersecurity assistance before Nov. 8. Michigan has been in communication with the Department of Homeland Security both directly and by proxy of the National Association of Secretaries of State, Woodhams said.

How Mich. protects system

The state has not made any changes to its elections procedures or systems based on Homeland Security information, he said, because “our systems have not been compromised nor appear to have been targeted by hackers that compromised or attempted to compromise systems in two other states.”


“Our voter system is fully encrypted and is scanned regularly to detect and block intrusion attempts” by information technology professionals, he continued.

In July, about 20,000 emails from the Democratic National Convention were leaked to WikiLeaks, a cyber-attack some experts link to the Russian government. Some emails showed DNC staffers favored Clinton over U.S. Sen. Bernie Sanders and resulted in the resignation of Debbie Wasserman Schultz, the DNC chairwoman.

Republican presidential candidate Donald Trump has said he worries about the general election being “rigged” but not specifically through hacking. Democrat Hillary Clinton has said a Russian cyber attack on the U.S. election system is “almost unthinkable.”

The Federal Bureau of Investigation sent a warning to state election systems, including Michigan, following the recent cyber-security breaches. It prompted Johnson’s office to meet with state Department of Technology, Management and Budget officials regarding the state’s voting system’s security.

Voter information in Michigan like the voter registration lists hacked in Arizona and Illinois is kept at the state level. County and local clerks also keep their own lists, helping to reduce the risk of elections information tampering, Woodhams said.

It is unlikely for the state’s election results to be altered by hacking tabulator machines because they are never connected to the internet for software updates, he said. The machines also are physically secured to reduce the likelihood of tampering.

Memory cards that store ballot data are sealed within the machines and only removed when they are sent to the local city or township clerk’s office, along with a paper readout the machine ejects that can be checked against the digital information, Woodhams said.

Cyber-security experts say the risk of hacking optical scanning machines such as the 10-year-old ones in use in Michigan is lower than that for the five states that use electronic machines without paper ballots: Delaware, Georgia, Louisiana, South Carolina and New Jersey, according to Verified Voting.

The electronic voting machines are more vulnerable to security breaches because there is no paper record and many machines have old software.

Potential targets

Enbody and Halderman agree that the likelihood of Michigan’s results being altered enough to influence the Nov. 8 presidential race is relatively low because the state uses simple ballot tabulator machines that count paper ballots which can then be verified by hand if a recount is triggered.

“Because of its simplicity, that’s almost harder to hack,” Michigan State’s Enbody said. “And we still have the paper record.”

Halderman said “Michigan has among the best class of system” and is thankfully not using “out-of-date touch screen computer voting machines.” The state also will not seek to buy touch screen voting machines when it replaces ailing tabulators for the 2018 election, according to the Secretary of State’s office.

But even automatic audits of paper ballots don’t mean the results are safe from hackers, said Lin, a senior research scholar for cyber policy and security at Stanford University’s Hoover Institution.

“If I’m a hacker, I’m going to exploit the details. Maybe there’s a key, a lock on it that is easily picked and maybe I can get into it,” he said. “It doesn’t mean it’s impossible, but it’s difficult. I would worry less about that than I would about the states” with computerized, digital records. “I suspect you’re safer than Pennsylvania.”

In 2010, Halderman hacked into a Washington D.C., internet-based pilot voting system after well-meaning hackers were extended an invitation to test for system vulnerabilities.

Halderman and his team were able to gain “near complete control of the election server,” according to a paper Halderman authored with other researchers. They were able to change every vote in such a way that elections officials could not detect their hack for “nearly two business days” and even took over security camera feeds, according to the paper.

Lin said audits would be “certainly be better than doing nothing,” but do not prevent possible tampering with a few machines or with the compact disc or USB drive from which a software update to the machines might originate.

“If I were somebody who was determined to hack the election in Michigan, … the voting machines aren’t the place I would attack, he said. “I would attack the voter registration databases.”

Twitter: @MikeGerstein