Data, Election Hacking, and Paper Ballots

Thomas Paine wrote that “the right of voting for representatives is the primary right by which other rights are protected.” Taking away that right reduces us “to slavery” and makes us “subject to the will of another.” Regardless of whether you’re on the left or right, Americans value that kind of autonomy⁠—that we choose the rule makers and enforcers, that we periodically get to choose new ones and whether to retain incumbents. How to protect the integrity of that process, so that its outcomes actually reflect our conscious preferences, seems to be as important a question as any that law and policy makers could ever ask in a democracy.

Data and its processing are commodities and conduits of power, and because of this, there will always be attempts to steal and manipulate them. Our SEO client Accurate Append, a phone, address, and email contact data vendor, recently wrote about the danger of fake data, and hacked elections are a manifestation of the same overall aim: to distort the will of voters and undermine people’s participation in civil society.

For people who work on improving the electoral process, and those of us offering services for candidates and leaders to better reach voters, this is also a question of professional importance. It’s personally frustrating for those who offer data, analytics, other informational services that help campaigns learn more about their constituents. Hacking undermines the effort to construct electoral strategies commensurate with the needs and perspectives of the real people who are voting.

News media is buzzing that Senate Majority Leader Mitch McConnell is blocking legislation to address election hacking at the federal level. And states are not moving either. The Verge reports that although progress has been made on moving back to paper ballots (only 8 states remain paperless now compared to 14 in 2016), “most states won’t require an audit of those paper records, in which officials review randomly selected ballots⁠—another step experts recommend. Today, only 22 states and the District of Columbia have voter-verifiable paper records and require an audit of those ballots before an election is certified.” As we’ll shortly explain, that extra verification step is necessary because even paper ballots are vulnerable to manipulation.

Much of what we know about the ability to hack into things like elections is due to the efforts of organizational hacking conferences like DefCon, which gathers experienced hackers at conferences to discuss the ways that security may be open to breach.

The work they do, which was featured at a recent annual conference, is fascinating. In addition to election hacking, which we’re discussing here, hackers and scholars of hacking research things like whether AI and robots are subject to sabotage via electromagnetic pulse (EMP). It all feels very James Bond. But the most immediately relevant stuff is voting machines, systems, and databases⁠—all set up as the “Voting Village” at the conference, with the aim of promoting “a more secure democracy.” These “good guy” hackers find ways to remotely control local voting machines, “the innards of democracy,” so that the public can be aware of potential threats and constantly demand solutions. As one hacker put it, “these systems crash at your Walmart scanning your groceries. And we’re using those systems here to protect our democracy, which is a little bit unsettling. I wouldn’t use this . . . to control my toaster!”

This work is important even if all states switched back permanently to paper ballots, because some kind of technological facilitation, intervention, and processing is inevitable, and as long as such activity contains data shared between machines, it’s subject to outside sabotage or manipulation. Freedom to Tinker has an outstanding list of the ways this could happen in a paper system. Hackers could hack the software used in the auditing and recount processes, and avoiding the use of computers during that process is impractical in contemporary society. “For example, we may have print a spreadsheet listing the “manifest” of ballot-batches, how many ballots are in each batch; we may use a spreadsheet to record and sum the tallies of our audit or recount.  How much of a nontrivial “business method” such as an audit, can we really run entirely without computers?”

Of course, as the article adds, one could simply manually manipulate the recount process with a “bit of pencil lead under your fingernail,” but at least at that point there would be people to catch locally doing such things. The call for “careful and transparent chain-of-custody procedures, and some basic degree of honesty and civic trust” is easier to enforce in person than across bytes, air, and cables. In the meantime, though, paper ballots aren’t perfect, but they are the cornerstone of addressing current threats to election integrity.