In the lead-up to every election cycle, the Cybersecurity & Infrastructure Security Agency (CISA) and a multitude of other agencies proactively work to protect our democracy from the influence of cybercriminals. From domestic bad actors to foreign entities, the threats to our digitized election processes originate from all over the globe, including right here in the United States.
To help shed light on this important issue, let’s explore what is being done to protect U.S. election integrity and discuss the four battlegrounds across which the fight for ballot box control will take place.
Voting Machine Village and the DEF CON Conference
Started in 1993, the DEF CON conference is an annual event held in Las Vegas. While the original event was composed entirely of hackers, DEF CON has become one of the most prominent cybersecurity conferences in the world. Each year, journalists, lawyers, federal government employees, students, researchers, computer security specialists, and, of course, hackers attend.
Since 2017, DEF CON has featured Voting Machine Village, an exhibit that includes a wide range of voting equipment, including ballot-casting machines and registration databases. Attendees attempt to circumvent each device’s cybersecurity measures and manipulate the secure data. Year after year, hackers have found vulnerabilities in almost every machine.
Although the results of each Voting Machine Village session are closely guarded, this event has helped voting machine manufacturers identify vulnerabilities and improve election security.
The Four Key US Ballot Box Battlegrounds
While voting machines garner much attention during discussions about digital ballot box security, they represent just one of the four major battlegrounds that must be won to protect U.S. election integrity. These battlegrounds include:
- Voter Registration Systems
Voter registration systems maintain a digital record of voters. The data from these systems are used to generate poll books, which poll station staff use to check people in before they cast their ballots.
Whereas Voting Machine Village features the latest in voter registration technology, many states are still using antiquated solutions to manage voter data. MIT estimates that in 2018, 41 states were using voter registration platforms that were at least 10 years old.
Antiquated software represents an appealing target for hackers, as it often contains a variety of loopholes, vulnerabilities, and bugs that make it more susceptible to a breach.
- Voter Check-in Platforms
Many precinct polling stations use digital poll books, which they access through tablets or other internet-connected mobile devices. These devices are often run using custom software and networked together.
By targeting these digital voter check-in systems, hackers could potentially shut down networks or alter voter records. They could also insert malicious code into the proprietary software, thereby rendering polling stations unable to check in voters.
A coordinated attack across pivotal regions or states could influence the outcome of elections and prevent thousands of registered voters from casting a ballot.
- Voting Machines
There are two main categories of voting machines. The first type is direct-recording electronic (DRE) machines, which display ballot options on a touchscreen and record voters’ selections electronically. The other type scans paper ballots that voters file.
Typically, the data used to program voting machines is stored on a central election office’s servers or on the vendor’s database. The data is then manually transferred to each voting machine using a USB or memory card.
If hackers target the central servers, they can insert malicious code into the core data, and that code will then be spread to all machines that are programmed using that source. Alternatively, hackers can target individual voting machines and alter results.
- Vote Tallying and Reporting Technology
While vote tallying and reporting software is proprietary, it typically runs on standard operating systems. Hackers can target this underlying software and disrupt the function of vote tallying applications, thereby casting doubt on the results of an election.
Attacks against vote tallying and reporting solutions represent one of the biggest threats against the U.S. ballot box. Fortunately, most states check the results from individual precincts against state-wide outcomes as part of their certification process.
As long as the underlying voting process is secure, any confusion created by an attack on vote tallying software could eventually be resolved.
Aristotle’s Role in Promoting Data Integrity
While Aristotle does not produce any voting technologies, we are a leader in political data. Additionally, Aristotle provides clients with access to robust analytics, compliance, and campaign management technologies, which can support your political goals and help you achieve desired outcomes in the upcoming election cycle.
Aristotle maintains some of the largest and most reliable consumer and voter databases in the nation. If you would like to learn more about how we are working to promote and optimize data integrity, connect with our team.
We also invite you to schedule a demonstration of our data management technologies and learn more about how Aristotle can support the success of your campaign.