Georgetown Law
Technology Review

There is no perfect, infallible way to count votes. All methods— including optical scan, touchscreen, and hand counting—are subject to errors, procedural lapses, and deliberate manipulation. Almost all U.S. jurisdictions count their votes using computer-based technology, such as touchscreens and optical-scan machines. Computer-based methods are subject to “hacking,” that is, the replacement of legitimate vote-counting software with a computer program that changes (some fraction of) the votes in favor of the hacker’s preferred candidate(s). Hacking can be performed remotely (even if the machines are supposedly “never connected to the Internet”) and it is very difficult to detect. Voters and election administrators see nothing out of the ordinary.

The vulnerability of computers to hacking is well understood. Modern computer systems, including voting machines, have many layers of software, comprising millions of lines of computer code; there are thousands of bugs in that code.1Estimates of software defect rates range from one per thousand lines of code (in high quality commercial products) down to 0.1 per thousand lines of code in extremely high-quality products (this is at the 90th percentile for the software industry). MEL LLAGUNO, SYNOPSYS, INC., 2017 COVERITY SCAN REPORT: OPEN-SOURCE SOFTWARE—THE ROAD AHEAD 16 (2017), https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/SCAN-Report-2017.pdf [https://perma.cc/H8L3-SADH]. Modern voting machines contain software components such as an operating system (e.g., Windows 7 is fifty million lines of code; or Linux is twenty-seven million lines). USB drivers (common on voting machines) are quite large software components and are riddled with insecurities. Dave Tian et al., SoK: “Plug & Pray” Today – Understanding USB Insecurity in Versions 1 through C, IEEE SYMP. SECURITY AND PRIVACY (2018). Therefore, we can expect 100 to 1000 bugs per million lines of code; some small portion of these are “exploitable vulnerabilities,” that is, an adversary can exploit them to take over the computer and install fraudulent software. A software-based product such as a voting machine can be expected to contain, at any given time, one or more exploitable security vulnerabilities. Some of those bugs are security vulnerabilities that permit attackers to modify or replace the software in the upper layers, so we can never be sure that the legitimate vote-counting software or the vote-marking user interface is actually the software running on election day.2NAT’L ACADS. SCIS., ENG’G, & MED., SECURING THE VOTE: PROTECTING AMERICAN DEMOCRACY 89–91 (2018).

Continue Reading